Next Generation IPS and Reputation Services

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Next Generation IPS and Reputation Services"

Transcription

1 Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1

2 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become an effective and required ingredient for many aspects of security. Using a large database of known suspicious or bad source IP addresses, even URLs, has made dramatic improvements to spam filters and web security gateways. Now reputation is beginning to be used to improve the effectiveness of Intrusion Prevention Systems (IPS). How these systems employ reputation will be the determining factor in the success of any IPS solution. Anti-spam vendors have long used reputation. Through a series of honey pots, accounts set up to capture spam samples it is possible to quickly identify the sources of spam, usually infected hosts belonging to consumers with broad band access. The behavior of such a spam bot is easy to identify as it spews millions of spam messages. Once identified it is simple to quickly update anti-spam solutions with a list of spam sources that are automatically blocked. This saves on processing requirements as the individual messages do not need to be investigated. One of the fastest and thus lowest stress on network gear, functions is dropping connections from a list of sites. Secure web gateways also rely on reputation to quickly identify sources of malware and block access to URLs that are known to contain malware. Discovering malicious URLs, however, needs a different approach. Honey pots, passive accounts, are not effective at discovering sources of malware. Likewise, a web crawling robot which follows links such as Google is not effective. Most reputation services for identifying malicious sites relies on a large install base of deployed appliances that report new URLs and their associated behavior back to a central database for automated inspection backed up by teams of researchers for those sites that defy automated analysis. Through this technique a realtime list of bad URLs is formed and pushed back out to the secure web gateways for blocking. However, signatures that are written to be general purpose and block based on a category of potential exploits against known vulnerabilities can cause false positives and thus block legitimate connections. While IPS vendors strive to reduce these false positives and increase the effectiveness of their signature bases they are also beginning to borrow from the success other solutions have had with reputation. An example of how reputation services could protect an organization is provided by the recent attack against NASDAQ s Director s Desk service. The Director s Desk is a service that NASDAQ offers to public companies whose stock is traded on the NASDAQ exchange. Directors Desk is a third party hosting solution for critical documents and communication generated by the boards of over 230 companies. There are over 10,000 users of the service. In February, 2011 it was revealed that malware had been inserted into the Director s Desk portal. This is a common 2011 IT-Harvest 2

3 way for attackers to target high-value users. In this case, the users were high value in that they had access to valuable inside information and from a cyber criminal s perspective were likely to engage in high value transactions on other platforms such as banking and stock trading sites. Infecting their machines to garner additional information on target organizations or steal access credentials would justify the attack. Similar infections through ad serving sites have been recorded. An IP reputation service, once the NASDAQ site had been identified as compromised through either publication or detection by continual IPS reputation evaluation, would have given system administrators early warning of the attack. Reputation, if properly executed, can improve both the performance and accuracy of modern IPS solutions. Developing a reliable, scalable, and effective reputation service is the key to effective IPS and will quickly become a required function in next generation IPS. This paper examines the IPS solutions that have begun to use reputation services, looking specifically at flexibility, effectiveness and performance. Of note, there are a number of IPS vendors that were not included in this study due to lack of a reputation solution. Cisco Cisco acquired IronPort, an gateway antispam and protection vendor in IronPort's strongest feature was the use of reputation to enhance the speed and accuracy of spam blocking. Cisco has incorporated some of Iron Port's technology in their IPS which is included in the Cisco ASA gateway device (note that the ASA is a firewall with a separate card that can be configured to provide anti-virus delivered from Trend Micro Systems, or their own IPS service). Cisco's Global Correlation is a cloud based store of of sources of attacks and provides threat scores from 1 to 10. Like all reputation services it can also incorporate the feeds of known sources of attacks and command and control servers that is provided by open source and private research teams. Cisco derives reputation from its Sensor Base: all the IPS, firewall, web proxies, and IronPort gateways that have enrolled. The assigning of reputation scores from 1-10 is done automatically in the Cisco Security Information Operation (SIO), a cloud hosted database of signatures and reputations. Cisco IPS is available in stand alone appliances IPS 4200 series and in Advanced Inspection and Protection (AIP) Security Service Modules or Security Service Cards (SSM or SSC) in the Cisco ASA 5500 series. Cisco Global Correlation is an update feed of IPS signatures delivered every 3 to 5 minutes for low bad reputations and immediately for any reputation data scored from 8 to 10. Cisco IPS scores threats from 1 to 10 and in version 7.0 for the Cisco IPS appliances and 8.2 for ASA appliances reputation is used to enhance those scores. However, direct visibility into reputation scores for particular IP addresses is not available and rules cannot be written taking advantage of reputation IT-Harvest 3

4 HP TippingPoint is the IPS technology that HP acquired along with 3Com in The HP TippingPoint Reputation Digital Vaccine (RepDV) is a product of HP DVLabs. Globally deployed sensors in their ThreatLinQ network as well as customer IPS appliances participate in providing a constant stream of known attacks and misbehavior on the part of IP addresses. A threat score of 1 to 100 is applied and IPS devices receive a constantly updated feed of both IP addresses and domains with associated threat scores. The data base is aged and refreshed quickly (every two hours) which avoids unwarranted black holing of innocent IPs. The HP TippingPoint RepDV service is the most feature rich reputation service we have investigated for IPS. In addition to the IP and domain reputations, an administrator can choose to block entire ranges of IP addresses based on country. Feeds are incorporated from numerous sources including open source, SANS, and the ThreatLinQ database. Customers can use the capability to add their own blacklists or modify feeds by whitelisting sources. Customers also have access to the ThreatLinQ library of threat data to help understand why a particular IP address or domain has received is score. Reputation feeds are tagged with additional information that assists in setting policies. The source of the feed is one such tag so, for instance, one could choose to apply one policy to threats reported by SANS and another policy to an internally generated blacklist. A critical capability that is rapidly becoming one of the most important functions for IPS devices is the ability to detect and block communication from inside a network to known bad IP addresses. This anti-botnet feature, often called beaconing detection, is one of the most powerful tools for countering Advanced Persistent Threats that have managed to infiltrate a network and exfiltrate data to command and control servers of cyber criminals or state sponsored industrial spies. Juniper Networks Juiper Networks is another IPS vendor that has incorporated IP reputation into their IPS appliances. Each deployed appliance can report back to the cloud new suspicious sources of attacks which get incorporated into the threat database and pushed to all appliances that are subscribed to the service. Juniper's management interface does not provide much visibility into how reputation is applied to come up with risk scores and there is no ability for the administrator to add or change reputation rules IT-Harvest 4

5 Toplayer TopLayer is an IPS and DDoS mitigation vendor. They depend on the SANS Dshield service which collects log data from IDS sensors deployed around the world which TopLayer uses to create a list of IP addresses that are behaving poorly and then provides a feed to its IPS 5500 ap-pliances. Customers can choose to block traffic from those IPS addresses. This provides the benefit of improving performance by reducing the amount of traffic the IPS has to inspect. Threat scores are not created so the service is binary in nature; either allow or deny with no in-herent ability to provide better judgement to IPS decisions, thus it is not a full implementation of IPS reputation services. McAfee McAfee s IPS product is the Network Security Platform. It is an in-line appliance based on the technology acquired when they purchased Intruvert. McAfee has incorporated reputation services derived from their Global Threat Intelligence network connection reputation service. Data is collected from a global network of participating devices and assigned a threat score based on as-sociation with bad behavior such as participation in a botnet or DDoS attack. IPS administrators can use these threat scores to determine what action to take based on policy. McAfee shares with TippingPoint the ability to block communication to Command and Control servers by Advanced Persistent Threats. IBM IBM ISS global filter database is one of the largest environments for cataloging and ranking the reputations of domains, URLs, and malicious content. It is comprised of over 1,000 clustered CPUs. It combines web crawling with open source lists as well as custom lists created from input from their X-Force research team. Customers can elect to set their IBM security products to report unclassified URLs too. The core technology of the global filter database was acquired by ISS in 2004 with the purchase of the German company Cobion, an early innovator in the automatic classification of web sites. The reputation data base sends updates to IBM Security s web and filtering products. While the IBM Security IPS products, which are stand alone IPS appliances, do not receive these updates, the IBM Proventia Multifunction Security Appliance does. The reputation scores are used to block spam and update the URL Content Filtering services of this UTM device IT-Harvest 5

6 CRITICAL FEATURES OF REPUTATION ENHANCED IPS As reputation becomes recognized as a game changing way to enhance the efficiency, reliability, and effectiveness of IPS products IT-Harvest has identified the following components of best in class use of reputation for IPS. Reputation intelligence gathered from customer networks. IPS appliance vendors have the opportunity to collect reputation from their deployed base. The size and distribution of that base is key to feeding the reputation database and enhancing negative reputation scores. Customer networks see real attacks coming from malicious source IP addresses. This capability, by a vendor, is much more effective than web crawlers or honey pots. Feeds from 3rd parties. There are many open source lists of malicious hosts, and command and control servers, such as: Spamhous, the Domain Name System Real-time Black List, and ShadowServer.org. A key feature is the ability to accept feeds from these organizations into the IPS reputation service. Policy based on reputation score. Every IPS needs tuning based on the types of assets being protecting within an organization as well as the types of services and attacks that need to be allowed or denied. Setting policy based on a the scoring provided by the reputation service enhances the administrator s ability to eliminate false positives and ensure blocking of as much suspicious traffic as possible. Knowledgebase. It is valuable to understand the reputation scores of individual attack sources. The vendors should make it easy to navigate their knowledgebase in order for the administrator to have full knowledge of the reason a particular score is assigned. Customer blacklists/whitelists. Every environment will encounter special use cases where wither adding particular IP addresses (black listing) or allowing IP addresses (whitelisting) is required. This level of customization is required to enhance the usability of reputation services IT-Harvest 6

7 FEATURE CISCO JUNIPER McAFEE IBM TopLayer HP Intel from own devices Feeds from 3rd parties Policy based on reputation score Knowledge base Customer black listing/ white listing CONCLUSION An effective reputation service must have three primary qualities to enhance IPS catch rates, and throughputs. First is the quality and number of deployed sensors that capture and report attack sites. Second is the research and automation that turns those reports into a stream of constantly updated sources. Finally is the management interface that allows flexibility in applying reputation. From our investigation of available data HP Networking's TippingPoint IPS solution makes the best use of IPS reputation. REFERENCES IBM ISS global filter database content analysis technology fid=gtw03026usen&attachment=gtw03026usen.pdf IBM Security Network Intrusion Prevention System data sheet mlfid=wgd03002usen&attachment=wgd03002usen_hr.pdf Spam realtime black lists. Shadowserver.org NASDAQ Director s Desk exploit. Security+-+Sophos% IT-Harvest 7

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

Cisco Remote Management Services for Security

Cisco Remote Management Services for Security Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based

More information

Cisco Security Intelligence Operations

Cisco Security Intelligence Operations Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,

More information

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall

More information

IT Sicherheit im Web 2.0 Zeitalter

IT Sicherheit im Web 2.0 Zeitalter IT Sicherheit im Web 2.0 Zeitalter Dirk Beste Consulting System Engineer 1 IT Sicherheit im Web 2.0 Zeitalter Cisco SIO und Global Threat Correlation Nach dem Webinar sollte der Zuhörer in der Lage sein:

More information

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Unified Security Management and Open Threat Exchange

Unified Security Management and Open Threat Exchange 13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Cisco RSA Announcement Update

Cisco RSA Announcement Update Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of

More information

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line

More information

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity Threat Intelligence for Dummies Karen Scarfone Scarfone Cybersecurity 1 Source Material Threat Intelligence for Dummies ebook Co-authored with Steve Piper of CyberEdge Group Published by Wiley Sponsored

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Whose IP Is It Anyways: Tales of IP Reputation Failures

Whose IP Is It Anyways: Tales of IP Reputation Failures Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story

More information

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

Securing Cloud-Based Email

Securing Cloud-Based Email White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 職 稱 : 技 術 顧 問

聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 職 稱 : 技 術 顧 問 聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 主 講 人 : 廖 國 宏 Jerry Liao 職 稱 : 技 術 顧 問 Each attack instance can be slightly different 攻 擊 模 式 有 些 微 的 不 同 Domains are rotated in days, even hours 攻 擊 主 機 位 置

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered

More information

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

Security Intelligence Blacklisting

Security Intelligence Blacklisting The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence

More information

Braindumps.700-295.50.QA

Braindumps.700-295.50.QA Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

SourceFireNext-Generation IPS

SourceFireNext-Generation IPS D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture

More information

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer

More information

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Eight Essential Elements for Effective Threat Intelligence Management May 2015 INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

More information

Securing Virtual Environments

Securing Virtual Environments Securing Virtual Environments Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 INTRODUCTION Virtualization is sweeping through computer architectures. The benefits of running multiple

More information

IndusGuard Web Application Firewall Test Drive User Registration

IndusGuard Web Application Firewall Test Drive User Registration IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015 Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS

More information

Cisco Reputation Filtering: Providing New Levels of Network Security. Solution Overview

Cisco Reputation Filtering: Providing New Levels of Network Security. Solution Overview Solution Overview Table of Contents Executive Summary...3 Dangerous Threats on the Rise...3 Traditional Defenses Unequal to the Level of Sophisticated Attacks...4 Cisco s Response Cloud-Based Global Intelligence

More information

ThreatSTOP Technology Overview

ThreatSTOP Technology Overview ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds

More information

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE Strategic Anti-malware Monitoring with Nessus, PVS, & LCE August 2, 2012 (Revision 2) Copyright 2002-2012 Tenable Network Security, Inc. Tenable Network Security, Nessus and ProfessionalFeed are registered

More information

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009 Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution.

Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution. Security capabilities To support your business objectives Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution. Preemptive protection and spam control

More information

Symantec Advanced Threat Protection: Network

Symantec Advanced Threat Protection: Network Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced

More information

Zscaler Internet Security Frequently Asked Questions

Zscaler Internet Security Frequently Asked Questions Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices

More information

IBM Internet Security Systems

IBM Internet Security Systems IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module The Cisco Advanced Inspection and Prevention Security Services Module (AIP-SSM) for the Cisco ASA 5500 Series Adaptive

More information

DYNAMIC DNS: DATA EXFILTRATION

DYNAMIC DNS: DATA EXFILTRATION DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to

More information

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc. The Latest Internet Threats to Affect Your Organisation Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc. Agenda Spam Trends Staying Ahead Blended Threats Spam Trends What Do Dick Cheney & Bill

More information

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

Cisco EXAM - 300-207. Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product. http://www.examskey.com/300-207.html

Cisco EXAM - 300-207. Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product. http://www.examskey.com/300-207.html Cisco EXAM - 300-207 Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product http://www.examskey.com/300-207.html Examskey Cisco 300-207 exam demo product is here for you to test the quality

More information

Security Administration R77

Security Administration R77 Security Administration R77 Validate your skills on the GAiA operating system Check Point Security Administration R77 provides an understanding of the basic concepts and skills necessary to configure Check

More information

IBM Security X-Force Threat Intelligence

IBM Security X-Force Threat Intelligence IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

IBM Internet Security Systems products and services

IBM Internet Security Systems products and services Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure

More information

APPLICATION PROGRAMMING INTERFACE

APPLICATION PROGRAMMING INTERFACE DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With

More information

Cisco & Big Data Security

Cisco & Big Data Security Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Technology Blueprint. Protect Your Email. Get strong security despite increasing email volumes, threats, and green requirements

Technology Blueprint. Protect Your Email. Get strong security despite increasing email volumes, threats, and green requirements Technology Blueprint Protect Your Email Get strong security despite increasing email volumes, threats, and green requirements LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking rgeorgiev@hp.com

HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking rgeorgiev@hp.com HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking rgeorgiev@hp.com The Network Infrastructure Has Revolutionized Mainframe Client/Server Web Computing Mobile

More information

Joshua Beeman University Information Security Officer October 17, 2011

Joshua Beeman University Information Security Officer October 17, 2011 Joshua Beeman University Information Security Officer October 17, 2011 1 June, 2011- NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon

More information

Cloud Services Prevent Zero-day and Targeted Attacks

Cloud Services Prevent Zero-day and Targeted Attacks Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting

More information

Veranderende bedreigingen Security in het virtuele datacenter

Veranderende bedreigingen Security in het virtuele datacenter Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright Fortinet Inc. All rights reserved. Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

REPUTATION-BASED MAIL FLOW CONTROL

REPUTATION-BASED MAIL FLOW CONTROL WHITE PAPER REPUTATION-BASED MAIL FLOW CONTROL Blocking Extreme Spam and Reducing False Positives Blocking unsolicited commercial email or spam is an increasingly important but difficult task for IT staff.

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall

More information

WhatWorks in Detecting and Blocking Advanced Threats:

WhatWorks in Detecting and Blocking Advanced Threats: WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

IDS or IPS? Pocket E-Guide

IDS or IPS? Pocket E-Guide Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly

More information

Security Without Compromise: Context-Aware and Adaptive Next-Generation Firewalls

Security Without Compromise: Context-Aware and Adaptive Next-Generation Firewalls Fast Facts In 2012, 9 billion devices were connected to the Internet, and 50 billion are projected to be connected by 2020. Global data center traffic is expected to quadruple over the next five years,

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

POLIWALL: AHEAD OF THE FIREWALL

POLIWALL: AHEAD OF THE FIREWALL POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and

More information

Intelligent. Data Sheet

Intelligent. Data Sheet Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Open Source Software for Cyber Operations:

Open Source Software for Cyber Operations: W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate

More information

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional

More information

GOING BEYOND BLOCKING AN ATTACK

GOING BEYOND BLOCKING AN ATTACK Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version

More information

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner SR B17 The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner Director - Engineering, Global Intelligence Network Symantec Intelligence Group Agenda 1 2 3 5 Symantec Intelligence

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

Intelligent Threat Management TM Coupled with Automated Threat Management

Intelligent Threat Management TM Coupled with Automated Threat Management Intelligent Threat Management TM Coupled with Automated Threat Management Identifies and Stops not only the known events but the Mutated or never before seen events Abstract Intelligent Threat Management

More information