Whitepaper SSL Decryption: Uncovering The New Infrastructure Blind Spot
|
|
- Darlene Green
- 8 years ago
- Views:
Transcription
1 Whitepaper SSL Decryption: Uncovering The New Infrastructure Blind Spot Since the mid-90 s, users transacting on the internet have been assured of security by the lock icon displayed on their browser and URLs that begin with https. These indicate secure websites that support the Secure Sockets Layer (SSL) internet protocol. These SSL sessions protect sensitive information such as credit card numbers and login credentials for , e-commerce, voice-over-ip (VoIP), online banking, remote health, and other critical services, from unauthorized or malicious parties. Yet, the security stakes have been raised multiple fold with more organizations adopting cloud computing. In a Cloud Security Alliance survey 1, 73% of respondents indicated that security concerns held back cloud projects. Decisions concerning security of data in the cloud have also shifted from the IT room to the boardroom for 61% of companies. Indeed, top executives have seen the impact of high-profile data breaches on not only company reputation and balance sheets but also their jobs. Encryption Primer To ensure security in the cloud, SSL encrypts data in connections between a web server and a browser. When one connects to a secure website via a browser, data sent or received from the remote web server is encrypted by a public key infrastructure (PKI). In the PKI, a Certificate Authority (CA) issues a root certificate an unsigned public key certificate or a signed certificate. The web server has the public certificate or a public key. It also has sole access to a private key. Simply put, the public key is used to encrypt data while only the private key is used to decrypt data. The public keys are visible at the start of the transaction, but the administrator controls access to the private keys. Within SSL secure connections, a web browser uses root certificates to verify identities and establish trust. The ITU-T X.509 standard certificate, for example, includes a digital signature from a CA. SSL Vulnerabilities But high-profile vulnerabilities, such as the Heartbleed bug, which exposes web server memory protected by the OpenSSL software to theft, have stoked concerns and fuelled threats SSL was supposed to curb. The Heartbleed bug, which has been present since 2011, is a serious threat because OpenSSL is used by some 20% of the world s web servers. Such vulnerabilities enable cyber criminals to gain access to keys and certificates and bypass SSL protection based on encryption and signatures in the X.509 certificates. Moreover, another trend spells trouble ahead. According to an independent study by NSS Labs 2, 25% to 35% of enterprise traffic is currently being carried over encrypted connections, of which a growing proportion are within SSL. That traffic segment continues to grow every month. And hackers and cyber criminals are increasingly using these SSL sessions to dodge network security defenses. These threat actors exploits stem from inline and out-of-band security tools either lacking the ability to see inside the encrypted sessions or end up with performance degradation of up to 80% from processing SSL traffic. Gaps in Tool Capabilities Although inline devices such as application delivery controllers and firewalls integrate SSL support, out-of-band monitoring and security tools often do not have the ability to access decrypted traffic. 1 Coles, Cameron. (2015, Jan. 12) CSA Survey: Security of Cloud Data Now a Board-Level Concern. Cloud Security Alliance Industry Blog. 2 Pirc, John W. (2013) Analyst Brief: SSL Performance Problems. NSS Labs. 1
2 But even inline technologies such as SSL proxies and application load balancers that provide SSL decryption lack the scalability to handle traffic from multiple TAPs across the network or to filter and replicate decrypted traffic to multiple monitoring tools. With limited extensibility, increasing SSL throughput often requires hardware upgrades. In addition, these tools also lack visibility functionality or traffic intelligence for non-encrypted traffic. The situation will worsen as certificate authorities implement longer keys such as 256-bit SSL encryption based on a 2048-bit key which will increase the compute load for SSL decryption. Furthermore, not knowing which applications are running over the network hampers the ability to monitor application performance and network usage patterns. When SSL traffic is allowed to flow uninspected, this creates a potential security loophole. Hence, analysts at Gartner believe that more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls in 2017, up from less than 5% today. 3 Harm will come from hackers and nefarious actors hiding threats, such as the Zeus botnet, in SSL sessions that have been largely considered safe. This makes uncovering attacks hiding in threat sources like SSL sessions an essential component of enterprise security. Organizations must develop visibility into these sessions so network security and analytics tools can monitor encrypted traffic and detect threats hidden within them. Why SSL Decryption Organizations should analyze their architecture and environment to determine the security risks due to uninspected encrypted network traffic. As more of enterprise network traffic is encrypted, organizations have to identify and seal gaps in defense-in-depth effectiveness. Without a traffic decryption plan, organizations will not be able to see and stop malware activity that comes through encrypted connections. To alleviate critical blind spots created by encrypted traffic flowing through the IT infrastructure, organizations need innovative visibility solutions with the capability to decrypt SSL sessions at high performance. A traffic decryption strategy can bolster protection of endpoints and DMZ servers from threats in outbound and inbound traffic. SSL decryption can be applied to: Malware detection It prevents malware from exploiting a host using SSL transactions Data loss prevention (DLP) It prevents confidential data and files from being encrypted and leaked via malware or a malicious insider using SSL connections Application performance monitoring (APM) It enables proper monitoring of data and allows business applications to use SSL for authentication Cloud services monitoring It helps to differentiate and monitor secure services running in the cloud, including web applications Two types of traffic have to be decrypted so security tools can examine them: Inbound traffic from an external or remote client computer on the internet to an internal server Outbound traffic from an internal client computer to an external server on the internet Decrypting Inbound Traffic When a client device accesses a web server in a data center via the internet, an end-to-end, SSL-encrypted connection is established between the device s browser and the web server. If this link is invisible to network security tools deployed in the data center, the traffic has to be decrypted using two steps: 1. Place a copy of the web server s private key on a decryptioncapable device 2. Store a copy of the data in the decryption-capable device End-to-end data encryption must be maintained to prevent data theft or leakage. Decrypting Outbound Traffic Decrypting outbound traffic requires a different approach. When the server sends its certificate to a browser, the browser decides whether or not it trusts the certificate based on a list of trusted CAs loaded in the device. 3 D Hoinne, Jeremy and Hils, Adam. Security Leaders Must Address Threats From Rising SSL Traffic. Gartner report, 9 Dec
3 However, cyber criminals can exploit decryption of outbound traffic by setting up a decryption device as a CA with the ability to sign certificates and configuring the browser to trust certificates from the decryption device. With the decryption device placed inline between users and the internet, it is ready to intercept any request from users who browse to an encrypted website and pretend to be the web server. At the other end, the decryption device establishes its own connection to the actual web server and controls requests between the user and the server. Protecting Data Confidentiality Many organizations and countries are required to meet strict regulations to protect data privacy. While SSL decryption is critical for security and performance analysis, capabilities must be in place to prevent misuse of decrypted data. SSL decryption can stop outbound malware connections or leakage of sensitive information. But privacy-related laws, regulations, and employee issues can derail an outbound web traffic decryption project. At the workplace, organizations have to manage employees expectations of privacy on the corporate network or help employees understand the importance of SSL decryption in protecting the business. At the same time, existing privacy and network usage policy has to be reviewed and updated, if necessary, to facilitate SSL decryption. Privacy Concerns The critical task is to ensure that sensitive user data contained in SSL traffic remains secure. For example, decrypted packets can be sliced to remove irrelevant or private payload data, or fields within the payload can be masked. By doing so, the monitoring and security tools do not store, read, or analyze private data. This simplifies the auditing process for organizations challenged to maintain user privacy and comply with rigorous regulatory compliance imposed by PCI-DSS, HIPAA, SOX, and the GLB Act. Security Compliance To maintain security compliance in cloud environments, proper handling of private encryption keys is just as vital as data protection and encryption. Whenever a user accesses a cloud service or application, the public and private keys are used and put at risk. These challenges have driven Gigamon to introduce the industry s first and only visibility solution with integrated SSL support. Gigamon s innovative GigaSMART traffic intelligence application features are built into hardware to decrypt SSL sessions at high performance. This serves the demand for deeper insight into the critical blind spots to help expose hidden security threats or network performance issues. The GigaSMART Difference Unlike what other visibility solutions offer, the GigaSMART application delivers SSL decryption as a common service to connected security and performance management tools so the tools can function at full performance. The offloading of SSL decryption also eliminates the need to have multiple decryption licenses for multiple tools. After all, a security appliance with integrated SSL decryption, for example, does not benefit other tools, such as application performance monitoring. Gigamon can supply decrypted traffic to multiple tools simultaneously, maximizing the overall efficiency, security, and performance of the infrastructure. An associated benefit of this approach is that the private keys can now be securely uploaded to just the visibility infrastructure instead of sharing it with multiple tools. It also delivers to IT and security administrators the right level of visibility into traffic, including SSL-encrypted segments that are at the heart of today s cloud infrastructures. GigaSMART decrypts the packets and sends the traffic to multiple out-of-band tools, including intrusion detection (IDS), data loss prevention, and application performance monitoring for analysis. High-performance Engine Hardware accelerators drive the GigaSMART modules highperformance compute engines when handling SSL traffic. Another key advantage is that SSL decryption is not limited to specific ingress ports or where the GigaSMART engine is located. The out-of-band Gigamon Visibility Fabric can deliver the decrypted traffic by GigaSMART from the production network to the tools required to monitor and manage IT infrastructure. Any traffic received on any network port of the Gigamon visibility nodes can be decrypted and sent to any tool port in the cluster. This is an important attribute because not every node in the cluster needs to have the SSL decryption capability. It also avoids the need to unnecessarily install SSL decryption appliances at various points in the infrastructure, saving cost and bringing efficiency. The cluster provides the necessary reach of the visibility infrastructure and SSL decryption can then be selectively applied to any traffic that enters the visibility infrastructure. 3
4 More GigaSMART modules can be added to the cluster to scale SSL decryption throughput up, allowing inspection to grow as SSL processing needs increase. The Steps to SSL Decryption Privacy Measures After traffic within the SSL session is decrypted, other GigaSMART applications are available to modify, manipulate, transform, and transport traffic from the network to connected management, monitoring, and security tools. A combination of these applications can be applied to different traffic profiles to maximize security. For example, SSL traffic can be decrypted and then masked so confidential information like passwords, financial accounts, or medical data can be hidden in compliance with SOX, HIPAA, PCI and other regulations. Security Compliance The key capabilities of Gigamon s holistic platform-based approach are designed to harness SSL decryption to solve visibility challenges. With access to bidirectional traffic, Gigamon s Visibility Fabric observes the exchange of public keys at the start of a transaction. Once the administrator loads the private keys, they are securely stored on the system. These private server keys are encrypted and protected by role-based access controls. Tap the network and connect it to Gigamon s Visibility Fabric. Select which flows to monitor and the GigaSMART engine will identify the exchange of public keys at the start of the transaction. The private keys, which have been uploaded by the administrator, are encrypted and stored under tight password and role-based access controls. GigaSMART then uses the private and public keys to decrypt the SSL traffic. The clear packets can be sent directly to your monitoring tools or additional Flow Mapping and GigaSMART operations can be applied. 1 That means Gigamon only allows keys to be uploaded, changed or deleted by users designated by the administrator. The keys are encrypted using a special password, which is distinct from the generic system admin password. 3 2 Visibility Fabric 4 Steps to SSL Decryption and Active Visibility Figure 1 shows the steps describing how SSL decryption is carried out via GigaSMART technology: In the final step, network managers can apply a combination of GigaSMART operations or use Gigamon s Flow Mapping technology to finely filter and forward traffic to specific monitoring tools. The latter is done through thousands of map rules or criteria based on over 30 predefined Layer 2, Layer 3 and Layer 4 parameters including IPv4/IPv6 addresses, application port numbers, VLAN IDs and MAC addresses, as well as custom rules that match specific bit sequences in the traffic streams. Additional filter criteria can be set up based on user defined attributes or even based on content inspection for specific patterns. Leveraging GigaSMART traffic intelligence is also a key step toward Gigamon s Active Visibility for Multi-tiered Security architecture. As part of the Gigamon Visibility Fabric, GigaSMART technology extends the intelligence and value of the architecture with expanded visibility; high-precision NetFlow-generated data on traffic flows and usage patterns across systems; improved tool performance; privacy protection; and easier regulatory compliance. The Steps to SSL Decryption 1. Tap the network and connect it to Gigamon s Figure Visibility 1: The Fabric. steps to SSL decryption 2. Select which flows to monitor and the GigaSMART engine will identify the exchange The architecture s Fabric Manager centrally administers these of public keys at the start of the transaction. capabilities across the Visibility Fabric. Traffic bound for out-of-band 3. The private keys, which have been uploaded monitoring by the administrator, tools can benefit are encrypted from GigaSMART and stored intelligence regardless under tight of where password it entered and role-based the Visibility access Fabric. controls. 4. GigaSMART then uses the private and public keys to decrypt the SSL traffic. 5. The clear packets can be sent directly to your monitoring tools or additional Flow Mapping and GigaSMART operations can be applied. 5 4
5 REST API Closed Loop Monitoring GigaVUE-FM Multi-tiered security appliances (inline or out-of-band) NGFW Core Core Inline Bypass SSL Decryption Generation NetFlow IPS WAF Spine Spine ANTI-MALWARE Leaf Leaf VM VM HYPERVISOR GigaVUE-VM Visibility Fabric IDS DLP NETWORK FORENSICS APT Figure 2: Multi-tiered security supported by Gigamon s Visibility Fabric architecture Key Benefits for the Cloud The growing adoption of cloud computing be it public, private, or hybrid as an alternative deployment strategy for IT systems disrupts traditional notions of data security. Data center managers have typically secured the entire core infrastructure and the perimeter. Cloud computing and mobility have blurred that perimeter. Meanwhile, a dynamic cloud-based environment calls for agile and efficient allocation of IT resources and investments. For instance, security plans have to clearly distinguish between sensitive and non-sensitive data and how to store and secure them. But while cloud computing has radically changed the way IT services are delivered and managed, the responsibility of securing sensitive data and ensuring compliance to security regulations has to remain with data owners. In essence, the Gigamon Visibility Fabric, built on the GigaSMART traffic intelligence engine and GigaVUE fabric nodes or servers, delivers the very benefits that give data owners the visibility and control to make sound security decisions while fulfilling regulatory compliance. Visibility into encrypted traffic facilitates malware detection, intrusion detection, data loss prevention, and network forensics while at the same time feeds traffic to application performance, monitoring, and customer experience management tools. Integrated SSL inspection in a multi-tiered security solution exposes malware within SSL sessions, forwards traffic that does not match known flows to GigaSMART for decryption, and decrypts traffic from the cloud and/or remote sites. Improved tool performance from offloading SSL decryption to the Visibility Fabric frees tool resources for packet analysis; decryption has to be applied only once for all tools. This method also increases secure management of private keys. A wide array of GigaSMART applications enable IT organizations to apply both Flow Mapping and SSL decryption; obscure private data with packet slicing or masking; use Adaptive Packet Filtering for L7-based packet forwarding; and more. Summary The changing threat landscape, amid growing volumes, velocity, and variety of data and evolving cloud-based infrastructure, are forcing organizations to rethink their approach to security. SSL has become a vital technology for cloud-based services. It has a strong track record for encrypting and authenticating data online but it might not be the silver bullet for cloud security. It severely limits visibility for both performance and security monitoring. The risk around the growing security threat posed by uninspected SSL sessions increases the urgency for inspecting SSL traffic. The ultimate objective is to build trusted cloud services and SSL connections. By supplying clear, decrypted SSL traffic to multiple tools, Gigamon provides immediate value and return on investment in capital expenditure, licensing fees, and management costs. 5
6 Coupled with the full capabilities of Flow Mapping and GigaSMART traffic intelligence, the Gigamon Visibility Fabric allows enterprises to be much more efficient in security management and to view and monitor the traffic that really matters. About the Visibility Fabric The Gigamon Visibility Fabric is a distributed system of nodes that provides pervasive visibility across physical, virtual, and future SDN production networks. The fabric delivers traffic from the production network to inline or out-of-band tools required to monitor and manage IT infrastructure such as security, application and network performance, and user experience monitoring tools. A Visibility Fabric is very different from a traditional network. The Visibility Fabric taps into the production network (be it SDN or traditional) or connects to the SPAN/mirror ports of the network es (white box or otherwise) to receive a copy of the traffic traversing the production network. That traffic is then forwarded to the tools based on the type of traffic that is relevant to the tools. There is a fundamental difference between how network es and Visibility Fabric nodes forward traffic. Traffic within the Visibility Fabric is forwarded based on the content that is relevant to the tools. both physical and virtual environments without affecting the performance or stability of the production network. Through patented technologies, centralized management and a portfolio of high availability and high density fabric nodes, network traffic is intelligently delivered to management, monitoring and security systems. Gigamon solutions have been deployed globally across enterprise, data centers and service providers, including over half of the Fortune 100 and many government and federal agencies. For more information about the Gigamon Unified Visibility Fabric visit: Traditional network es are highly optimized for addressbased forwarding where traffic is forwarded based on address information in the headers of the packets. Within the Visibility Fabric, traffic is forwarded based on the content of the packets, as well as based on correlated traffic flows that straddle multiple packets. And furthermore, those traffic streams may need to be replicated within the Visibility Fabric so as to deliver them to multiple sets of tools. That packet replication is also based on the content of the packet, as well as based on correlated traffic streams, so as to ensure that just the relevant traffic is delivered to the tools. This makes the Visibility Fabric a highly specialized function that is very unique and different from traditional network es. As we look to the future, this specialized capability of the Visibility Fabric will make it an integral but distinct component in ensuring the successful deployment of SDN solutions. About Gigamon Gigamon provides an intelligent Unified Visibility Fabric to enable the management of increasingly complex networks. Gigamon technology empowers infrastructure architects, managers and operators with pervasive visibility and control of traffic across Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice / Olcott Street, Santa Clara, CA USA +1 (408)
Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security
Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security Faced with a landscape of dynamic and expanding threats, many organizations today are compelled to take a multi-tiered approach to
More informationActive Visibility for Multi-Tiered Security // Solutions Overview
Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern
More informationWhitepaper Unified Visibility Fabric A New Approach to Visibility
Whitepaper Unified Visibility Fabric A New Approach to Visibility Trends Networks continually change and evolve. Many trends such as virtualization and cloud computing have been ongoing for some time.
More informationActive Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA
Active Visibility for Multi-Tiered Security Juergen Kirchmann Director Enterprise Sales EMEA Billions are Spent on Security Annually $18.4B SPENT BY ENTERPRISES WORLD-WIDE ON SECURITY IN 2014 ENTERPRISE
More informationIn-Band Security Solution // Solutions Overview
Introduction The strategy and architecture to establish and maintain infrastructure and network security is in a rapid state of change new tools, greater intelligence and managed services are being used
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationOut-of-Band Security Solution // Solutions Overview
Introduction A few years ago, IT managed security using the hard outer shell approach and established walls where traffic entered and departed the network assuming that the risks originated outside of
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationIntelligent Data Access Networking TM
Gigamon TM delivers intelligent data access solutions to enhance monitoring of service provider and enterprise data centers. The company s world-renowned GigaVUE orange boxes aggregate, filter and replicate
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationWhitepaper Addressing the Threat Within: Rethinking Network Security Deployment
Whitepaper Addressing the Threat Within: Rethinking Network Security Deployment Introduction Cyber security breaches are happening at an industrial scale. The unabated volume of cyber breaches along with
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationThe Visibility Fabric Architecture A New Approach to Traffic Visibility // White Paper
The Smart Route To Visibility We live in exciting times with business and society embracing Virtualization and Cloud Computing work and lifestyles that are enhanced and enabled through Organizations are
More informationDifferentiating Your Healthcare Institution While Improving Profitability // White Paper
The Smart Route To Visibility Healthcare, an industry in transition your services and healthcare professionals online through The demand for high-quality, safe and low-cost healthcare web portals, mobile
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationLive traffic feeds are increasingly being used by the modern enterprise to gain visibility for security and operations management
Overview The transition from an age of systems of record to an age of systems of engagement has led to profound changes in the way information is used in an organization. These changes have now become
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationSolutions Guide End-to-End Visibility for Your Cisco Infrastructure
Solutions Guide End-to-End Visibility for Your Cisco Infrastructure Table of Contents Introduction 3 Overview of Cisco Technologies 3 Monitoring Cisco Centric Infrastructure (ACI) 3 CISCO 40Gb BiDi Links
More informationEnd-to-End Visibility
End-to-End Visibility for Your Cisco Infrastructure SOLUTIONS GUIDE GIGAMON TABLE OF Contents Introduction... 1 Overview of Cisco Technologies... 1.Monitoring Cisco Application Centric Infrastructure (ACI)...
More informationMonitoring, Managing, and Securing SDN Deployments // White Paper
Introduction Mobility, cloud, and consumerization of IT are all major themes playing out in the IT industry today all of which are fundamentally changing the way we think about managing IT infrastructure.
More informationVisibility into the Cloud and Virtualized Data Center // White Paper
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
More informationHow To Sell Security Products To A Network Security Company
Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that
More informationWhitepaper Software-Defined Visibility (SDV): The New Paradigm for IT
Whitepaper Software-Defined Visibility (SDV): The New Paradigm for IT We live in a world evolving to require any machine-to-any machine communication. All parts of today s digital business infrastructure
More informationCybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com
Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationBlind as a Bat? Supporting Packet Decryption for Security Scanning
Sponsored by VSS Monitoring Blind as a Bat? Supporting Packet Decryption for Security Scanning November 2012 A SANS Whitepaper Written by: Dave Shackleford Options for SSL Inspection Page 2 Implementing
More informationAchieve Deeper Network Security and Application Control
Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationVisibility in the Modern Data Center // Solution Overview
Introduction The past two decades have seen dramatic shifts in data center design. As application complexity grew, server sprawl pushed out the walls of the data center, expanding both the physical square
More informationAchieve Deeper Network Security
Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationIBM Security Intrusion Prevention Solutions
IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationFROM PRODUCT TO PLATFORM
FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really
More informationTrend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview
Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview 2 Trend Micro and Citrix have a long history of partnership based upon integration between InterScan Web Security and Citrix
More informationTRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT
TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS AND DATA THEFT Your business and its data
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationSOLUTION BRIEF. Next Generation APT Defense for Healthcare
SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their
More informationNetwork Performance + Security Monitoring
Network Performance + Security Monitoring Gain actionable insight through flow-based security and network performance monitoring across physical and virtual environments. Uncover the root cause of performance
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationTRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS
TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS From a damaged reputation to regulatory
More informationF5 and Microsoft Exchange Security Solutions
F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationTraffic Visibility Fabric for Revenue and Differentiation in the Cloud Provider Market // White Paper
Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Market Cloud provider landscape and challenge As a Cloud Service (CSP) there are many services that you can offer. Based on your core
More informationOpen Source in Government: Delivering Network Security, Flexibility and Interoperability
W H I T E P A P E R Open Source in Government: Delivering Network Security, Flexibility and Interoperability Uncompromising performance. Unmatched flexibility. Introduction Amid a growing emphasis on transparency
More informationSSL Inspection Step-by-Step Guide. June 6, 2016
SSL Inspection Step-by-Step Guide June 6, 2016 Key Drivers for Inspecting Outbound SSL Traffic Eliminate blind spots of SSL encrypted communication to/from the enterprise Maintaining information s communication
More informationProtecting Your Network Against Risky SSL Traffic ABSTRACT
Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure
More informationOVERVIEW. Enterprise Security Solutions
Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s
More informationEnabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD
Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD FORTINET Enabling Secure BYOD PAGE 2 Executive Summary Bring Your Own Device (BYOD) is another battle in the war between security
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationOpen SDN for Network Visibility
SOLUTION GUIDE Open SDN for Network Visibility Simplifying large scale network monitoring systems with Big Tap 1 This solution guide describes how Big Tap, a network monitoring application from Big Switch
More informationWHAT S NEW IN WEBSENSE TRITON RELEASE 7.8
WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8 Overview Global organizations are constantly battling with advanced persistent threats (APTs) and targeted attacks focused on extracting intellectual property
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationUncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection WHITE PAPER
Uncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection WHITE PAPER Table of Contents Executive Summary... 3 The Current State of Insecurity... 3 Existing Security Solutions Can t Hack It...
More informationTRITON APX. Websense TRITON APX
TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationEffective Methods to Detect Current Security Threats
terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationWEBSENSE TRITON SOLUTIONS
WEBSENSE TRITON SOLUTIONS INNOVATIVE SECURITY FOR WEB, EMAIL, DATA AND MOBILE TRITON STOPS MORE THREATS. WE CAN PROVE IT. PROTECTION AS ADVANCED AND DYNAMIC AS THE THREATS THEMSELVES The security threats
More informationProtecting What Matters Most. Bartosz Kryński Senior Consultant, Clico
Protecting What Matters Most Bartosz Kryński Senior Consultant, Clico Cyber attacks are bad and getting Leaked films and scripts Employee lawsuit Media field day There are two kinds of big companies in
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationTrend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION
SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic
More informationSymantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
More informationHTTPS Inspection with Cisco CWS
White Paper HTTPS Inspection with Cisco CWS What is HTTPS? Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). It is a combination of HTTP and a
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationEffective Methods to Detect Current Security Threats
terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Enrico Petrov Director Managed Security Services terreactive October 21 st, 2015 terreactive Background. About
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationThis ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.
White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license
More informationSSL Performance Problems
ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation
More information