Protecting the Way People Work: Best Practices for Detecting and Mitigating Advanced Persistent Threats
|
|
- Abner Butler
- 7 years ago
- Views:
Transcription
1 Protecting the Way People Work: Best Practices for Detecting and Mitigating Advanced Persistent Threats The sprawling attack surface of modern business is making the challenge of detecting and mitigating advanced threats increasingly difficult. Cyberwarfare battlegrounds are compounding in complexity as mobile, social media and cloud applications are now concerning sources for data leakage and compliance violations. More critical information is being created, sent, shared and stored in ever more locations. It is clear that defensein-depth is paramount, yet the question remains: How should organizations prioritize resources to effectively protect today s workforce from advanced threats? In this report: 4 From the Gartner Files: for Detecting and Mitigating Advanced Persistent Threats 17 About Proofpoint, Inc.
2 It is no secret that all advanced threats target people and that will never change. Adversaries continue to use social engineering and social networks to trick people into sharing sensitive information through familiar interactions with perceivably trusted sources. People are the weakest link in the security chain and regardless of how robust the technology stronghold or thorough the training, people are fallible. Therefore, if organizations want to protect their people from advanced attacks, they not only need to harmoniously coordinate network, edge, endpoint and data protection solutions, they need to make sure that those solutions align with the way people work. Proofpoint solutions align with Gartner for detecting and mitigating advanced threats. The Proofpoint product portfolio aligns closely with Gartner s recommended best-practice strategies (detailed on page 3) by providing solutions that: Adapt and form to changes in the threat landscape. Are easily maintained through the cloud, allowing value to be realized immediately. Unify security response processes among technologies by design, through seamless data integration and functional automation. Utilize community-based threat intelligence derived from organizations worldwide, to respond faster to known threats. Proofpoint is adeptly positioned to provide cybersecurity solutions to address known and unknown advanced threats, including credential phishing, polymorphic and zero-day attacks. Proofpoint products equip organizations to focus their infrastructure protection strategy toward malicious content, backed by with years of industryleading expertise and proven, real-world efficacy. Proofpoint stops advanced threats before they reach the people they target. Proofpoint protects people in all the communication channels where attackers target them: , social media and mobile apps. Because solutions are in the flow of these channels, organizations have better, more insightful contextual information to stop attacks before they ever reach their targets. Contextual awareness is critical in advanced threat detection, validation and containment, especially when it comes to being able to identify the people who are being targeted. Proofpoint content security solutions preemptively examine both URLs and attachments for -based threats with modern techniques, such as content sandboxing and URL rewriting. Proofpoint has the unique ability to use predictive analytics to identify and block suspicious URLs before users click on them. Moreover, Proofpoint correlates everything learned about the attackers and their tools to stop the next attack faster. Proofpoint protects the information people create from advanced attacks and compliance violations. Proofpoint helps organizations reduce their attack surface wherever sensitive information resides finding the sensitive data users create, and protecting it as it is sent, stored and archived. Because solutions are powered by the cloud, Proofpoint can both update and deploy defenses rapidly, staying ahead of even advanced and targeted attacks everywhere users go on any network or any device. Proofpoint enables people to respond quickly when things go wrong. Proofpoint recognizes that no security solution is bulletproof, nor is any single technology product the universal panacea to stop all advanced, targeted attacks. Attacks will always get through and when they do, people need to be ready. 2
3 Only Proofpoint provides end-to-end insight of attacks, not only showing what is blocked but also what is detected, delivered and clicked with detailed forensic information. This information is backed by ongoing integration of trusted community-based threat intelligence, curated by the Proofpoint team of dedicated threat researchers and analytics systems. The result is pure, originally-sourced threat intelligence on IP addresses, domains, malware samples and exploit kits from direct observations from global organizations all maintained current and made possible through the Proofpoint Cloud. Furthermore, Proofpoint can improve automated monitoring, correlation and analysis by enabling people to respond to incidents faster giving them the intelligence to prioritize what to do and the tools that orchestrate the right response. Proofpoint is committed to giving organizations the power to protect the way their people work today. For more information on Proofpoint solutions, please visit Source: Proofpoint 3
4 From the Gartner Files: for Detecting and Mitigating Advanced Persistent Threats Information security practitioners must implement specific strategic and tactical to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures. Key Challenges Management silos between network, edge, endpoint and data security systems can restrict an organization s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within an organization that either have knowledge of, use of or access to the data targeted. Attackers often move laterally within the enterprise environment, attacking low-priority assets first as a launching pad to compromise adjacent higher-value systems. Most organizations rely on low overhead prevention techniques, such as firewalls and antivirus solutions. Breach data shows that incident response must be improved. Recommendations Use Gartner s adaptive security architecture to evaluate existing capabilities in all four stages of the security life cycle, and seek to fill in gaps. Perform a business impact and threat assessment analysis with business leaders to categorize threats, users and digital assets into high-, medium- and low-priority classifications to enable faster alert response on high-impact threats, events and critical assets. Where practical, improve SIEM capabilities to include integrations with multiple security tools to improve contextual awareness and provide a higher-level alert management capability. Acknowledge that not all threats can be prevented, and therefore, the speed to detect and respond to incidents is also critical. Introduction Security practitioners now acknowledge the term advanced persistent threat (APT) and concede that there are advanced threats 1 that are targeting their businesses, bypassing traditional security protection techniques and residing undetected while exfiltration of data occurs from within the organization s environment. 2 This research will enable security practitioners and strategists to understand some of the threats they face and the best-practice steps that must be taken to reduce the risk of compromise against the advanced adversaries taking direct aim at their organizations. Gartner currently estimates that in 2014, organizations spent a total of $985 million on advanced threat detection and prevention technologies. The total market estimate breaks down to $582 million on network sandbox providers, $232 million on endpoint detection and response, $58 million on cloud sandbox solutions, and $113 million on network behavior analysis (NBA). These markets and technologies continue to have strong interest from Gartner clients and have supported double-digit growth rates during the past several years. Gartner expects continued interest in these capabilities, as organizations grapple with increasing detection and prevention capabilities within their environments. 4
5 Analysis Implement Tactical Best-Practice Controls Best-Practice Strategies Use a comprehensive approach; no one single technology will stop advanced targeted attacks, even products targeted specifically at advanced forms of attack. Implementing proper system and application patching is one of the single most successful defenses, so you must get this process right, and you must maintain a consistent and rapidly paced patch management process to be effective. Review your existing technologies and compare them to the Gartner adaptive security architecture. Utilize advanced features in the latest products or services to keep up with changes in the threat landscape. Also read Five Styles of Advanced Threat Defense for a framework to compare the styles of APT-targeted defense technologies. Acknowledge that technology alone won t stop APTs; an effective strategy must include the search for compromised systems, improvements in your forensics and incident response capabilities, rapid response, proper system configuration, and selection of the appropriate security technologies. Review the in this document, but do so with the mindset of unifying the security processes between each technology so that effective response to threats is possible and the detection and reduction of breach events is the more likely result. Perform roundtable exercises to examine how you will properly use the tools at your disposal, and brainstorm on the variety of ways an attack can be detected and can unfold in your environment. C-level executives must recognize the need to staff appropriately to effectively operate the latest security technologies your organization deploys to protect itself. If necessary, engage third parties to manage or operate more mature security controls, while the IT staff focuses more on the strategic security processes and technologies. Adaptive security architectures should be key requirements when evaluating the next generation of security protection technologies (network, endpoint, edge and so on). For example, adaptive security controls and processes will introduce orchestration and graduated response enforcement that can adapt when malfeasance is detected in external integrated controls. Seek integrated cross-product security controls that provide telemetry and adaptive responses to detection events. Furthermore, inquire with your network firewall provider about its latest security capabilities to address APTs and its ability to deliver intelligenceaware and adaptive responses. Ongoing integration and trusted communitybased threat intelligence sharing among your disparate security technologies, business partners and other third-party or vertically aligned organizations should be a stated security program goal. What Must Be Adopted to Reduce the Threat of APTs? Keep Up to Date With the Threat Landscape Subscribe to security intelligence services that regularly provide information to keep up with the latest malicious activities and event information, as well as exploitation. Review your IT security department s education budget, and ensure you have allocated continuing education for security-specific education initiatives for both your security 5
6 team and your organization for mitigating the latest techniques used to reduce the potential delivery of advanced forms of malware (for example, how to avoid phishing attacks and how to analyze malware). Create a role-centric and user-centric security awareness program focusing on educating employees on the sensitive roles they hold, so that these employees better understand how attackers are attempting to gain access to company data and how that data is likely to be used maliciously. For example, this program should include (but is not limited to) departments such as finance, accounts payables, human resources and business operations that have access to sensitive data types; they should be well-versed in techniques attackers are using to get at their sensitive data. Invest in forensics and malware sandbox analysis capabilities, but realize that incident response workloads will increase midsize and small organizations should consider outsourced incident response models to augment staff against resource constraints. For enterprises, IT management should ensure appropriate levels of education on malware analysis and incident response are a critical focus area for the members associated with these functions. Consider extending your involvement with external information and security-related organizations (see Note 1) and vertically aligned industry groups to enhance knowledge, threat intelligence sharing and collaboration of your security team with others in aligned industries. Establish relationships with governmentsponsored security threat and informationsharing programs 3 to boost both collaboration and response characteristics of your incident response procedure or process. Determine if your vertical has an aligned Information Sharing and Analysis Center (ISAC) and establish a relationship. (Examples include the Financial Services Information Sharing and Analysis Center [FS-ISAC], Red Sky Alliance, the Forum for Incident Response and Security Teams [FIRST], InfraGard, and the Computer Emergency Response Team/Computer Security Incident Response Team [CERT/CSIRT].) Assign at least one security team member to regularly review security news articles, publications and critical infrastructure protection alerts while comparing and contrasting this information with your current vulnerabilities and known risk profile. Hunt for compromised systems, as well as prioritize essential remediation efforts. Thwart Social Engineering Techniques Through Education Review company policy to ensure that it has taken appropriate steps to prevent the inappropriate posting of internal information onto public social media sites. Your policy should extend the applicability of the data classification framework to data posted to external sites, and it should include punitive language, such as a termination clause. Data loss prevention (DLP) technologies may provide on-the-spot education for sensitive data use, as well as provide the benefit of enforcement. Ensure that your end-user security awareness programs highlight that disclosure of current or active individual job role information onto the Internet is discouraged by the company (keep mindful of freedom of speech issues). Also highlight that this information is often used by attackers to identify employees to attack with targeted malware content and malicious URLs. Augment your awareness campaigns to properly describe and demonstrate how attackers are using external data repositories to generally target employees through the 6
7 use of social engineering techniques to gain their trust, and stress the importance of the suspicious mindset for all communications through and via the Web. Social engineering attacks will often target the acquisition of user credentials via malware. Therefore, it is important that an organization monitor when there are variances in user authentication times; for example, users logging on at odd hours of the day or simultaneously at a different geolocation. User behavior analysis technologies can be an important tool for detecting and alerting on these events. That Apply to All Technical Control Layers Ensure you are using the latest offerings and engines from your endpoint protection platform provider. Standardize on a short turnaround for testing and deploying signature updates. Most platforms have evolved well beyond purely signature-based approaches for malware detection to include cloud-based reputation scoring, emulation, behavioral and anomaly detection capabilities. Evaluate the context and intelligence-sharing capabilities of your security platform provider. Security platforms must become contextaware identity-, application-, content-, location-, geolocation- and intelligence-aware in order to make better information security decisions regarding APTs. If your provider doesn t have this capability or doesn t have it on its roadmap, consider switching providers. Offer linkage into reputation services. Like content, pure blacklisting-based approaches for Internet Protocol (IP) address filtering, URL filtering and sender filtering no longer work. Next-generation security platforms incorporate cloud-based community context for determining the relative reputation of an entity, typically an IP address or URL. At a minimum, communications with IP addresses and URLs with low reputations should be logged, and some organizations will choose to block these entirely. Alternatively, you could scale up to use a full-blown machine-readable threat intelligence (MRTI) approach to have your network devices dynamically adapt to changing threat landscape. Enable activation of DLP capabilities. Most security policy enforcement points have embedded DLP capabilities to detect when sensitive data is being handled by each layer. Alternatively, these security platforms may integrate with enterprise content-aware DLP offerings for their patterns. Review and implement DLP capabilities of the platform to ensure it is configured to detect. Use a workflow to provide approvals of or block the release of sensitive data types, such as credit card numbers, intellectual property and personally identifiable information as needed. Provide integration into security information and event management (SIEM). All of the security platforms in this document create logs of activity and events. Consolidating this vital data into broader SIEM platforms increases the ability to correlate and report events in integrated fashion, enabling more effective incident response prioritization. Upgrade Your Perimeter and Network- Based Security for IPsec and SSL VPN Remote Access Connections Review your VPN devices, and ensure all users are required to utilize a risk-appropriate authentication method prior to authorization. Review your VPN device policy, and ensure that users are permitted only to the internal environment that they specifically need to access and not to the entire organization. 7
8 Implement internal network inspection devices, such as intrusion prevention system (IPS) and NBA technologies between your VPN termination device and your internal network environment, so that attacks or behaviors can be discovered or prevented within your remote access network infrastructure. Consider technologies that allow for the termination and security inspection of Secure Sockets Layer (SSL) traffic so that attacks cannot be perpetrated in the encrypted tunnel back to your internal applications or systems obfuscated from your security inspection technologies. Validate that monitoring controls are in place and that appropriate levels of logging are performed off-device in centralized log servers. Deploy security information management systems so that attacks can be detected or analyzed through additional behavior-based analysis or correlation of incoming events. Send VPN events to SIEM and user behavior analysis tools. Regularly review VPN events identified, ensure these are correlated in your SIEM technology and look for anomalous patterns of activity. Leverage vendor-supplied anomaly detection and alerting capabilities when technically feasible. Where possible, reduce the use of direct network-level VPN access and shift to Webenabled access or application-level VPNs. For mobile devices, consider implementing enterprise mobility management (EMM) technology to ensure basic consistency of security controls that are extended out to mobile devices and to ensure compliance with these policies before VPN access is granted. User authentication technology providers: Authentify; Duo Security; Gemalto; HID Global; RSA, The Security Division of EMC; TeleSign; SafeNet; SecureAuth; SecurEnvoy; SMS Passcode; Symantec; TeleSign; and Vasco Stand-alone SSL VPN providers: Barracuda Networks, Cisco Systems, Citrix and Juniper Networks Mobile device management providers: Air- Watch, Citrix, Good Technology, IBM, MobileIron, SAP and Soti Next-Generation Firewalls and Unified Threat Management Consider the use of application awareness (a form of context awareness) provided in next-generation firewall (NGFW) and unified threat management (UTM) functionality that leverages deep packet inspection techniques to permit valid (authorized) applications and deny everything else. To enable the application control functionality, you may need to perform a firewall refresh if you use legacy firewalls that provide only filtering based on IP protocols, source and destination IP address, and port numbers. Review and, if necessary, adjust your network firewall rules to ensure only business-critical services are permitted to both enter and leave the network; this includes the consideration of geographical filtering at the country level (Geo-IP filtering). Review and, if necessary, adjust your ingress network firewall rules to ensure only critical inbound services are permitted to enter the network; this also includes geographical blocking or filtering at the country level based on business need. 8
9 Review and (if available) regularly implement new capabilities provided by the latest firewall technologies to incorporate dynamic threat feeds that are provided via hosted or cloud-based services to deliver malicious threat lists for instant blocking at the firewall (don t allow your firewall technology to stagnate). Ensure proper zoning and segmentation are performed in your internal network environment (not just the demilitarized zone [DMZ]) and that adequate firewall logging and inspection is performed between high- and low-security segments. The separation of operational and management network zones is essential in maintaining operational security. Prefer firewall intrusion prevention solutions that can perform blocking of suspicious Domain Name System (DNS) queries to disrupt malicious domains (for example, domain generation algorithm-based malware command and control). Review and implement the latest firewall capabilities to perform advanced examination of executables and other content using emulation and/or virtualization (sandbox) technologies either hosted in a cloud or on a separate appliance to identify targeted polymorphic malware through behavioral analysis. NGFW vendors: Check Point Software Technologies, Cisco Systems, Dell, Fortinet, Juniper Networks and Palo Alto Networks Intrusion Prevention Technologies Review and, if necessary, adjust intrusion prevention security enforcement policies to block rather than just detect known attacks and attack signatures, and selectively enable more signatures when possible. Use blocking to reduce noise so the team can focus on real APTs versus common known attacks in which IPS products can defend against. Decide acceptable trade-off between potential false positives and better APT prevention or detection. Review your IPS, and ensure that the technology you are using has the latest botnet prevention technology to prevent botnet command and control network activity. Likewise, see if communications to other types of lowreputation IP addresses can be blocked or allowed and logged for further investigation. Review your IPS s features, as well as ensure that it provides host and traffic anomaly detection (for example, using processing NetFlow data) and that it has capabilities to prevent or, at minimum, detect and alert on the anomalous (statistically deviant) traffic and DNS queries exiting through your perimeter networks. Review your current intrusion prevention implementation and, if available, implement blocking capabilities that include reputationbased or real-time block list threat feeds provided by your technology vendor. Review and, if necessary, adjust protocol anomaly detection and prevention capabilities to ensure nonstandard communications are blocked, while expected and authorized protocol communications are allowed through known standard ports such as HTTP (TCP port 80), while not permitting an FTP session through the standard HTTP port. Review and ensure all critical and Internet traversal network segments are inspected with IPSs that are configured to block known highand medium-high-fidelity signatures with low false positives, as directed by your technology provider. Make sure that network visibility extends into virtualized environments either by tapping internal virtual switch traffic out for external 9
10 inspection or by virtualizing IPS capabilities and running directly within the virtualized environment. Terminate inbound encrypted sessions so that session content may be inspected (to the extent that you are permitted by internal policy or external regulations). Consider implementing outbound SSL decryption to thwart malware that utilizes encrypted sessions for command and control traffic (consider privacy and legal ramifications when proceeding). Consider deploying distributed denial of service (DDoS) solutions either as an appliance form factor or as a cloud service. For higherprofile (often targeted) enterprises, use a hybrid of both on-premises DDoS prevention appliances and external DDoS services. Stand-alone IPS appliance providers: Check Point Software Technologies, Cisco Systems; HP, IBM, Intel Security and Radware DDoS mitigation appliance providers: A10 Networks, Arbor Networks, Corero Network Security, F5, Fortinet, Huawei, NSFOCUS and Radware DDoS mitigation service providers: Akamai, Arbor Networks, Black Lotus, CloudFlare, DOSarrest, Incapsula, Link11, Neustar and Nexusguard Web Application Security Combine both static and dynamic code analysis to reduce vulnerabilities in Web applications. Acknowledge that internal procedures and static code analysis are no longer enough to protect against common Web vulnerabilities and that Web application firewalls are an essential ingredient to the defense against advanced targeted Web attacks. Prefer solutions that have comprehensive coverage and specific threat detection templates for protecting common Web front ends and content management systems used for your enterprise Web applications. Prefer Web application firewalls that have the capability to share intelligence via reputation feeds, offer fraud detection services, and offer the capability to perform browser and endpoint security and spyware infection assessment. Prefer Web application firewalls that support virtual patching integration with static application security testing/dynamic application security testing (SAST/DAST) software. Consider augmenting your internally developed applications with runtime application self-protection (RASP) technology. Review your Web application firewall configuration, and implement vendor-recommended prevention settings versus using only its detection capabilities to reduce the application attack surface. Application security testing providers: HP, IBM, NT OBJECTives, Qualys, Trustwave, Veracode and WhiteHat Security Web application firewall providers: Barracuda Networks, Bee Ware, Citrix, DenyAll, F5, Imperva, Riverbed and Trustwave Web application firewall service providers: Akamai, Applicure Technologies, CloudFlare, Incapsula, Qualys and Radware RASP providers: Bluebox Security, Checkmarx, HP, Key Resources Inc. (KRI), Prevoty, Quotium, Shape Security and Waratek 10
11 Network and Cloud-Based Sandboxes Evaluate and deploy a network-based advanced threat detection/prevention (network sandboxing) technology to reduce the potential impact of zero-day malware and other targeted attacks. Review your existing advanced threat detection/prevention technology, and ensure that you take appropriate steps to employ any prevention capabilities provided, as directed by your technology vendor, while considering any negative impacts to your environment s specific needs. Review your advanced threat protection appliance deployment, and ensure that all (especially Web and ) network connections to the Internet are inspected (include SSL decryption if possible). If available, leverage sandboxing of unknown files by scanning files on network shares or storage locations to identify malicious files dormant in your environment. Properly employ your incident response processes around this new technology, and execute the process either when appropriate indications exist for a potential malware infection, or when command and control callbacks are detected. Recognize that mobile devices, such as laptops, Ultrabooks, tablets and smartphones, must be addressed with endpoint security controls, mobile device security technologies, and secure Web and gateway services because the interception of their off-premises network traffic may not be practical. Stand-alone network sandbox appliance providers: AhnLab, Blue Coat, Check Point Software Technologies, Cisco Systems, Cyphort, Damballa, FireEye, Fortinet, General Dynamics Fidelis Cybersecurity Solutions, Intel Security, Lastline, Palo Alto Networks and Trend Micro Integrated firewall and cloud-based sandbox service providers: Barracuda Networks, Check Point Software Technologies, Cisco Systems, Fortinet, Juniper Networks and WatchGuard Focus Your Infrastructure Protection Strategy Toward Malicious Content Content Security To increase detection and prevention rates, use diversity in the source of antivirus engines that will scan content; for example, use one antivirus engine at the gateway and use an alternative antivirus engine for your endpoint systems. Ideally, the gateway would support the use of multiple engines. Review and ensure your mobile device security includes threat inspection of all going to and from mobile devices (consider privacy and legal ramifications when proceeding). Review your security gateway or software, and ensure you have set it to the highest threshold for malware and phishing detection and prevention. Phishing continues to be a consistent method used to target roles within organizations globally with sensitive data access. 4 Strip or quarantine all executable content from attachments, and ensure that all content types and attachments are being evaluated for malware. Review and consider secure gateways (SEGs) that implement specific protection technology for both URL links and attachments with active content that cannot be 11
12 blocked by policy (that is, PDF and.doc file types). For attachment-type attacks, consider content sandboxing (virtual environment emulation in code execution), also called sandbox technology. This technology allows attachments to be tested within a virtualized or emulated simulation environment prior to delivery and subsequent execution on the destination endpoint system of the recipient. For attachment-type attacks, consider solutions (which may be less optimal but still effective) that strip or neuter active content in commonly used document types. For URL link attacks, consider solutions that rewrite suspect URLs, such that they are proxy at the time of click. Do not assume URL protection is redundant due to secure Web gateway technology; s can be read and acted upon when devices are outside the perimeter or with other machines using Outlook Web Access. Use SEG DLP technology tactically in the absence of enterprise DLP to detect sensitive or secret data traversing the gateway. SEG and service vendors: AppRiver, Barracuda Networks, Cisco Systems, Intel Security, Proofpoint, Sophos, Spamina, Symantec, Trend Micro, Trustwave and Websense Web Content Security Deploy a secure Web gateway (SWG) or equivalent technology in order to inspect, filter and monitor inbound content and outbound Internet Web communications. Keep your SWG software up to date with the latest version as soon as possible to maintain security because threats and technology capabilities in these platforms change over time. Review your URL filtering configuration, and ensure that known proxy sites, hacking sites, phishing URLs and other malicious site categories within your Web filtering product or service are blocked. Implement real-time block lists to block hosts that have already been determined to pose an existing threat, as well as implement reputation feeds to block hosts that are suspect. Review incumbent SWG vendors capability to ensure that the most advanced malware detection capability has been licensed. Be aware that it may be necessary to add more security capability if the incumbent solution is designed primarily for productivity filtering or network optimization. Review and utilize advanced security capabilities provided by the SWG beyond the capabilities of simple real-time block lists. Many solutions do not turn on advanced techniques by default due to performance impact. Ensure that SWG solutions are sized to manage traffic adequately, with all advanced detection methods turned on. Review and implement, where possible, content sandboxing (virtual environment/emulation and code execution); virtual sandbox technology permits code to be tested within a virtualized simulated environment that allows malware to be evaluated for common malicious behavior prior to delivery and subsequent execution on the end system. Use your SWG solution to inspect mobile device traffic, such as traffic from laptops, small office/home office (SOHO) devices, smartphones and tablets; this may require a cloud-based solution or use of VPN technology to backhaul traffic over a tunneled VPN. 12
13 Prefer SWG solutions that are capable of detecting all malicious outbound protocols (that is, not just HTTP) for indicators of infection and that provide suitable alerts, as well as data, to trace and remediate infected hosts. Ensure that the SIRT or endpoint administrators have access to outbound reporting that shows potentially infected machines or abnormal traffic patterns. Use SWG DLP technology tactically in the absence of enterprise DLP to detect sensitive or secret data traversing the Web gateway. SWG and service vendors: Blue Coat, Cisco Systems, Intel Security, Symantec, Trend Micro, Websense and Zscaler Uplift Your Endpoint Security Controls and Detection Stance Remove administrative privileges on desktops to reduce the ability of malware infections to cause low-level system damage. Where privileged access is needed, use a privileged account activity management (PAAM) technology or an application control solution to properly manage the on-demand escalation of privileges and/or the use of privileged applications. Implement a vulnerability assessment and remediation process with service-level agreements for the remediation of all endpoints. Review the effectiveness of remediation efforts across IT support teams on a quarterly basis with responsible parties and/or the responsible parties management team. Extend your patch management processes to all common desktop elements, especially Internet-facing applications (for example, Adobe, Java and alternative browsers) while prioritizing vulnerabilities that will commonly be used to deliver malware. Review your existing endpoint antivirus products to ensure they are the latest version, and uplift, if necessary, to include complete anti-malware protection, potentially unwanted program detection, and other malware detection and prevention capabilities. Add host and server intrusion prevention capabilities to your endpoint systems that handle sensitive data types, and leverage attack signatures blocking high-fidelity critical high- and medium-attack signatures with low false-positive rates as suggested by your security technology provider. Endpoints routinely handling sensitive data or fixed-function devices for roles and users who have high-security access credentials should leverage application control technology to limit application execution to known good applications. For lean-forward organizations, consider deploying application containment to isolate risky applications, such as browsers and PDF viewers, from the core endpoint system resources where these applications are the primary avenue of attack. For lean-forward organizations, consider deploying endpoint threat detection and response tools to detect indicators of compromise, and accelerate and improve malware remediation and SIRT investigation. Consider systematically resetting desktop and server workloads to high-assurance states as a way to proactively remove ATA footholds. For lean-forward organizations, implement network and system behavior analysis capabilities on your endpoint systems to detect potentially irregular or suspicious user and system behaviors. 13
14 For lean-forward (type A early adopters) organizations focused on prevention, consider deploying endpoint exploit prevention and application containment technologies. Application control/whitelisting vendors: Bit9 + Carbon Black, Intel Security, Kaspersky Lab, Lumension and Viewfinity Application-layer containment vendors: Blue Ridge Networks, Bromium, BufferZone, Invincea and MirageWorks Endpoint exploit prevention vendors: Malwarebytes, Microsoft, Palo Alto Networks and Trusteer (part of IBM) Network forensics vendors: Blue Coat; Emulex; Fluke Networks; IBM; NetAgent; Netresec; Niksun; RSA, The Security Division of EMC; Riverbed; and WildPackets NBA vendors: Arbor Networks, Intel Security, Lancope, Radware and Tenable Network Security Improve Your Automated Monitoring, Correlation and Analysis Implement user behavior analysis products that can extend your current SIEM and monitoring capabilities to user behavioral profiling in order to help detect abnormal behaviors of users. Ensure you have implemented off-device, centralized logging facilities for all your security controls to prevent potential tampering through a data breach. Form a security operations center or designate specific individuals to operate as a security operations center in order to properly monitor and respond to threats and incidents, as well as perform initial triage status for security events. Implement a SIEM solution to enable centralized log analysis, complex correlation and automated anomaly alerting. Review anomaly reports and alerts generated by your SIEM system to identify irregular behaviors in the environment. Invoke the incident response process when suspicious anomalies or alerts are received by the security operations center. SIEM vendors: AlienVault; HP; IBM; Intel Security; LogRhythm; RSA, The Security Division of EMC; and Splunk User behavior analysis vendors: 21CT, BAE Systems Applied Intelligence, Bay Dynamics, Caspida, Click Security, Exabeam, FICO, Fortscale, Gurucul, IBM, idetect, Intellinx, Lockheed Martin, Mobile System 7, Novetta, ObserveIT, Oracle, Raytheon, SAS, Securonix, SpectorSoft and Splunk Improve Your Incident Response Capabilities, and Consider Automation and Mitigation Responses on the Endpoint Outline an incident response procedure that defines the roles of appropriate business and IT contacts throughout the organization and other departments including human resources, public relations, legal and executive management needed to respond to security incidents. Retain either internal or external resources for executing an incident response plan; specifically target resources with digital forensics and malware analysis knowledge. Consider implementing a secure case management or incident response ticketing system separately from IT support systems so that security incidents will remain confidential 14
15 within the incident response process and workflows, as well as that secure collaboration can exist between involved parties during execution of the incident response procedure. Consider deploying Endpoint Detection and Response (EDR) technologies. These technologies specifically augment endpoints with additional telemetry gathering and threat detection capabilities that go beyond traditional endpoint protection platforms. Leverage endpoint forensics tools and EDR technologies or services favoring capabilities that specialize in incident response, including investigation assessment templates for identifying and analyzing suspicious common infection assessment capabilities (such as service startup locations, driver hooks, kernel driver analysis, running process exploration, memory snapshot and other various malware analysis technologies). When possible, consider automating your incident response investigation triage efforts with integration between forensic analysis tools and other security monitoring software to more rapidly respond to potential suspicious security events when they occur. Consider adding automatic responsive capabilities for threat detection events when using EDR solutions, such as kill process, delete file or clear memory, to avert APT data losses and disrupt an active kill chain. Consider workflow capabilities of EDR solutions to integrate response and change control with incident responder triage processes. Consider threat intelligence (aka indicator ) sharing through APIs between EDR solutions and network sandbox provider solutions to improve detection-based mitigation responses at the endpoint. Incident response forensic analysis vendors: AccessData, FireEye, Google and Guidance Software Endpoint detection and response providers: Bit9 + Carbon Black, CounterTack, Crowd- Strike, Cybereason, Digital Guardian, Fire- Eye, Guidance Software, Hexis Cyber Solutions, LightCyber, Tanium and Triumfant Lean-Forward Security Programs (Early Adopters) Should Consider Threat Deception Technologies Consider utilizing deceptions across endpoint, application and network infrastructure to enhance your advanced-threat and insiderthreat detection goals. Consider solutions that divert detected threats or suspicious actors to deception environments (formerly called honeypots and quarantine networks ) that can leverage deception techniques across the endpoint, network and application layers in a deceptive isolation environment (that is, deception quarantine network). Choose network infrastructure that is capable of sharing contextual information, such as threat intelligence, asset and application configuration information, and security application threat detection status. Prefer infrastructure that is capable of responding to this shared information with deception techniques to thwart threat actors, automated network attacks and malicious software. Consider technologies that specifically use deceptions to detect, disrupt, delay, isolate and degrade malware and threat actor activities. 15
16 Consider deception capabilities that can be used to increase telemetry, decrease false positives and increase efficacy with forensic examination and monitoring abilities to reduce malware and threat actor false positives. Network protocol deception vendors: Juniper Networks On-endpoint deception vendors: Attivo Networks, Cymmetria, illusive networks, Javelin Networks and TopSpin Distributed decoy vendors: Attivo Networks, Cymmetria, GuardiCore, Javelin Networks, Shadow Networks and TrapX Security Evidence 1 FireEye Advanced Threat Report 2013, FireEye April 2015 Cyber Attacks Timeline, Hackmageddon.com 3 Worldwide Cert Organizations 4 Spear-Phishing Most Favored APT Attack Bait, Trend Micro Note 1 External Information and Security-Related Nonprofit Organizations The following are external information and security-related nonprofit organizations: International Information System Security Certification Consortium (ISC) 2 Information Systems Security Association (ISSA) ISACA (previously known as Information Systems Audit and Control Association) Source: Gartner Research, G , Lawrence Pingree, Neil MacDonald, Peter Firstbrook, 04 May
17 About Proofpoint, Inc. Proofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions for comprehensive threat protection, incident response, secure communications, social media security, compliance, archiving and governance. Organizations around the world depend on Proofpoint s expertise, patented technologies and on-demand delivery system. Proofpoint protects against phishing, malware and spam, while safeguarding privacy, encrypting sensitive information, and archiving and governing messages and critical enterprise information. More information is available at Protecting the Way People Work: for Detecting and Mitigating Advanced Persistent Threats is published by Proofpoint Editorial content supplied by Proofpoint is independent of Gartner analysis. All Gartner research is used with Gartner s permission, and was originally published as part of Gartner s syndicated research service available to all entitled Gartner clients Gartner, Inc. and/or its affiliates. All rights reserved. The use of Gartner research in this publication does not indicate Gartner s endorsement of Proofpoint s products and/or strategies. Reproduction or distribution of this publication in any form without Gartner s prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, ombudsman/omb_guide2.jsp. 17
Best Practices for Mitigating Advanced Persistent Threats
G00256438 for Mitigating Advanced Persistent Threats Published: 12 September 2013 Analyst(s): Lawrence Pingree, Neil MacDonald, Peter Firstbrook This document provides information security practitioners
More informationThe Cyber Threat Landscape
The Cyber Threat Landscape Oliver Rochford Research Director Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without
More informationBest Practices for Mitigating Advanced Persistent Threats
G00224682 Best Practices for Mitigating Advanced Persistent Threats Published: 18 January 2012 Analyst(s): Lawrence Pingree, Neil MacDonald Many security practitioners see the term "advanced persistent
More informationMarket Guide for Network Sandboxing
G00271317 Market Guide for Network Sandboxing Published: 2 March 2015 Analyst(s): Lawrence Orans, Jeremy D'Hoinne Choosing a network sandboxing solution is challenging due to the wide array of options
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationMEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH
MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH A Palo Alto Networks and Channel Partner Case Study Every day, the U.S. federal government experiences increasingly sophisticated
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationFROM PRODUCT TO PLATFORM
FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really
More informationDefending against Advanced Threats: Addressing the Cyber Kill Chain
Defending against Advanced Threats: Addressing the Cyber Kill Chain We have known for a considerable period of time that the perimeter-centric security approach is not a panacea for all ills, but organizations
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationVIGILANCE INTERCEPTION PROTECTION
MINIMIZE CYBERTHREATS VIGILANCE INTERCEPTION PROTECTION CYBERSECURITY CDW FINANCIAL SERVICES 80 million identities were exposed by breaches in financial services in 2014. 1 1 symantec.com, Internet Security
More informationOffice 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.
Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationAdvanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationHow To Sell Security Products To A Network Security Company
Market Segment Definitions Author Joshua Mittler Overview In addition to product testing, NSS Labs quantitatively evaluates market size for each of the product categories tested. NSS provides metrics that
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationA New Era of Cybersecurity Neil Mohammed, Sales Engineer
A New Era of Cybersecurity Neil Mohammed, Sales Engineer Copyright 2015 Raytheon Company. All rights reserved. R W Market Advantages Strong Financial Backing Accelerated Innovation Increased Breadth and
More informationNext-Generation Firewalls: CEO, Miercom
Next-Generation Firewalls: Results from the Lab Robert Smithers Robert Smithers CEO, Miercom Agenda Participating i Vendors and Products How We Did It Categories of Products Tested About the Technology
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationSolutions Brochure. Security that. Security Connected for Financial Services
Solutions Brochure Security that Builds Equity Security Connected for Financial Services Safeguard Your Assets Security should provide leverage for your business, fending off attacks while reducing risk
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationDDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION Stephen Gates Chief Security Evangelist Corero Network Security Session ID: SEC-W04 Session Classification: Intermediate Recent Headlines Are Denial of
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationOVERVIEW. Enterprise Security Solutions
Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationA Modern Framework for Network Security in Government
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationRealize That Big Security Data Is Not Big Security Nor Big Intelligence
G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationCloud Based Secure Web Gateway
Cloud Based Secure Web Gateway DR160203 March 2016 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Product Tested... 4 Test Focus... 4 How We Did It... 5 Test Bed Setup... 5 Test
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationGuest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc.
Guest Speaker Michael Sutton Chief Information Security Officer Zscaler, Inc. Michael Sutton has dedicated his career to conducting leadingedge security research, building world-class security teams and
More informationReadiness Assessments: Vital to Secure Mobility
White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationGuideline on Firewall
CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHP TippingPoint A New Approach to Malware Defense Featuring Analyst Research
1 Issue 2 1 3 9 Brief From the Gartner Files: Malware Is Already Inside Your Organization; Deal With It About HP HP TippingPoint A New Approach to Malware Defense Featuring Analyst Research Brief For years,
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationTRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT
TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS AND DATA THEFT Your business and its data
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationMetric Matters. Dain Perkins, CISSP Dain.Perkins@gmail.com
Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security metrics do not show us how we need to improve our defenses Image: http://abcnews.go.com/sports/2014-fifa-world-cup-us-goalie-tim-howard/story?id=24400295
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More information