Accenture Cyber Defense Platform. Architecture Overview
|
|
- Jerome Newton
- 7 years ago
- Views:
Transcription
1 Accenture Cyber Defense Platform Architecture Overview
2
3 Introduction Companies are facing a wide variety of new and complex security challenges. Growing attack surfaces, sophisticated attacks, explosive data growth and diverse heterogeneous defense systems are examples of the issues plaguing the industry. With large attack surfaces, organizations don t holistically know what they need to protect or how to prioritize their concerns. The recent shift to investing in cyber security detection and remediation is not enough to fight the high volume and sophistication level of today s attacks. Overwhelming data volumes cause traditional security information and event management (SIEM) tools to become slow to respond. Finally, so many technologies exist between data centers and clouds that it is hard to manage or track them all. To help businesses combat the ever-growing list of challenges, Accenture has created the Accenture Cyber Defense Platform. Better Together Accenture, serving as a trusted advisor in cyber security to the world s largest enterprises, sees its clients struggle to define security architectures and choose which combination of security solutions works best to protect their assets from attacks. To address this problem,, Palo Alto Networks, Tanium and Accenture have partnered to jointly develop a comprehensive solution for the Accenture Cyber Defense Platform that: Reduces the number of point products. Increases both security posture and resilience. Moves the enterprise along the security maturity curve. The solution utilizes a combination of industry-leading applications: Enterprise and Enterprise Security (ES), Palo Alto Networks Next-Generation Firewall (NGFW), Palo Alto Networks Traps TM, Palo Alto Networks WildFire TM, Tanium Platform and Tanium Security Suite all tied together with customized Accenture software. For most organizations, attaining a fully secured environment seems like a daunting goal. Implementing a comprehensive platform that addresses identification, prevention, detection, response and recovery and does so across endpoints and networks represents a major leap forward in mitigating risks. This document explains how enterprises can leverage the combination of the capabilities provided by, Palo Alto Networks, Tanium and Accenture now available via the Accenture Cyber Defense Platform to help them defend their enterprises effectively. Accenture Cyber Defense Platform Bringing industry leaders together using custom software and Accenture know-how. Enterprise Security analytics and SIEM mixed with machine learning to monitor the environments. Palo Alto Networks Identifying and stopping threats at the perimeter, intranet and endpoints. Tanium Monitoring and controlling the endpoints for maximum effectiveness. 3
4 Today s Landscape Cloud, mobile and social networking solutions have earned their places in countless enterprise implementations by successfully creating business value, and they are the new normal bedrock components of many mission-critical business systems. While the adoption of cloud services has been widespread and rapid, many security organizations have lagged behind in establishing appropriate frameworks, policies and controls to deal with cloud technologies. Digital Assets Landscape Endpoints & connectivity Through corporate network HYBRID/PUBLIC CLOUD ASSETS Through CASB Cloud-to-cloud OT AND IOT ASSETS Data center, private cloud and workplace assets (user endpoints), plus hosted sites CASB/3P cloud security services IaaS PaaS SaaS Segregated endpoints, POS Direct client-to-cloud Identify Prevent Detect Respond Recover Endpoints Network Applications Data Identities Window of visibility Controls Monitoring Analytics Intelligence Orchestration & workflow Tickets Automation Forensics Remediation Continuous improvement Response 4
5 Asset Management, Attack Surfaces and Common Challenges Despite all the efforts and resources that organizations invest in traditional information security approaches, they still fall prey to cyber threats, or they find that they are unprepared to manage the rapidly blurring boundaries of the enterprise s perimeter (made less clear as a result of cloud computing, mobile devices, etc.). Common Challenges Identify The attack surface is expansive, diverse and misunderstood. Asset management continues to be a major, unsolved challenge. Organizations don t holistically know what assets they need to protect and how to prioritize their concerns, including shadow IT. Respond Tasks that incident responders need to perform are time-consuming, including: - Scoping the extent of a problem. - Collecting context information (if at all possible). - Containing and stopping the incident from progressing further as an outbreak. - Investigating forensics. Prevent Organizations are currently focusing on and investing in detection and remediation technologies, which alone are not enough to fight today s high volume of increasingly sophisticated attacks. Businesses are stacking point products on their networks, adding more overhead and inefficiency. Security compliance is difficult to manually enforce and monitor. Recover Incident recovery often requires an outage and significant downtime. Restoring systems to their preinfection status may not be feasible. Negative publicity and the financial fallout from a public breach will likely have far-reaching consequences. Detect Traditional security information and event management (SIEM) tools are becoming too slow due to the large volumes of data they ingest, which results in overwhelming amounts of incoming data that cannot be parsed. Unknown threats may not match the signatures or attack databases on which most tools rely. A more robust level of heuristics is required to detect fraud. Insiders abilities to gain access to confidential data may go unnoticed. 5
6 Tanium With Tanium, security and IT operations teams can query every endpoint, understand what is happening on each endpoint as it s happening, and perform remediation at scale and within seconds. By integrating cyber threat intelligence, and delivering precise and granular endpoint threat detection, incident response and remediation, Tanium delivers the speed, scale and simplicity that incident responders need to hunt down and defend against emerging cyber threats, along with building good security hygiene into IT operations processes. ES is a premium security solution that provides insights into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information. It enables security teams to quickly detect and respond to internal and external attacks to simplify threat management while minimizing risk and safeguarding a business. ES streamlines all aspects of security operations and is suitable for organizations of all sizes and levels of expertise. Palo Alto Networks Palo Alto Networks is the nextgeneration security company, leading a new era in cyber security by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyber threat prevention capabilities, its game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations and protects an organization s most valuable assets. Accenture Cyber Defense Platform (ACDP) Bringing Together Powerful Technologies to Simplify the Complex ACDP provides efficient and effective ways to improve an organization s security posture, meet your goals and address your hardest challenges. Platform Components Security Big Data Analytics by and Accenture Intelligence, ES, User Behavior Analytics, ACDP s content pack and technology add-ons from Tanium and Palo Alto Networks is a platform that was originally designed for management of big data, including logging both structured and unstructured machine data. Since then, it has expanded into the SIEM market with ES, a premium solution that gathers data for security analytics. ES provides a number of dashboards based on underlying queries that detect malicious activities (historical data mining and real-time analysis). In addition, User Behavior Analytics helps find known and unknown threats through machine learning and peer-group baselining analytics. Perimeter, Internal Network and Cloud Asset Protection by Palo Alto Networks Next-Generation Firewall (NGFW), Panorama, WildFire, GlobalProtect and Aperture Palo Alto Networks provides nextgeneration firewalls, managed through the Panorama interface, that guard the network perimeter. Palo Alto Networks NGFW goes beyond traditional access control lists and stateful packet inspection by performing these security functions: User identification (identity management) Application identification URL filtering and proxy service Decryption VPN services Intrusion detection and prevention Anti-virus and malware detection 6
7 Traditional firewall access lists based on IP addresses are cumbersome and static. Network rules provide control of users authentication and what applications/ URLs they can access (with the help of existing identity and access management systems). The technology either allows or blocks access and then reports the results. If the traffic is encrypted, the NGFW will perform packet decryption to examine the contents. VPN services allow inbound and outbound connections from the corporate intranet, including destinations like the ACDP Amazon Web Services portal. External internet traffic is analyzed and controlled by Aperture TM and WildFire. Aperture is Palo Alto Networks management console for monitoring SaaS applications. As a cloud service, WildFire provides malware detection, with the added protection of a virtual sandbox for creating unknown threat signatures. That means both known and unknown threats can be detected, blocked and reported. Attack signatures are updated by Aperture s threat feed service. Malware signatures are stored in WildFire and on the firewall itself. Endpoint Security by Palo Alto Networks Traps and the Tanium Platform Traps developed by Palo Alto Networks focuses on the core techniques that threat actors leverage with advanced cyber attack exploits. Traps renders these techniques ineffective by breaking the exploit sequence and blocking the technique the moment it is attempted. Traps includes a console that provides a user-interface application, an agent that protects the endpoint (such as desktops or servers) and communicates with the Endpoint Security Manager Server, and the service that collects forensic data. The Traps agent protects the endpoint by implementing the organization s defined security policy. It also protects authorized processes, blocking unauthorized ones (by using known exploit protection modules). The agents integrate with WildFire by sending executable hashes for inspection. Suspicious files are sent to a forensics folder. For mobile hosts like laptops, Palo Alto Networks uses its GlobalProtect TM client agent for virtual private network services. Tanium provides visibility and control of end user and data center endpoints (e.g., laptops, desktops, servers, etc.) in the world s largest organizations. By providing complete and accurate visibility and control across every endpoint, organizations can quickly and accurately detect and remediate threats, improve incident response capabilities and build good security practices into IT operations, such as patching systems and gaining continuous asset visibility. The Tanium Core Platform enables organizations to ask any question of every endpoint and get an answer back within seconds. That way, in the case of cyber hunting, they know the scope and impact of a threat and can act quickly to take any action needed at scale (such as patching or quarantining all infected machines across the enterprise). Tanium s real-time endpoint data can enhance many existing IT operations systems, such as ServiceNow, BMC Remedy and Atrium. The Tanium Security Suite consists of a collection of modules that complement the platform by delivering purpose-built capabilities for security professionals. With Tanium, organizations can quickly find unmanaged assets and secure them; proactively hunt for and remediate threats; block known attacks on the endpoints; consolidate and make thirdparty threat intelligence data actionable through automated, scheduled scanning; make operating systems more secure through current patching at scale; and enable investigators to retrieve and search forensic data to fully scope and investigate attacks. Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology, operations and security. ACDP includes a content pack (customized software) that leverages the hardware and software capabilities of the solution components, allowing unprecedented response management centralization, visibility and control. Platform Architecture A visualization of the asset landscape is given below, showing where each solution component acts. Palo Alto Networks firewalls guard the perimeter and provide IDS/IPS, anti-virus, URL filtering and malware protection. Together, Palo Alto Networks Traps and Tanium agents secure the endpoints. Traps works with WildFire to prevent malicious executables from running on desktops, laptops, servers and the like. Tanium continuously scans the network for unmanaged hosts, and it records processes and watches changes in files. Solutions by Tanium and Palo Alto Networks log back to, where the data is monitored in real time and analyzed through ES. Response and recovery are automated, with Accenture building custom queries for the ACDP application. 7
8 Accenture Cyber Defense Platform Overarching Logical Diagram On-site endpoints Endpoint protection Palo Alto Networks Traps Tanium Endpoint Anti-virus Remote endpoints Endpoint remote protection Palo Alto Networks Traps Palo Alto Networks GlobalProtect Tanium Endpoint Anti-virus Virtual server protection Palo Alto Networks Traps Tanium Endpoint Anti-virus Server logs PERIMETER Tanium server INTRANET Tanium zone server PANORAMA Tanium server Next-generation firewall covers functionalities of IDK/IPS, anti-virus, malware protection, URL filtering, proxy and DLP that can replace what is currently in line and adding latency. collects data feeds from Palo Alto Networks and Tanium platforms as well as other data sources. (ES, UBA and response framework), TAs from PA and Tanium. The Accenture Cyber Defense Platform content pack is used as integration points. Internet SaaS Aperture WildFire UBA ISA ES Custom-ware AutoFocus SOC 8
9 Use Cases To further explain the vision behind ACDP, below are two use cases that demonstrate how the solution works. Use Case 1: Unmanaged Assets A new, unknown device appears on the network and may pose a threat. Asset management systems are not up-to-date and cannot be relied upon. Use Case 2: Ransomware The organization is confronted with advanced malware that is silently encrypting corporate data and asking for a ransom to decrypt it. Use Case 1: Unmanaged Assets Cyber Defense Tools vs. Unmanaged Assets can act as a security nerve center in this scenario. It receives discovery events from the Tanium solution and can also instantiate a range of actions to either Palo Alto Networks or Tanium, based on the event itself and correlation against the data about all assets in the environment. If the Tanium agent is not installed successfully, will signal the Palo Alto Networks firewall to modify a rule for quarantine until the agent can be installed successfully, at which point will change the state of the device from unmanaged to whitelisted. It can uniquely scan networks with hundreds of thousands or even millions of endpoints and discover unmanaged assets within the environment via a scheduled process. Once unmanaged assets are detected and identified by Tanium Discover, an automated event can be forwarded to Tanium. Tanium then forwards that information to or third-party applications such as . In addition, Tanium Discover from the single click of a mouse can install a Tanium agent or block the endpoint (with assistance from Palo Alto Networks NGFW and Dynamic Address Groups). Tanium Discover (a module within the Tanium Security Suite), coupled with the Tanium platform, provides the ability to alert and allow network administrators to take action when a new device is discovered on the network. Tanium Discover can also alert on lost assets. This identifies managed assets that now show up as unmanaged, indicating a problem with the Tanium agent that may indicate a compromised endpoint. In this case, an unmanaged device appears on the network. It could be a hacker s rogue agent, which is used to corrupt good processes, or piggyback on good processes, in order to bypass security protocols. 9
10 ACDP: Defenses 1. Tanium Discover runs a scheduled query to search for unmanaged assets. 2. New device data is sent to for indexing when Tanium Discover finds an unmanaged asset. 3. queries data it already has received from Palo Alto Networks (through the Palo Alto Networks add-on) for what it knows about each unmanaged asset. Palo Alto Networks NGFW logs network traffic and sends syslog data to. 4. ACDP s app dashboard in presents the best current known information about unmanaged assets, correlates with data from Configuration Management Database (CMDB) and other asset sources, and provides follow-up actions, such as: whitelist the host, install the Tanium agent and Palo Alto Networks Traps, or quarantine/block the host with Palo Alto Networks NGFW (limits host to local network connections). 5. Analyst chooses a response from the options offered in the ACDP app dashboard (column 6). 6. Device whitelisted or Tanium/Traps agents installed. 7. instructs the firewall to remove asset from quarantine. The Security Operations Center (SOC) verifies that Tanium/Traps agents are installed and removes device from quarantine. 8. Asset is removed from quarantine in Palo Alto Networks NGFW. Use Case 1: Unmanaged Assets queries data it has already received from Palo Alto Networks (through the Palo Alto Networks add-on) for what it knows about each unmanaged asset Accenture CDP app dashboard presents the best current known information of unmanaged assets and correlates with data from the CMDB, Palo Alto Networks ESM and other asset sources Device is removed from quarantine New device data is sent to for indexing Tanium runs scheduled query to search for unmanaged assets BEGIN vs. New unmanaged asset is detected Tanium Discover Palo Alto Networks logs network traffic and sends syslog into Unmanaged asset is automatically quarantined + Captive portal is applied Device whitelisted Tanium Agent Tanium agent installed SOC analyst removed asset from firewall via instructs firewall to remove asset from quarantine END Palo Alto Networks Palo Alto Networks Traps Client Palo Alto Networks SOC Traps client installed SOC Asset is removed from quarantine ENDPOINT SOC chooses a response SOC verifies Traps and Tanium client deployment, and removes asset from quarantine 10
11 Use Case 2: Ransomware Cyber Defense Tools vs. Ransomware The best prevention for ransomware is to prevent installation of the malware in the first place. In this deployment scenario, provides the security analytics engine that collects the log and event data for correlation of a suspicious event. A spurious attempt to install malware is detected by Palo Alto Networks Traps and blocked by its firewall against additional context (e.g., other network infrastructures). also incorporates queries at the Tanium endpoint in order to determine the scope of the infection, and to further verify this against upstream/downstream activities. From that point on, alerts can be created and automation initiated by to quarantine or block as well. Tanium IOC Detect (a module within the Tanium Security Suite), coupled with the Tanium platform, provides incident responders an automated way to download Indicators of Compromise (IOCs) and run detection scans against endpoints both on and off the enterprise network infrastructure. In this use case, Tanium can schedule an automated process to check in with the Palo Alto Networks NGFW to see if it has encountered a possible threat. If a threat has been encountered, it will be forwarded to WildFire. Tanium will ask for the threat ID and will then query WildFire for the IOC it created. Tanium downloads the IOC so that an analyst can run a scan via Tanium IOC Detect against endpoints both on and off the enterprise network. IOC scans can be configured to run at any time or on a schedule. In this case, a user downloads a ransomware payload. The infected workstation then communicates out to a command and control server, encrypts local files, and sends the keys back to the hacker. The user is then guided to a ransomware site where the hijackers give instructions on how to make a payment in exchange for decrypting the information and returning control of the PC. 11
12 Use Case 2: Ransomware The file is sent to WF cloud for analysis The client is infected BEGIN A client starts downloading a file MD5 hash is calculated from the file FW MD5 hash is sent to WF Client downloads file Client The hash is checked against the local WF database Unknown FW does not have the hash for that file in its local WF database FW WF Malware Benign WildFire does NOT detect malware and the client is infected FW is informed about NO malware detection FW The file is NOT malicious FW is informed about malware detection Client The file is not malware. The only result we see would be in WildFire statistics. END FW Malware FW Connect checks Palo Alto Networks periodically for new threats Palo Alto Networks returns info about new threat Tanium Connect Tanium Connect ENDPOINT 12
13 Malware starts working Traps analyzes malware behavior Traps NOT detected Malware is still working Client FW stops malware calling home by anti-spyware function (IDS) FW SOC is alerted in ACDP app SOC END is informed via syslog Detected Information about stopped attack is sent to ESM server ESM Traps updates WildFire SOC is alerted in ACDP app WF IOC Sent (in dev) Device is quarantined WF queries WF cloud for additional IOC data SOC SOC must manually launch IOC Detect in Tanium FW END Connect contacts WF for threat IOC WF Tanium Connect Connect updates IOC module Tanium IOC receives client list detected by IOC SOC WF returns IOC for threat Tanium returns result from IOC Detect SOC is informed in ACDP app 13
14 ACDP: Defenses 1. Client downloads malicious file via internet or Palo Alto Networks NGFW intercepts infected PDF; the file is sent to WildFire for analysis and passed through to the client. Tanium Connect continually checks for new WildFire IOC updates and runs queries for them in the background. 3. The firewall is informed about results of WildFire s analysis verdict (malware or not), which is sent to the ACDP app dashboard in. This alerts the SOC and may launch IOC Detect in Tanium. 4. Traps detects the exploit based on its behavior pattern and stops it. Traps updates WildFire, and the logs are sent to. The SOC is alerted by the ACDP app dashboard in. Cost Benefits Organizations often have a collection of security point solutions that are not integrated, or together do not provide an end-to-end coverage of the attack surface (the IT stack), kill chain (lifecycle) or asset landscape. The architecture proposed in this overview not only addresses many of the security challenges discussed above (see above section, Asset Management, Attack Surfaces and Common Challenges ); it also provides a potential replacement for existing solutions by exchanging older, high-cost-of-ownership hardware for newer hardware that provides more performance for less cost. This creates cost savings through reduction of labor and built-in system efficiencies, which in turn frees up the budget for further security initiatives while improving the overall effectiveness and response time of security operations. 5. If Traps does not stop the malware, it may be caught by the firewall intrusion detection system while phoning home. The logs are then sent to, which automatically alerts the SOC. 6. Tanium IOC Detect runs, based on WildFire IOCs. 7. Positive IOC hits for infected hosts are sent to, which informs the SOC. 8. Device(s) quarantined by Palo Alto Networks NGFW. 14
15 Conclusion While it might seem impossible to fully secure an organization s environment, the use cases above demonstrate how a comprehensive, automated solution can greatly mitigate risks while reducing expenses. The integrated solutions of, Palo Alto Networks, Tanium and Accenture form a powerful, comprehensive platform for many of the challenges in today s and tomorrow s enterprise IT environments. 15
16 For More Information Find out more about Accenture Security Services at accenture.com/security. About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 375,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at Copyright 2016 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationFROM PRODUCT TO PLATFORM
FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationMEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH
MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH A Palo Alto Networks and Channel Partner Case Study Every day, the U.S. federal government experiences increasingly sophisticated
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationNext Generation Enterprise Network Security Platform
Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationAutomate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH-032015
Rapid IOC Detection and Remediation WP-ATH-032015 EXECUTIVE SUMMARY In the escalating war that is cyber crime, attackers keep upping their game. Their tools and techniques are both faster and stealthier
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationAppGuard. Defeats Malware
AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationEndpoint Security for DeltaV Systems
DeltaV Systems Service Data Sheet Endpoint Security for DeltaV Systems Essential protection that consolidates endpoint and data security. Reduces the time and effort spent deploying and managing security
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationMoving Beyond Proxies
Moving Beyond Proxies A Better Approach to Web Security January 2015 Executive Summary Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy security
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationEnterprise Security Platform for Government
Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationMcAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.
Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationADVANCED KILL CHAIN DISRUPTION. Enabling deception networks
ADVANCED KILL CHAIN DISRUPTION Enabling deception networks Enabling Deception Networks Agenda Introduction Overview of Active Defense Process Orchestration in Active Defense Introducing Deception Networks
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationMcAfee Security Architectures for the Public Sector
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationSymantec Enterprise Security: Strategy and Roadmap Galin Grozev
Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Senior Technology Consultant Symantec Bulgaria Enterprise Threat Landscape Attackers Moving Faster Digital extortion on the rise Malware
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationA Modern Framework for Network Security in Government
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More information