Protecting DNS Infrastructure
|
|
- Sherman Hensley
- 8 years ago
- Views:
Transcription
1 INFONETICS RESEARCH WHITE PAPER Protecting DNS Infrastructure An Internet Utility that Demands New Security Solutions November Campbell Technology Parkway Suite 200 Campbell California t f Silicon Valley, CA Boston, MA London, UK
2 Table of Contents DNS IS A MASSIVE PUBLIC UTILITY 1 EXPLORATION OF ATTACK TYPES 2 WHAT SECURITY SOLUTIONS ARE AVAILABLE TODAY? 3 VISIBILITY AND CORRELATION ARE A GOOD STARTING POINT 4 THE NEED FOR DEDICATED DNS SECURITY SOLUTIONS 6 WHITE PAPER AUTHOR 7 ABOUT INFONETICS RESEARCH 7 REPORT REPRINTS AND CUSTOM RESEARCH 7 List of Exhibits Exhibit 1 DNS Infrastructure Supports the Entire Internet 1 Exhibit 2 DNS Threat Landscape 2 Exhibit 3 Discovery Timeline for Cyber-Espionage 5 Protecting DNS Infrastructure: An Internet Utility that Demands new Security Solutions
3 DNS IS A MASSIVE PUBLIC UTILITY The DNS (Domain Name System) is the largest distributed database in the world, and every single device and application connected to the Internet is a DNS client. The original DNS was developed in the early 1970s to support communication on the ARPANET; internet pioneers figured out very quickly that alphabetic host names were much more useful (and much easier to remember) than long numeric addresses. In March 1974, it was declared that the Stanford Research Institute Network Information Center would be the official source of the master host file, and this worked well (more or less) for about a decade. By the early 80s, it became clear that the centralized system couldn t meet the dynamic scale requirements of the emerging Internet, and the true father of our modern distributed DNS was hatched in DNS infrastructure has grown and evolved significantly in the last 20 years, and as the chart below shows, today there are nearly 1 billion hostnames managed by the DNS, and nearly a quarter of a billion active websites. On the client side, the emergence of smartphones, tablets, and the ecosystem of the Internet of Things adds hundreds of millions (eventually billions) of new DNS clients hungrily looking 24/7 to connect to hosts. The scale of DNS infrastructure is almost unimaginable, but as users of the Internet, we have one basic expectation: DNS simply must work. The Internet is the application, data store, and service, and DNS is our only navigation system, so DNS problems have massive ramifications. Exhibit 1 DNS Infrastructure Supports the Entire Internet Source: Netcraft 1
4 In parallel to the development of the Internet and DNS infrastructure, we ve seen the development of a wide range of threats aimed at every device with an Internet connection. Buried in news about viruses and worms, massive data breaches, and a never-ending flood of DDoS attacks, there has been a quiet but consistent flow of attacks aimed at DNS infrastructure. It s not at all surprising that DNS would be a target; it s pervasive, it a key to the basic function of the Internet, and it was developed over 20 years ago with very little thought about security and then constantly retrofitted it s highly vulnerable to attack. EXPLORATION OF ATTACK TYPES There are different ways to look at the variety of attacks we see aimed at DNS, but for our purposes we ll group them based on where they fit in the collective consciousness of IT. Exhibit 2 DNS Threat Landscape Traditional Threats Cache poisoning TCP/UDP/ICMP floods Protocol Anomalies Top-of-Mind DDoS: reflection and amplification Hijacking What's Next? Tunneling Exfiltration Traditional threats are well-known; they ve been used in the past, and will be used in the future, either as standalone attacks or as vectors in blended threats, but on the whole the industry has a good handle on what to do about these attacks. Cache-poisoning, for example, is the primary focus of the DNSSEC effort, launched after the 2008 discovery of the Kaminsky bug that opened the industry s eyes to the possibilities of DNS cache poisoning. Also in 2008, the b-variant of the Conficker worm exploited DNS vulnerabilities as a self-defense mechanism. 2
5 The second attack group is top-of-mind; these attacks have received major coverage in the last year or so. The most obvious examples of top-of-mind attacks are the record-breaking 300G DNS amplification DDoS attack that hit Spamhaus in 2013, the Syrian Electronic Army s hijacking of twitter and the New York Times, and the ongoing hijacking attacks in Brazil, rewriting DNS settings on home routers and stealing banking credentials. The final group of attacks are the what s next? category. They re not pervasive today, but are happening, and they represent a shift in focus from exploiting vulnerabilities in protocols and infrastructure to actually tampering with the content of DNS traffic. In all areas of internet security, hackers eventually move up the stack into content, and content-based attacks are typically the most difficult to identify and stop. Tunneling involves converting TCIP/IP payloads into DNS traffic by a client/app, and then that traffic is sent over mobile networks. DNS traffic is rarely blocked or billed, so attackers can use tunneling to gain internet access without paying in WiFi and mobile environments. Exfiltration is the next logical step after tunneling; if TCP/IP content can be converted to DNS and then freely tunneled (never blocked, never inspected), DNS becomes a path for sneaking data out of a compromised environment. Looking at these attacks together, we see incredibly variety; some attacks take advantage of weaknesses in infrastructure, others attack features of the protocol itself, and the newest threats focus on the actual content of DNS traffic. Hackers can pick and choose what they want to exploit, and use DNS to launch large-scale, infrastructure-crippling attacks and to commit targeted data theft. WHAT SECURITY SOLUTIONS ARE AVAILABLE TODAY? There are security solutions for DNS available today, and the protection they provide is very much linked to the pedigree of the solution provider: Traditional network security platforms like firewalls, IPS, DDoS mitigation DNS resolver/authentication server infrastructure SIEM platforms and offline analysis tools Traditional network security platforms handle much of the heavy security lifting for a wide range of protocols, services, and applications, including DNS. In many cases though, they don t have the depth of protection required to cover all types of DNS threats, and they often lack the performance required to stop the largest DNS attacks (like the 300G Spamhaus DDoS attack). On the good side, they operate in-line, so they re in a position to block DNS attacks when correctly identified. However, dealing with a massive DNS event could affect their performance providing security for other attacks. These devices also lack context for domain behavior, usually with no access to historical information on domains and limited ability to do sophisticated layer-7 analysis for DNS. Most enterprises have firewalls, and may have IPS and DDoS mitigation solutions in place, and should investigate exactly what capability their existing devices have when it comes to DNS security. 3
6 Many vendors building and selling DNS resolver/authentication server infrastructure have built security tools into their resolver/authentication platforms, or are building specialized security tools to go alongside their resolver/authentication solutions. These vendors have deep experience in DNS but often no experience dealing with threats. Their platforms are defined to handle DNS requests very quickly, and will need to be re-architected to meet the additional performance demands of processing security data from Layer 3 up. To provide real-time protection from threats at all layers, DNS vendors will need to build in-house security expertise (or acquire it), which is costly and potentially expensive. In the meantime they typically consume third-party threat feeds to inform their security functionality, because they re not doing their own threat research. These vendors can add DNS security functionality into existing DNS platforms that customers have already invested in, and they can achieve very tight integration between the DNS resolver/authoritative infrastructure and the security solution. That very integration can lead to trouble though, as it may require a forklift upgrade to a new DNS infrastructure solution just to add security controls, and adding security could degrade overall DNS performance (particularly during attacks). SIEM and other offline analysis and correlation tools can provide many of the visibility and analysis capabilities required to provide a layer of DNS security, but they were never designed to be in-line, so they can t prevent or mitigate threats as they occur; rather they require trained analysts and lots of manual labor (or custom development) to build any kind of automated (or even just faster) response to DNS threat events. Like the network security platform vendors, DNS is just one of many protocols that SIEM and offline analysis solutions are dealing with, so the depth of information they can deliver for DNS security is really directly related to the amount of effort the customer puts into tuning the SIEM for DNS security. Many large customers have SIEM in place though, and as with their network security solutions and they should investigate their SIEM to see what specific protection for DNS it can provide. In all three cases, the solutions only cover a portion of the problem, and to be most effective would need to be tied together by some sort of management or orchestration solution to ensure the fastest response to attacks as they happen. VISIBILITY AND CORRELATION ARE A GOOD STARTING POINT Clearly, a utility protocol that provides basic functionality on the internet requires a different level of protection than many other protocols. For most enterprises and service providers having protection spread across disparate solutions handing different aspects of problem yields mediocre results. A great starting point for improving DNS security posture is to first have visibility into DNS infrastructure, and to continuously monitor DNS. If sophisticated content-based attacks like tunneling and exfiltration are the future, it s likely that they ll be used for a wide range of data theft attacks. Cyber-espionage is always an exciting topic; often the most sophisticated attacks are used to spy on entities and steal critical private information. In the 2014 Verizon Data Breach Investigations report, when looking to counter cyber-espionage attacks, Verizon found that in a typical cyberespionage event it was months before the threat was discovered. 4
7 Exhibit 3 Discovery Timeline for Cyber-Espionage Seconds 0% Minutes 0% Hours 9% Days 8% Weeks 16% Months 62% Years 5% Source: 2014 Verizon Data Breach Incident Report Regarding protecting yourself from these attacks, Verizon had this to say: Monitor and filter outbound traffic for suspicious connections and potential exfiltration of data to remote hosts. In order to recognize abnormal, you ll need to establish a good baseline of what normal looks like Monitor your DNS connection, among the single best sources of data within your organization. Compare these to your threat intelligence, and mine this data often. So visibility and monitoring is first, but the second statement is almost as important; compare DNS data to threat intelligence, and mine this new data. For many organizations, this is a manual process because there s no automated link between the tools that provide visibility into DNS traffic and events, and the security monitoring, enforcement, and threat research infrastructure. It s not just espionage attacks that have a long time to discovery and recovery; it s all types of attacks. The value of data leaked over months using DNS tunneling and exfiltration would be different for every event. DDoS attacks can take hours to mitigate even with a solutions in place, and can cost hundreds-of-thousands of dollars per hour, and services outages due to failures in the DNS infrastructure can affect huge groups of users causing massive frustration and lost productivity. 5
8 THE NEED FOR DEDICATED DNS SECURITY SOLUTIONS Given the critical nature of DNS infrastructure, its ubiquity and scale, and the laundry list of DNS vulnerabilities, it seems clear that visibility and protection for DNS should be consolidated into a dedicated platform. Managing multiple systems, some of which were never designed for security, others never designed to be in-line, and the rest handling DNS and a variety of other protocols, leaves too much room for procedural error--thus increasing the time it takes to identify an attack and restore service. If we ve learned anything from watching attacks on most protocols and services running on the internet, we know that DNS attacks will become more complex, will be used in conjunction with other attacks, and hackers will be ever-more persistent. If visibility and protection and protection aren t unified, connected to real-time threat intelligence, and put in-line so that some attacks can be blocked, it will be very difficult to stay ahead of the hackers. We believe companies looking at the next generation of DNS security platforms should look for platforms that: Focus specifically on DNS security, and do not mix DNS security with other security functions, or other DNS performance/management functions, because of the potential for performance impact during threat events Have access to dedicated threat research; the company that builds your DNS security platform should have-in house threat research capability as well as the ability to integrate external feeds Are massively scalable so they can handle huge increases the number of hosts, clients, and threat events Can provide protection from the full range of DNS threats: from localized hijacking and tunneling/exfiltration events to massive DDoS attacks 6
9 WHITE PAPER AUTHOR Jeff Wilson Principal Analyst, Security Infonetics Research Commissioned by Cloudmark to educate the industry about new DNS threats and the need for DNS security solutions, this paper was written autonomously by analyst Jeff Wilson based on Infonetics independent research. ABOUT INFONETICS RESEARCH Infonetics Research is an international market research and consulting analyst firm serving the communications industry since A leader in defining and tracking emerging and established technologies in all world regions, Infonetics helps clients plan, strategize, and compete more effectively. REPORT REPRINTS AND CUSTOM RESEARCH To learn about distributing excerpts from Infonetics reports or custom research, please contact: North America (West) and Asia Pacific Larry Howard, Vice President, larry@infonetics.com, North America (East, Midwest, Texas), Latin America, and EMEA Scott Coyne, Senior Account Director, scott@infonetics.com, Greater China, Southeast Asia, and India 大 中 华 区 及 东 南 亚 地 区 Jeffrey Song, Market Analyst 市 场 分 析 师 及 客 户 经 理 jeffrey@infonetics.com,
Reducing the Security Threat Window
I N F O N E T I C S R E S E A R C H S P E C I A L R E P O R T Reducing the Security Threat Window Infonetics Research Special Report Written by Analyst Jeff Wilson July 2014 Contents Businesses Are Increasing
More informationReducing the Threat Window
INFONETICS RESEARCH WHITE PAPER The Importance of Security Orchestration and Automation January 2015 695 Campbell Technology Parkway Suite 200 Campbell California 95008 t 408.583.0011 f 408.583.0031 www.infonetics.com
More informationData Center Security
Data Center Security Products Biannual Worldwide and Regional Market Share, Size, and Forecasts: Excerpts Data Center Security The Increasing Requirements for Data Center-Class Performance WHITE PAPER:
More informationData Center Security Strategies and Vendor Leadership: North American Enterprise Survey
INFONETICS RESEARCH SURVEY EXCERPTS Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey Report Excerpts August 2014 By Analyst Jeff Wilson Table of Contents BIG CHANGES
More informationHigh-End Firewall Strategies
I N F O N E T I C S R E S E A R C H S U R V E Y E X C E R P T S High-End Firewall Strategies Infonetics Research Survey Excerpts Written by Jeff Wilson October 2013 Contents Introduction 1 Respondents
More informationDDoS Prevention Appliances
IHS INFONETICS RESEARCH REPORT EXCERPTS DDoS Prevention Appliances Biannual Worldwide and Regional Market Share and Forecasts: 1st Edition Excerpts June 2015 By Research Director Jeff Wilson 695 C ampbell
More informationDelivering Security Virtually Everywhere with SDN and NFV
INFONETICS RESEARCH WHITE PAPER Delivering Security Virtually Everywhere with SDN and NFV April 2015 By Principal Analyst Jeff Wilson 695 Campbell Technology Parkway Suite 200 Campbell California 95008
More informationData Center Security Strategies and Vendor Leadership Survey
Report Excerpts: Data Center Security Strategies and Vendor Leadership Survey By Jeff Wilson Principal Analyst, Security Infonetics Research BACKGROUND To understand how enterprises view key vendors in
More informationReducing Downtime Costs with Network-Based IPS
Reducing Downtime Costs with Network-Based IPS April 2007 900 East Hamilton Avenue Suite 230 San Jose California 95008 t 408.583.0011 f 408.583.0031 www.infonetics.com Silicon Valley, CA Boston, MA London,
More informationTrend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview
Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview 2 Trend Micro and Citrix have a long history of partnership based upon integration between InterScan Web Security and Citrix
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationSecuring Your Business with DNS Servers That Protect Themselves
Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationADC Survey GLOBAL FINDINGS
ADC Survey GLOBAL FINDINGS CONTENTS Executive Summary...4 Methodology....8 Finding 1: Attacks Getting More Difficult to Defend... 10 Finding 2: Attacks Driving High Costs to Organizations.... 14 Finding
More informationDDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.
[ Executive Brief ] DDoS DETECTING DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. Your data isn t safe. And neither is your website or your business. Hacking has become more prevalent and more sophisticated
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationReal-Time Security Intelligence for Greater Visibility and Information-Asset Protection
Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection Take the Effort Out of Log Management and Gain the Actionable Information You Need to Improve Your Organisation s
More informationWatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
SMALL BUSINESS NETWORK SECURITY GUIDE WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION AUGUST 2004 SMALL BUSINESS NETWORK SECURITY GUIDE: WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION
More informationSymantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More information2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer
2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.
More informationData Center Security Products. Data Center Security. Biannual Worldwide and Regional Market Share, Size, and Forecasts: Excerpts
Data Center Security Products Biannual Worldwide and Regional Market Share, Size, and Forecasts: Excerpts Data Center Security Virtual Appliances Ready for Prime Time? WHITE PAPER: AGILE NETWORK SECURITY
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationUnlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre
Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationNASCIO 2015 State IT Recognition Awards
NASCIO 2015 State IT Recognition Awards Title: State of Georgia Private Security Cloud Implementation Category: Cybersecurity Contact: Mr. Calvin Rhodes CIO, State of Georgia Executive Director, GTA calvin.rhodes@gta.ga.gov
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationREPORT HIGHLIGHTS. Infonetics: Videoconferencing is up as market moves to lower-cost solutions
REPORT HIGHLIGHTS Lead Analyst: Matthias Machowinski Directing Analyst, Enterprise Networks and Video Infonetics Research +1-408-583-3363 matthias@infonetics.com Twitter: @infonetics Infonetics: Videoconferencing
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationSTATE OF DNS AVAILABILITY REPORT
STATE OF DNS AVAILABILITY REPORT VOLUME 1 ISSUE 1 APRIL 2011 WEB SITES AND OTHER ONLINE SERVICES ARE AMONG THE MOST IMPORTANT OPERATIONAL AND REVENUE GENERATING TOOLS FOR BUSINESSES OF ALL SIZES AND INDUSTRIES.
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationHow To Protect Your It Infrastructure
Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationWhite Paper. Intelligence Driven. Security Monitoring. v.2.1.1. nexusguard.com
White Paper 1 Intelligence Driven Security Monitoring v.2.1.1 Overview In today s hypercompetitive business environment, companies have to make swift and decisive decisions. Making the right judgment call
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationIDS or IPS? Pocket E-Guide
Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationCHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics
CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More informationBusiness Case for a DDoS Consolidated Solution
Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial
More informationAn New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com
An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty
More informationRetail Security: Enabling Retail Business Innovation with Threat-Centric Security.
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationThreat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research
Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
More informationScott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.
Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationProtect Your Universe with ArcSight
Protect Your Universe with ArcSight The ArcSight SIEM Platform: Prevent Data Theft Enforce Compliance Defeat Cybercrime Before ArcSight, it was difficult to know in realtime what was happening from an
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationCHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES
ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations
More information