We Prevent Breaches (and surprises) Intelligent Prevention

Transcription

1 We Prevent Breaches (and surprises) Intelligent Prevention Blue Ridge Networks, Inc. October 2015

2 Losing Ground in the Cyber Battle Post Breach Bitter Facts Damaged Reputation Lost Customers Legal Liabilities Costly Remediation Lower Enterprise Value Early Retirement Evolving landscape - undetectable malware Average 5 malware events per second 90% attacks by phishing Average breach undetected for 210 days 387 new threats every minute Over 80% attacks targeted to organization Conventional detect and respond approaches are not enough 2

3 Endpoints and Cloud Extranets Vulnerable Endpoints are the new battlefield. 85% of breaches go undetected Gartner threat spreads to firewalls and beyond Reuters We re failing with our perimeter security. Gartner, J. Feiman "Cloud computing introduces new avenues of attack. Cloud Security Alliance Need to augment existing security infrastructure with more effective solutions. Wired Innovation Insights Critical Data Exposed on Endpoints and in the Cloud But Network-Centric Detection Response Failing to Prevent Exploits 3

4 Recognized CyberSecurity Leader Track Record of Service Proven Solutions Just Work Field Proven Managed Security Services and Systems Best-in-class Endpoint Breach Prevention Enterprise Extranet Security no reported breaches ever Earliest warning Threat Intelligence alerts without compromise Unique technology, knowhow, software, and systems More than 15 years securing global network operations Government, Banks, Retail, Healthcare, Energy, Consumer Satisfied Customers & Partners 4

5 Kill Chain Differentiation Conventional Best Practice Detect and Respond Blue Ridge Approach Prevent and Report Event Detected? Exploit Remediated? Event? Breach Prevented IOC Signature Identified? ANALYZE PROTECTED IOA Report (no compromise!) Complex Process reliance on recognizing compromise knowledge dependencies lag time response delay integration vulnerabilities burdensome overhead Streamlined Process no compromise removes knowledge dependencies no lag time futureproof protection closes vulnerability gaps removes overhead 5

6 AppGuard - Defeats All Malware! Prevents Breaches Reports Early patented multi-layer dynamic micro-isolation prevents breaches of critical endpoint processes No malware detection required No signatures or updates required Protects out-of-the-box Non-disruptive to user Earlier attempted attack alerts Compatible Windows XP thru 10, apps, browsers, system tools, AV Adaptable with demand to other OS, smartphones, devices 6

7 May 2014: July 2014: Prevention is Gold Real-World Enterprise Attack Defeated by AppGuard AppGuard deployed on mobile Enterprise endpoints for protection only (customer chose to rely on its existing systems for breach detection) Dangerous Poweliks malware first discovered in market January 2015: Breach detection systems finally discovered Poweliks had been on some endpoints throughout this time AppGuard stopped Poweliks from infecting endpoints without detection or impact to user productivity No enterprise breach! AppGuard threat logs recorded indicators of attack (IOA) 8 months earlier than breach detection systems AppGuard should be on every Windows system in the world. Robert Bigman, former CISO, CIA 7

8 AppGuard - Best Endpoint Protection AppGuard Breach Prevention System Breach Detection System (Network Sandbox) Endpoint Detection and Response Partial Virtualization Virtual Container Whitelisting EMET No Reported Breaches! Futureproof Protection for Windows systems Consumers Enterprises Embedded Best Overall Value Most Effective Easiest to Use Least Cost Threat Protection Zero Day Attacks YES Partial Partial YES Partial NO YES Phishing YES Partial Partial YES YES NO NO Web Borne Attacks YES Partial Partial YES Partial NO Partial Advanced Targeted Attacks YES NO Partial YES Partial NO NO Advanced Volatile Threats YES Partial Partial YES Partial NO NO Watering Hole Attack YES NO Partial YES Partial NO NO Ransomware YES Partial NO YES Partial NO NO Digitally Signed Malware YES Partial Partial YES Partial NO NO Weaponized Documents YES Partial Partial YES Partial NO NO File-less Malware YES NO Partial NO NO NO NO Malvertising YES NO Partial YES Partial Partial NO Stops Malware at First Stage YES NO NO NO NO NO N/A Implementation Threat Intelligence YES YES YES YES YES NO NO Forensics Support Partial YES YES Partial Partial NO NO Restrictions/Requirements Specific CPU and Chipset NO N/A N/A YES NO NO NO Special Windows Licenses NO N/A N/A YES NO NO NO Special Application License NO N/A N/A YES NO NO NO Platform Coverage VDI YES N/A YES Partial YES YES YES XP, Vista YES N/A YES NO YES YES NO Windows 7 and Windows 8.1 YES N/A YES YES YES YES YES Windows 10 YES N/A YES NO YES YES YES DeviceGuard Compatible YES N/A N/A NO NO N/A N/A Virtual Secure Mode Compatible YES N/A N/A NO NO N/A N/A Other Earliest IOA alerts YES NO NO NO NO NO NO Dependency on IOC NO YES YES YES YES N/A N/A Reset Required User Environment NO YES YES YES YES N/A N/A Deployable for Partner Systems YES NO NO NO NO NO NO Managed Service YES N/A YES NO NO NO NO Administrative Efficiencies YES NO NO NO NO NO NO 1 Secure Global Management YES NO YES NO NO Partial N/A Cost of Ownership Lowest Very Expensive Very Expensive Very Expensive Expensive Medium Medium 8

9 AppGuard for the Enterprise Endpoint Agent Lightweight software agent installed on endpoint Implements full protection with enterprise policies Easily distributed via network management tools Protects on and off enterprise Enterprise Management System Centrally managed enterprise console Administrator rights limited to a trusted few Manages policy updates with audit trail Policy updates pushed directly to endpoints Can establish different endpoint trust groups with different security policies Enhanced Threat Intelligence Indicators of Attack (IOA) alerts Earlier warning without a compromise Highly granular per-process activity Digitally signed and encrypted logs Analysis without exploit crisis 9

10 Proven Extranet Security Isolates Extranet Sessions thru the Cloud Protects Data-in-Transit with Privacy EdgeGuard Endpoint Session Protection Protects Access Credentials UserID/Password SecurID, Smartcard, Certs Active Directory BorderGuard Compact / RemoteLink Enclave Session Protection BorderGuard System Network Access Protection A Perfect Cloud Firewall Mutual Public-Key Authentication with Perfect Forward Secrecy Session Encryption compatible with most current multi-factor Identity & Access Management (IAM) methods Unique Defense-in-Depth Layer to Isolate and Contain Network Sessions from Critical Vulnerabilities in the Cloud 10

11 Blue Ridge Extranet Defense in Depth Extranet Protection Blue Ridge others Stateless Client with Data-Leak Protection Yes No Built-in Mutual Public-Key Two-Factor Authentication Yes No Multi-layer Defense-in-Depth Protection Against End-Point Malware Attacks Prevents Malware Mediated Credential Theft Yes No Immune to Man in the Middle Attacks Yes No Eliminates TLS Vulnerabilities (Heartbleed, logjam, poodle, others) Independent of End-User Behavior Yes No Compatible with Existing Identity and Access Control Yes No Session Privacy Yes No Easy to Deploy and Affordably Maintain Yes No Yes Yes No No 11

12 Field Proven Value Our Customers Say it Best Managed services and licenses - budget friendly Scalable as needed - expand when you need it 24x7 sales and customer support Multiple contracting vehicles Channel Partner offerings Intelligent Prevention 12