HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE?
|
|
- Andra Fitzgerald
- 8 years ago
- Views:
Transcription
1 HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE? MAY 5 TH 2015 Erik Engberg Advanced Threat Defense Specialist Nordics & Benelux 1
2 THE BURNING QUESTION How To Prevent My Organization From Suffering Security Breaches? 2
3 WHAT WE ARE DEALING WITH 3
4 BURNING QUESTION TODAY How To Prevent My organisation organization From Suffering Security Breaches? Am I Ready To Respond? 4
5 NGFW IDS / IPS Host AV Web Gateway SIEM Gateway DLP Web Application Firewall ADVANCED THREATS BYPASSING DEFENCE IN DEPTH APTs Follow a Complex Kill Chain* Methodology SIGNATURE-BASED DEFENSE-IN-DEPTH TOOLS Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives * Intelligence-Driven Computer Network Defense, Lockheed Martin, 2011 Traditional Advanced Threats Known Novel Malware Threats Zero-Day Known Malware Threats Targeted Known Attacks Files Modern Known IPs/URLs Tactics & Techniques SSL Create new variant = Back to 0 day! 5
6 ATTACKERS WINDOWS OF OPPORTUNITY OBJECTIVE: DECREASE TTD & TTR January February March April Time ATTACKER FREE TIME Need to collapse free time Initial Compromise Detection Containment 66% Takes Months or more to be discovered 7
7 THE INEVITABILITY OF THE CLICK *ThreatSim It only takes one person to compromise your network 8
8 A NEW DEFENSE REQUIRED Fixed fortifications are monuments to man s stupidity. General George S. Patton 9
9 GARTNER: FRAMEWORK FOR ADVANCED THREAT PROTECTION The traditional defense-in-depth components are still necessary, but are no longer sufficient in protecting against advanced targeted attacks and advanced malware. Today's threats require an updated layered defense model that utilizes "lean forward" technologies at three levels: network, payload (executables, files and Web objects) and endpoint. Five Styles of Advanced Threat Defense Combining two or all three layers offers highly effective protection against today's threat environment. Gartner, August
10 POST-PREVENTION SECURITY GAP Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by Gartner
11 SITUATION IN SUMMARY Prevention alone not working: Strategic shift towards rapid detection and resolution Delay between first attack and vendor update: Increases TTD. >100k+ variants per day Self detection is rare: 67% of attacked discovered by third parties Multi-stage, multi-vector: Difficulty understanding kill chain in a timely manner Firefighting blindly over root cause: Lack of context and lack of content Pervasive by nature: Leveraging Paths of Trust. No Alerts = no visibility 12
12 THE CALL FOR A NEW SECURITY ARCHITECTURE The Four Stages of an Adaptive Protection Architecture Shift your security mindset from "incident response" to "continuous response," wherein systems are assumed to be compromised. The failure to stop targeted attacks requires security organizations to rebalance investments in all four stages. Source: Gartner (February 2014) Detective, preventive, response and predictive capabilities from vendors have been delivered in non-integrated silos. Source: Gartner, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, 2014 The Gartner document is available upon request from 13
13 ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE Security Analytics Advanced Web/Mail Gateway Security Analytics Platform with ThreatBlades for nonweb protocols Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK Ongoing Operations Detect & Protect Block All Known Threats SWG & WebFilter Content Analysis Mail Threat Defense DLP Full Visibility with Encrypted Traffic Managment SSL Visibility Web Security Service Incident Containment Analyze & Mitigate Novel Threat Interpretation Dynamic malware analysis Sandboxing 14
14 BLUE COAT GLOBAL INTELLIGENCE NETWORK 75 Million users 1 Billion+ daily categorized web requests 3.3 Million+ threats blocked daily 80 categories 55 languages Anti-virus AV scanning Whitelisting Central cloud database Dynamic Real- Time Ratings Malware detection Global Intelligence Network Next-Generation Sandboxing 3 rd party feeds Malware expertise Quality checks Effective Advanced Threat Protection Real-time Cloud-based Zero-day Response Performance and Scalability Unrivaled Network Effect Blocks 3.3 million threats per day 15
15 MAPPING MALNETS SEARCH ENGINE POISONING MALVERTISING PORN MOBILE PHISHING Attack type doesn t matter. Zero-day exploits don t matter. 16
16 INTELLIGENT DEFENSE IN DEPTH Block Known Web Block Known Threats Web Threats ProxySG ProxySG Allow Known Good Content Allow Known Analysis System Good Content with Analysis Application System with Application Whitelisting Whitelisting Block Known Bad Block Downloads Known Bad Content Analysis System and with Mail Malware Threat Scanning Defense? Analyze Analyze Unknown Unknown Threats Threats Malware Analysis Appliance Block all known sources/malnets and threats before they are on the network Free up resources to focus on advanced threat analysis Reduce threats for incident containment and resolution Discover new threats and then update your gateways 17
17 CHALLENGES - ADVANCED MALWARE What is Advanced Malware? VM Evasive Targeted Polymorphic/one-day wonders Multi-Stage and Multi-Vector Sleeper Cell Malware Encrypted 43% percent of incident response engagements were the result of malware missed by perimeter defense and sandbox tools NTT 2014 Global Threat Intelligence Report 18
18 TRADITIONAL SECURITY MODEL WEAKNESSES REAL-TIME BLOCKING OF ALL THREATS IS NOT REALISTIC LAYERED DEFENSES WILL NEVER FILL ALL OF THE HOLES Unacceptable user delays Never-before-seen threats False sense of security Too many ways in Malware already present Users are the weakest link MODERN MALWARE EASILY DEFEATS TRADITIONAL FRONTLINE DEFENSES 19
19 STAGE 2: ANALYZE & MITIGATE 1 Ongoing Operations 2Incident Containment 3Incident Resolution Malware Analysis Appliance Next-Generation Sandboxing PC Emulator Virtual Machine Dual-Detection Hybrid Analysis of Suspicious Samples Closely Replicates Customer s Gold Configurations Automated Risk Scoring and Rich Analysis Quickly analyze and prioritize advanced and zero-day threats for remediation and continuous security improvement 20
20 WHY ANALYZE MALWARE? CAN T WE JUST BLOCK IT? Malware analysis provides the critical information you need to effectively respond to malicious software threats that elude traditional defenses DETECT Suspicious Files in Your Infrastructure DETERMINE a Suspect File or URL Capabilities LOCATE All Infected Machines and Files UNDERSTAND Exactly How a Breach Occurred REMEDIATE to Reduce Future Vulnerabilities MEASURE and Contain Any Damage Done IDENTIFY Adversaries, Intentions, and Targets 21
21 BEHAVIORAL DETECTION PATTERNS POLYMORPHIC BINARIES Multiple malware variations with equivalent instructions SINGLE-DAY DOMAINS Malicious websites that disappear within 24 hours Patterns form the Basis of the MAA s Embedded Intelligence Behavior-based malware classification patterns flag events based on malicious activity Kernel-level, application-level, and user-level event detection patterns Open detection rules with custom criteria and relevant risk scoring Highly resistant to polymorphic binaries and auto-generated URLs 22
22 24
23 SOC CASE STUDY TALKING TO ANALYSTS 3AM: Nmap scan and buffer overflow detected Time to resolution: Quality of resolution: Assurance: Great, but what ACTUALLY happened before / after? Long (or never) Hard to say Low 25
24 LACK OF CONTEXT IDS/IPS = SINGLE FRAME (ALSO, THEY ARE SIGNATURE-BASED) 9A 26
25 BUT WHAT ABOUT OUR SIEM? - LACK OF CONTENT! SIEM ONLY AS GOOD AS THE LOGS BEING MONITORED 27
26 GO BIG DATA! RECORD AND INDEX ALL TRAFFIC TO ACHIEVE COMPLETE VISIBLITY (Don t forget SSL) 28
27 STAGE 3: INVESTIGATE & REMEDIATE 1 Ongoing Operations 2Incident Containment 3Incident Resolution Security Analytics Platform The security camera for your network Full Security Visibility of All Network Traffic Forensic Details Before, During and After an Alert Reduce Time-to- Resolution and Breach Impact The Security Camera for Your Network 29
28 WEB, MAIL & FILE THREAT IDENTIFICATION WebThreat BLADE inspects all HTTP or HTTPS traffic and identifies malicious communications and files MailThreat BLADE inspects all SMTP, POP3 and IMAP traffic for malicious communications and files FileThreat BLADE inspects all FTP and SMB traffic for malicious communications and files If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis Malware Analysis Appliance 30
29 SECURITY CAMERA FOR YOUR NETWORK Real-time indicators and retrospective forensics analysis on any attack Full details + All Artifacts = Clear Supporting Evidence = High Assurance Answer the critical post-breach questions that plague CISOs: who? what? where? when? why?... Faster time to identification/action/reaction with Security Analytics allows up to 85% faster resolution Multiple sources for real-time integrity & reputation of URL, IP address, file hash or address Blue Coat Global Intelligence Network updated with newly-discovered threat intelligence 31
30 TAKE ADVANTAGE OF THE THREAT INTELLIGENCE NETWORK EFFECT NEW THREAT INTELLIGENCE SHARED LOCALLY AND GLOBALLY Increased system performance through fewer malware scans & detonations Incident Resolution GLOBAL INTELLIGENCE NETWORK Ongoing Operations Newly Identified & Known threats blocked at gateway More robust zero-day threat analysis with fewer false positives Greater accuracy and fewer threats to contain and resolve Incident Containment Efficient, fast and thorough Incident resolution 32
31 SECURITY ANALYTICS Key Features / Product details Copyright Blue Coat Systems Inc. All Rights Reserved. 33
32 SECURITY ANALYTICS SOFTWARE OVERVIEW Web-based interface accessible from any browser Deep analysis of every network event Alerts for up-to-the-minute notification of suspicious, malicious, or prohibited behavior Investigator s interface quickly narrows or expands scope, shifts timeline Event and file recreation through Extractions Interactive reports on essential Layer 2-7 metadata 34
33 REPORTS Numerous customizable reports to instantly view granular detail of all event activity 35
34 THREAT RISK Verdicts stored by BLADE and reputation service Description Score Alert importance Very High Risk 10 Critical High Risk 8-9 Critical Moderate Risk 6-7 Warning Unknown 5 Notice Low Risk 3-4 No alert Very Low Risk 1-2 No alert 36
35 APPLICATION CLASSIFICATION AND DESCRIPTION Powerful Deep Packet Inspection (DPI) Locates evasive applications and malware Classifies network traffic by application fingerprint Extracts metadata to describe identities, actions, and content DPI improves directed search performance by up to 10X Application Families Applications and Protocols Metadata Attributes I can now see all applications and files, regardless of the port they might be hiding on and digging through GBs of data is fast 37
36 EXTRACT AND RECONSTRUCT Reassemble packets into sessions and extracts application-layer artifacts See web pages exactly as they were seen by the user Safely exclude unsafe objects Retrieve web components from captured data or current state on web servers Reconstruct IM, and VoIP sessions Filter instantly within results to find specific artifacts Search by MD5 or SHA1 hash Filename, size, file type, etc. I view an as an and a Word doc as a Word doc. Not just a bunch of packets. Nice! Example Artifacts Archive files (zip, rar, rpm) Images (bmp, gif, jpg, png) Multimedia (avi, flash, mov, mpg, wav, wmv), Office files (doc, docx, ppt, pptx, wpd, xls, xlsx), PDF, DLL, EXE, HTML, Java, FTP, more 38
37 ARTIFACTS TIMELINE Visual representation of extracted network artifacts over time Helps analyst to quickly visualize a sequence of objects Substantially improves artifact search performance SMB and are some of the most common transports for malware propagation, and Artifact Timeline lets me see the forest as well as the trees. 39
38 MEDIA PANEL Quickly analyze all images/audio files recreated from raw packets Filter by file type, extension, size See all associated metadata URL Source IP Destination IP Size MIME Type A Picture is worth a thousand words. No denying what my user saw good or bad. 40
39 GEOLOCATION Visually identify traffic (and volume of traffic) to locations of interest Filter and alert on traffic to suspect countries Integrated map database requires no external connection Configurable location of private networks Export data and view time-based representation of connections in Google Earth See hotspots of activity and where your traffic is coming from and going to Traffic to North Korea that s not right! 41
40 PACKET ANALYZER Enter Packet Analyzer through multiple starting points Save time: filter and view packets before transferring PCAPs over the wire No need to launch outside packet analysis applications No more waiting to download a huge file for Wireshark to analyze. It s Wireshark directly on the server that s efficient! 42
41 COMPARATIVE REPORTING Compare data to previous periods to identify abnormal patterns Establish a baseline and target deviations Understand trends over time I can compare traffic against a normal window of traffic and identify anomalies or discover trends. 43
42 FAVORITES/ALERTS/ACTIONS Rule-based alerting Use built-in attributes, custom objects (Favorites), or both Import custom favorites Tunable notification frequency Automate common queries and actions for additional analysis Automatically export a PCAP Send to file share Analyze with 3 rd -party tools like DLP You ll notify me if any interesting values or identified threats are seen on my network? Now you re telling me things I didn t know. That s what I need! 44
43 ROOT CAUSE EXPLORER You ve made one of the most time-consuming, rote functions of my job as simple as pushing a button That was easy! easy Automates tracing of HTTP referrer chains Correlates relevant , IM, and HTTP information for quick analysis 45
44 REPUTATION SERVICES/ DATA ENRICHMENT On-demand Reputation Checks, including: ISC/SANS Google SafeBrowse VirusTotal Bit9 LastLine Domain Age RobText SORBS WHOIS I can lookup IPs, URLs, files and hashes against multiple reputation services? Multiply 12 keystrokes and 2 browser tabs by 100x a day and you just gave me an extra day a month! 46
45 PCAP IMPORT Rich analysis now applied to PCAPs from other sources Optimize available appliance storage - save captured data to PCAP for later import as needed Allows analyst to obtain high-level information quickly to aid investigation targeting Packet Renaissance It s like I ve traveled back in time and made my old data more valuable. 47
46 EXTENDED METADATA RETENTION Independent allocation of storage for metadata and full packets Allows for retention and analysis of multiple generations of metadata (months/years/ ) Enables long-term trend analysis window Optimize limited amount of storage I can save full packet data for a comfortable window of a few weeks or a month, but can save the metadata for a year or more to see trends. 48
47 PLAYBACK HISTORICAL DATA Transmit captured data flows to third party tools for further analysis Regenerate traffic with less than 1 ms of latency, even on 10GBps networks Throttle traffic playback so other tools don t bog down Replay traffic to other tools to validate effectiveness This is the DVR for my network. I can confirm that my other security tools are effective after signature updates. 49
48 FILTER AND REPLAY NETWORK TRAFFIC Replay any traffic Combine segments Throttle playback Filter Inbound/Outbound Traffic by protocol, IP, MAC address, payload type, or unique bit pattern Filter at the header or payload level Multiple filters start and stop at any time, continue to capture Import filters using standard Berkley Packet Filter (BPF) format I can optimize the use of my available storage and capture and replay just want I need to 50
49 SIZE IT UP OS Meta Packet On board storage: 6TB or 22TB OS Meta SAS Attached Storage Packet Max Supported for 40 TB modules = 240TB of packet capture storage (6x40TB JBODS) 51
50 ENTERPRISE SCALABILITY WITH CENTRAL MANAGER Single point of management Security Analytics 10G Appliance Security Analytics 10G Appliance + Storage Directed searches Aggregate searches Security Analytics Virtual Appliance Security Analytics 2G Appliance Arbitrary groups and sub-groups Role-Based Access Control with Data Access Controls Security Analytics Central Manager Dashboard Reports Supports 200+ distributed devices Extractions 52
51 EASY DEPLOYMENT easy 1 Select the Security Analytics Platform you need 2 Select the Security Analytics Storage you need 3 Select the ThreatBLADES you need Flexible, Simple to Deploy and Centrally Managed 2G WebThreat BLADE MailThreat BLADE 2G 10G FileThreat BLADE 53
52 ENABLING ADVANCED THREAT PROTECTION DLP IPS 1) Encrypted Traffic Management SSL Visibility Appliance Internal Network 4) Incident Resolution & Analysis 3) Unknown Threat Protection Security Analytics Platform Malware Analysis Appliance SSL offloading in v4.0 2) Known Threat Protection ProxySG Content Analysis System Global Intelligence Network 5) Collaborative, Real-time Advanced Threat Database 54
53 SOLUTION VALUE Business Objectives Operate with integrity Increase Revenue Protect Intellectual Property Operational Objectives Mitigate Incidents Improve Security Posture Technical Objectives Reduce Attack Surface Enforce Acceptable Use Policy Increase Network Visibility 55
54 PARTNER ECOSYSTEM Threat Intelligence Big Data Security Analytics Security Visibility Integration Layer 56
REVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationNEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM
NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM SECURITY ANALYTICS: MUCH MORE THAN NETWORK FORENSICS Prior generations of
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION HOW TO BEAT ADVANCED THREATS WITH AN INTEGRATED APPROACH TO SECURITY VISIBILITY, ANALYTICS, THREAT INTELLIGENCE, AND ENFORCEMENT INTRODUCTION Today s threat protection
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationyou us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services
MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More information1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS
1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS $32.8B 100,000 Cyber Criminals State-Sponsored Spies Hactivists We live in a POST-PREVENTION Amount enterprises are
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationThreat Containment for Facebook
Threat Containment for Facebook Based on statistics for more than 62M users in 2009, the Blue Coat WebPulse cloud service ranked social networking as the number one most requested web category, surpassing
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationAppGuard. Defeats Malware
AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationNext Generation Firewalls and Sandboxing
Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationCheck Point: Sandblast Zero-Day protection
Check Point: Sandblast Zero-Day protection Federico Orlandi Itway Support Engineer 2015 Check Point Software Technologies Ltd. 1 Check Point Threat Prevention SandBlast IPS Antivirus SandBlast stops zero-day
More informationAPPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationWhite Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible
White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible Overview This paper discusses prevalent market approaches to designing and architecting
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1
ATP 1 LES QUESTIONS QUI DEMANDENT RÉPONSE Qui s est introduit dans notre réseau? Comment s y est-on pris? Quelles données ont été compromises? Est-ce terminé? Cela peut-il se reproduire? 2 ADVANCED THREAT
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationSecurity Analytics The Beginning of the End(Point)
Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationFROM PRODUCT TO PLATFORM
FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationAddressing the blind spots in your security strategy. BT, Venafi & Blue Coat
Addressing the blind spots in your security strategy BT, Venafi & Blue Coat Agenda Welcome & Introductions Phil Rodrigues, Director of Security Architecture, Asia Pacific, BT A blueprint for the perfect
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection CONTAIN IDENTIFY CONTROL Nick Keller Director Federal Civilian Sales Duncker Candle Problem Solution Creativity, Change the Paradigm Why listen to me? Connect these 3 Companies
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationDUBEX CUSTOMER MEETING
DUBEX CUSTOMER MEETING JOHN YUN Director, Product Marketing Feb 4, 2014 1 AGENDA WebPulse Blue Coat Cloud Service Overview Mobile Device Security 2 WEBPULSE 3 GLOBAL THREAT PROTECTION NEGATIVE DAY DEFENSE
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationCyan Networks Secure Web vs. Websense Security Gateway Battle card
URL Filtering CYAN Secure Web Database - over 30 million web sites organized into 31 categories updated daily, periodically refreshing the data and removing expired domains Updates of the URL database
More informationPractical Threat Intelligence. with Bromium LAVA
Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful
More informationDPI and Metadata for Cybersecurity Applications
White Paper DPI and Metadata for Cybersecurity Applications How vendors can improve solutions for new market demands by filling the gap between COTS cybersecurity and raw data analysis Executive Summary
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationAdvanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion
More informationNext Generation Enterprise Network Security Platform
Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The
More informationThreat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research
Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:
More information