Threat-Centric Security Solutions. György Ács Security Consulting Systems Engineer 3 rd November 2015
|
|
- Shon Reeves
- 8 years ago
- Views:
Transcription
1 Threat-Centric Security Solutions György Ács Security Consulting Systems Engineer 3 rd November 2015
2 The Problem is Threats
3 About Angler Exploit Kit 3
4 Adversaries Agility is Their Strength Flash Vulnerabilities Angler Continually throwing different hooks in the water to increase the chances of compromise Security Measures Web Blocking IP Blocking Scanning Retrospective Analysis Antivirus Endpoint Solutions IP Changing Compromised System Domain Shadowing Retargeting Ransomware Encrypted Malicious Payload Macros Social Engineering TTD More Being Developed Daily Constant upgrades increased Angler penetration rate to 40% Twice as effective than other exploit kits in Cisco and/or its affiliates. All rights reserved. 4
5 Patching: A Window of Opportunity Users not moving quickly to the latest Flash versions or updating the patches creates an opportunity for Angler and other exploits to target the vulnerability. CVE CVE Version Update Published Angler Exploit Vulnerability User Activity 1 FEB 1 MAR 1 APR 1 MAY 1 JUN CVE CVE CVE Cisco and/or its affiliates. All rights reserved. 5
6 Evolution Threats Response HOST-BASED (ANTI-VIRUS) 2000 NETWORK PERIMETER (IDS/IPS) 2005 Spyware / Rootkits GLOBAL REPUTATION & SANDBOXING 2010 APTs / Cyberware INTELLIGENCE & ANALYTICS Today Increased Attack Surface (Mobility & Cloud) Worms C Cisco and/o or its affiliates. All rights reserved. Ci sco Public 6
7 A Threat-Centric and Operational Security Model Attack Continuum BEFORE DURING AFTER Discover Enforce Harden Detect Block Defend Scope Contain Remediate Firewall VPN NG IPS Advanced Malware Protection NG FW UTM Network Behavior Analysis Secure Access + Identity Management Web Sandboxing Visibility and Context, Security Services 7
8 TALOS : Collective Security Intelligence Malware Protection Reputation Feeds IPS Rules Cisco Talos (Talos Security Intelligence and Research Group) Vulnerability Database Updates Sandboxing Machine Learning Big Data Infrastructure Private and Public Threat Feeds Sandnets File Samples (>1.1 Million per Day) FireAMP Community Honeypots Sourcefire AEGIS Program Advanced Microsoft and Industry Disclosures SPARK Program Snort and ClamAV Open Source Communities 8
9
10 Building a Visibility Architecture Why? Automation Contextualization Anomaly Detection Event-driven Security 10
11 Central Management, Intelligence and Context FireSIGHT Management Centre Processes events FireSIGHT Central Management Policy Definition Event Analysis Correlation Network Map (Users, devices, apps, etc) Generates events - IPS - Intelligence - File - Malware - Access Control - Flow - Discovery FirePOWER + Firepower Services on ASA Real-time traffic analysis Access Control Passive acquisition 11
12 FireSiGHT Management Centre SecOPS Workflows -FireSIGHT Management Center FireSIGHT NGFW/NGIPS Management Forensics / Log Management Network AMP / Trajectory Vulnerability Management Incident Control System Adaptive Security Policy Retrospective Analysis Correlated SIEM Eventing Network-Wide / Client Visibility Visibility Categories Threats Users Web Applications Application Protocols File Transfers Malware Command & Control Servers Client Applications Network Servers Operating Systems Routers & Switches Mobile Devices Printers VoIP Phones Virtual Machines 12
13 FireSIGHT Brings Visibility CATEGORIES EXAMPLES Cisco FireSIGHT TYPICAL IPS TYPICAL NGFW Threats Attacks, Anomalies Users AD, LDAP, POP3 Web Applications Facebook Chat, Ebay Application Protocols HTTP, SMTP, SSH File Transfers PDF, Office, EXE, JAR Malware Conficker, Flame Command & Control Servers C&C Security Intelligence Client Applications Firefox, IE, BitTorrent Network Servers Apache 2.3.1, IIS4 Operating Systems Windows, Linux Routers & Switches Cisco, Nortel, Wireless Mobile Devices iphone, Android, Jail Printers HP, Xerox, Canon VoIP Phones Cisco, Avaya, Polycom Virtual Machines VMware, Xen, RHEV 13
14 FireSIGHT Fuels Automation IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events 14 14
15 Impact Assessment IMPACT FLAG ADMINISTRAT OR ACTION WHY Correlates all intrusion events to an impact of the attack against the target Act Immediately, Vulnerable Event corresponds to vulnerability mapped to host Investigate, Potentially Vulnerable Relevant port open or protocol in use, but no vuln mapped Good to Know, Currently Not Vulnerable Relevant port not open or protocol not in use Good to Know, Unknown Target Monitored network, but unknown host Good to Know, Unknown Network Unmonitored network 15
16 Cisco FireSIGHT Context Collection Platform IPS Events SI Events Malware Events Malware Backdoors Exploit Kits Web App Attacks CnC Connections Admin Privilege Escalations Connections to Known CnC IPs Malware Detections Office/PDF/Java Compromises Malware Executions Dropper Infections 16
17 FireSIGHT : Detecting Anomalies Detects if new application appears or traffic profile changes Identify Hacked Hosts Useful in static environments: Scada, DMZ, MEDTEC... Reduced Risk and Cost ssh ALERT Host has suddenly started to use SSH client and outgoing traffic volume has increased by 3 17
18 FireSIGHT : Automated Responses Use pre-defined or custom script to initiate automatic actions E.g, Quarantine device with ISE API Reduced Risk and Cost change VLAN or SGT I S E Indications Of Compromise - IPS event impact 1 - Malware - Communication with BOTNET QUARANTINE 18
19 OpenAppID First OSS Application and Control OpenAppID Language Documentation o Accelerate the identification and protection for new cloud-delivered applications Special Snort engine with OpenAppID preprocessor o Detect apps on network o Report usage stats o Block apps by policy o Snort rule language extensions to enable app specification o Append App Name to IPS events Library of Open App ID Detectors o Over 1000 new detectors to use with Snort preprocessor o Extendable sample detectors 19
20 Demo Time!
21 Next Generation Firewall Platforms
22 FirePOWER Services available on all ASA platforms 250 Mbps AVC 125 Mbps AVC+IPS 20K/50K* Connections 5,000 CPS 250 Mbps AVC 125 Mbps AVC+IPS 20K/50K* Connections 5,000 CPS 250 Mbps AVC 125 Mbps AVC+IPS 20K/50K* Connections 5,000 CPS 450 Mbps AVC 250 Mbps AVC+IPS 100K Connections 10,000 CPS 850 Mbps AVC 450 Mbps AVC+IPS 250k Connections 20,000 CPS ASA 5516-X ASA 5508-X ASA 5506-X ASA 5506W-X Integrated Wireless AP ASA 5506H-X Ruggedized SMB Branch Locations *Requires Security Plus licenses 22 22
23 FirePOWER Services available on all ASA platforms 300 Mbps AVC 150 Mbps AVC+IPS 100K Connections 10,000 CPS 500 Mbps AVC 250 Mbps AVC+IPS 250K Connections 15,000 CPS 1.1 Gbps AVC 650 Mbps AVC+IPS 500K Connections 20,000 CPS 1.5 Gbps AVC 1 Gbps AVC+IPS 750K Connections 30,000 CPS ASA 5545-X Gbps AVC Gbps AVC+IPS 1M Connections 50,000 CPS ASA 5555-X ASA 5525-X ASA 5512-X ASA 5515-X Branch Locations Small/Medium Internet Edge 23 23
24 FirePOWER Services available on all ASA platforms ASA 5585-SSP60 ASA 5585-SSP Gbps AVC 2 Gbps AVC+ IPS 500K Connections 40,000 CPS ASA 5585-SSP20 7 Gbps AVC 3.5 Gbps AVC+ IPS 1M Connections 75,000 CPS ASA 5585-SSP40 10 Gbps AVC 6 Gbps AVC+ IPS 1.8M Connections 120,000 CPS 15 Gbps AVC 10 Gbps AVC+ IPS 4M Connections 160,000 CPS Campus / Data Center Enterprise Internet Edge 24 24
25 FirePOWER 9300 High-end Platform Supervisor Application deployment and orchestration Network attachment (10/40/100GE) and traffic distribution Clustering base layer for Cisco ASA, NGFW, and NGIPS Security Modules Embedded packet and flow classifier and crypto hardware Cisco (ASA, NGFW, and NGIPS) and third-party (DDoS, load-balancer) applications Standalone or clustered within (up to 240 Gbps) and across (1 Tbps+) chassis 25
26 C Ci sco and/ d/or its affil ffiliate iate tes. All right s reserv erv rved. Cisco Publ ic 26
27 Against Modern Targeted Attack: Advance Malware Protection
28 AMP: Advanced Malware Protection Network-based AMP Detection Services & Big Data analytics AMP for hosts desktop (Win, MAC, Linux) and mobile devices (Android) FireSIGHT Management Center Private Cloud / SaaS Manager AMP Malware license Sourcefire Sensor or ASA FirePower Services # No agent needed # Host-based AMP Small agent Monitors file access (move/copy/execute) Gathers features (fingerprint & attributes) Retrieves the file s disposition (clean, malware, unknown) 28
29 Prevention Framework: Ethos Engine ETHOS = Fuzzy Fingerprinting using static/ passive heuristics Polymorphic variants of a threat that often have the same structural properties Not concerned with binary contents Higher multiplicity Capture original and variants 29
30 Protection technic: Spero Engine SPERO = Machine Learning using active heuristics Clean/ Dirty samples Hypothesis Featureprint (file) Customer Data Data Feature Vectors Machine Learning Algorithm Predictive Model Decision Trees Expected Label [Disposition] Data Clean Labels System environment export, keyboard API hook, DLL loaded, Performance Monitoring Unknown Malware 30
31 Plan A: The Protection Framework 1-to-1 Signatures Spero Device Flow Correlation Dynamic Analysis Ethos IOCs Advanced Analytics All prevention solution < 100% protection 31
32 Plan B: Retrospective Security When you can t detect 100%, visibility is critical Analysis Stops Point-in-time Detection Not 100% Antivirus Sandboxing Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to scope of compromise Initial Disposition = Clean Actual Disposition = Bad = Too Late!! Retrospective Detection, Analysis Continues Cisco AMP Turns back time Visibility and Control are Key Initial Disposition = Clean Actual Disposition = Bad = Blocked 32
33 Trajectory - Application and Host Level
34 Trajectory Network Level 34
35 There Are Several Ways You Can Deploy AMP AMP Advanced Malware Protection Deployment Options AMP on and Web; Cisco ASA; CWS AMP for Networks (AMP on FirePOWER Network Appliance) Windows/MAC Mobile AMP for Endpoints AMP Private Cloud Virtual Appliance Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight connector on endpoints On-premises Virtual Appliance Ideal for New or existing Cisco CWS, /Web Security, ASA customers IPS/NGFW customers Windows, Linux, Windows OS for POS, Mac, Android; can also deploy from AnyConnect client High-Privacy Environments Details ESA/WSA: Prime visibility into /web CWS: web and advanced malware protection in a clouddelivered service AMP capabilities on ASA with FirePOWER Services Wide visibility inside network Broad selection of features- before, during, and after an attack Comprehensive threat protection and response Granular visibility and control Widest selection of AMP features Private Cloud option for those with high-privacy requirements Can deploy full airgapped mode or cloud proxy mode For endpoints and networks 35
36 Network as a Sensor and Enforcer
37 Network as a Sensor: Lancope StealthWatch Context Information NetFlow pxgrid Cisco ISE Mitigation Action Real-time visibility at all network layers Data Intelligence throughout network Assets discovery Network profile Security policy monitoring Anomaly detection Accelerated incident response 37
38 Integrated Threat Defense (Detection & Containment) Employee ISE Change Authorization Quarantine Supplier Server Lancope StealthWatch Event: TCP SYN Scan Source IP: Role: Supplier Response: Quarantine Network Fabric Quarantine High Risk Segment Shared Server Internet Employee 38
39 Quarantine from StealthWatch 39
40 Summary
41 How Effective is AMP? Cisco Mid-Year Security Report, 2015 Time to Detection (TTD) : industry average : 200 days vs. Cisco : 46 hours NSS Labs, Breach Detection Systems report 2014 AMP was the leader in numerous categories. AMP not only scored a 99 percent overall breach detection rating, but was the leader in lowest costof-ownership NSS Labs, Breach Detection Systems report % Security Effectiveness rating the highest of all vendors tested Only vendor to block 100% of all evasion techniques during testing Excellent performance with minimal impact on endpoint or application latency 41
42
Deploying Next Generation Firewall with ASA and Firepower services
Deploying Next Generation Firewall with ASA and Firepower services Dragan Novaković Security Consulting Systems Engineer March 2015. Threat Landscape Demands more than Application Control 60% of data is
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationCisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi
Cisco and Sourcefire AGILE SECURITY : Security for the Real World Stefano Volpi SOURCEfire Worldwide John Chambers statement Security is the TOP issue for Cisco and many of the CIO s in the industry. We
More informationCisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi 13-10-2015
#TIGcyberSec Cisco Security: Moving to Security Everywhere Stefano Volpi 13-10-2015 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco is All In with Security I expect security
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationCisco ASA und FirePOWER Services
Cisco ASA und FirePOWER Services 1 Die Abwehr von Bedrohungen ist ein Prozess Attack Continuum BEFORE Control Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall/VPN Applikations-Kontrolle
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationBelgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve
Belgacom Security Convention Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve Belgacom Security Convention The new, continuous security model Hans De Raeve Product Manager Belgacom Sean Newman Product
More informationBEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR
BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR The IndustrializaBon of Hacking SophisEcated AFacks, Complex Landscape Hacking Becomes an Industry Phishing, Low
More informationCisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015
Cisco Security Strategy Update Integrated Threat Defense Oct 28, 2015 Breaches are the New Normal FDA Wards of Security Flaw in Infusion Pump Cisco Confidential Cisco s Covers the Threat-Centric Entire
More informationCisco ASA with FirePOWER Services. October 2014
Cisco ASA with FirePOWER Services October 2014 What We Are Announcing September 16, 2014 Industry s First Threat-Focused NGFW Proven Cisco ASA firewalling + Industry leading NGIPS and AMP Cisco ASA with
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco Cybersecurity Pocket Guide 2015
Cisco Cybersecurity Pocket Guide 2015 Why Security Security investment: A top priority Security: A critical boardroom topic Why Security? Security Investment: A Top Priority Figure 1 How Enterprises View
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationAddressing Advanced Web Threats. Addressing Advanced Web Threats: Protect Your Data and Brand
Addressing Advanced Web Threats: Protect Your Data and Brand What You Will Learn From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely on the
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationCisco Web Security: Protection, Control, and Value
Cisco Web Security: Protection, Control, and Value Benefits Strong protection: Protects every device through a sophisticated global threat-intelligence infrastructure, which includes Cisco Talos Security
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationNext Generation Firewalls and Sandboxing
Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationIntelligent Cybersecurity for the Real World
Intelligent Cybersecurity for the Real World Ali Fuat TÜRKAY aturkay@cisco.com 0 532 677 4080 Ali Fuat Türkay: Security Sales Fuat Kılıç: Consulting System Engineer Hakan Tağmaç: Emerging Markets SE Manager
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationWhy Use Big Data for a Security Service?
Using Big Data for Good Advanced Malware Protection as a Cloud Service Gary Spiteri Security Engineer 17 July 2012 Why Use Big Data for a Security Service? Because the traditional way is broken Industry
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationSourcefire Next-Generation IPS
Sourcefire Next-Generation IPS Key NGIPS Capabilities Snort IPS detection engine Network intelligence Impact assessment User identification Automated policy tuning Network behavior analysis Packet-level
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationCisco Cloud Web Security
Data Sheet Today s highly connected and fast-moving world is filled with complex and sophisticated web security threats. Cisco delivers the strong protection, complete control, and investment value that
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationCisco Cloud Web Security Datasheet
Cisco Cloud Web Security Datasheet October 2014 Table of Contents Table of Contents... 1 Overview... 2 Features and Benefits by License... 3 CWS Essentials License... 3 CWS Premium... 4 Advanced Threat
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationMitigating Web Threats with Comprehensive, Cloud-Delivered Web Security
White Paper Mitigating Web Threats with Comprehensive, Cloud-Delivered Web Security Overview For collaboration, communication, and data access, the web has become a mission-critical business tool. But
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationThreat-Centric Security for Service Providers
Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product
More informationDelivering Control with Context Across the Extended Network
Delivering Control with Context Across the Extended Network Agenda Current Challenges Cisco ISE Overview Introducing Cisco pxgrid Customer Success Stories Only Cisco ISE Delivers 2013-2014 Cisco and/or
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationStaying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro
Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationSourcefire Next-Generation IPS
Sourcefire Next-Generation IPS Sourcefire Next-Generation IPS sets a new standard for advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and unprecedented
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationIntelligent Cybersecurity for the Real World. Cisco Cybersecurity Pocket Guide
Intelligent Cybersecurity for the Real World Cisco Cybersecurity Pocket Guide EMEA 2015 Content What an Opportunity! Security Investment is a Top Priority Why Cisco? Cisco is the Leading Security Company
More informationCONTENTS. Cisco Cyber Threat Defense v2.0 First Look Design Guide 2
Cisco Cyber Threat Defense v2.0 First Look Design Guide Last Updated: April 21, 2015 CONTENTS Introduction 3 Goal of this Document 3 Intended Audience 3 Executive Summary 4 Solution Overview 4 Solution
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSecurity Analytics The Beginning of the End(Point)
Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationEnhancing Your Network Security
Enhancing Your Network Security Rainer Singer SE Manager Central Europe October 2013 Infoblox Overview & Business Update Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries
More informationTHE BEST WAY TO CATCH A THIEF. Patrick Bedwell, Vice President, Product Marketing
THE BEST WAY TO CATCH A THIEF Patrick Bedwell, Vice President, Product Marketing AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources,
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationJoshua Beeman University Information Security Officer October 17, 2011
Joshua Beeman University Information Security Officer October 17, 2011 1 June, 2011- NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats
Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always
More informationSOURCEFIRE RNA (REAL-TIME NETWORK AWARENESS)
SOURCEFIRE RNA (REAL-TIME NETWORK AWARENESS) DEALING WITH DYNAMIC THREATS INTRODUCTION The Maginot Line is considered to be one of the greatest failures of military history. It is a line of fortifications,
More informationHow To Protect Your Network From A Threat From A Rogue Host Or A Rogue Server From A Hacker (For A Fee)
Next-Generation Intrusion Detection & Prevention Manuel Minzoni, Brand Manager ITWAY VAD Today s Reality Begin the transformation to context-aware and adaptive security infrastructure now as you replace
More informationInternet Security Systems
Internet Security Systems Monitoring the network to enhance visibility, integrity and preemtive protection ISS Company Background World s leading independent IT security provider World leader in security
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationIntegrated Network Security Architecture: Threat-focused Nextgeneration
White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More information