Modular Network Security. Tyler Carter, McAfee Network Security

Transcription

1 Modular Network Security Tyler Carter, McAfee Network Security

2 Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks

3 No Single Solution for All Security Challenges 3 Cloud Security Spam Trojan Network IPS Viruses Obfuscation Security Management Encrypted attacks Firewall APTs Bot Web Security Mail Security Botnets Zero-day attacks Host AV Spear phishing Network Behavior Denial of Service Targeted attacks Host IPS Social media exploits Social engineering 3rd Party Feeds DDOS September 21, 2011 Database Security Forensics Spambots Vulnerability Scanning

4 Balancing Risk & Costs OpEx CapEx Risk 4 September 21, 2011

5 Balancing Risk & Costs Where are you? OpEx Total CapEx Costs Risk 5 September 21, 2011

6 Reducing Management & Infrastructure Costs 6 September 21, 2011

7 Technology Architecture for Security How Connected Is Your Security? Host IPS Agent DLP Agent Encryption Antivirus Agent NAC Audit Agent Systems Management Agent EVERY SOLUTION HAS AN AGENT EVERY AGENT HAS A CONSOLE EVERY CONSOLE NEEDS A SERVER EVERY SERVER NEEDS AN OS/DB EVERY OS/DB NEEDS PEOPLE, MAINTENANCE, PATCHING WHERE DOES IT END?

8 Technology Architecture for Security How Connected Is Your Security? epo Server (AV, DLP, NAC, Encryption, PA, Site Advisor) SINGLE AGENT SINGLE CONSOLE

9 Unknown Threat: Non-Optimized Approach! Notification of a new threat, analysis of applicability based on vulnerabilities, determine managed or rogue systems Assess protection to determine risk and countermeasures available across IPS, firewall, and AV environments Managed Systems Vulnerable Systems Analysis Priority Protection Status Existing Countermeasures Determine priority and engage operations team with recommendations (adjust policies, vendor engage, patch mgmt) Consoles, upon consoles, upon consoles with no connection across the infrastructure Unmanaged Systems Next Steps Exposed Risk AV Manual Scans Log Analysis Ops Team IPS FW Patch/ Updates Policy Config Contact Vendor IPS Monitor IPS AV IPS FW AV IPS FW AV FW AV

10 Unknown Threat: Optimized Approach! Situational Awareness Recommendations Ops Team Patch Policy Config Contact Vendor Monitor

11 Reducing Incident Costs 11 September 21, 2011

12 Reduce Outbreak Lifecycle Permanent Protection Scope Suspect Identify Mitigate Tools Fixed 12

13 Outbreak Lifecycle 13 September 21, 2011

14 Outbreak Lifecycle Unique Event 14

15 Outbreak Lifecycle Faster Remediation Minimize Scope of Impact ID the Root Attack Reduced Frequency 15

16 Ability to Execute McAfee Network Security Challengers Leaders McAfee Next Gen Firewall Intrusion Prevention Cisco HP Sourcefire Network Access Control Advanced Threat Detection IBM Juniper Networks Stonesoft Top Layer Security NitroSecurity Radware Check Point Software Technologies StillSecure Best Performance, Protection, and TCO DeepNines Technologies Enterasys Networks Niche Players Visionaries Completeness of Vision

17 Modular Approach to Network Security 17 September 21, 2011

18 Network Security Deployment Strategy Recommendation Start with Network IPS Enable McAfee GTI ($0) Integrate McAfee epo ($0) Add vulnerability scanning Visibility extensions Analysis extensions September 21, 2011

19 Network Security Deployment Strategy Network Security Platform Industry-leading IPS Up to 10 Gbps Blocks 95% of network threats Best zero-day coverage Integrated NAC Integrated McAfee GTI 19 September 21, 2011

20 Network Security Deployment Strategy Global Threat Intelligence Real-time threat feeds File reputation IP reputation Geo-locations 20 September 21, 2011

21 GTI for Improved Time and Effort to Coverage Threat Reputation Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed. 300M IPS Attacks/Mo. 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. 20B Message Reputation Queries/Mo. 2.5B Malware Reputation Queries/Mo. 300M IPS Attacks/Mo. Geo Location Feeds

22 How Did McAfee Protect Against VBMania? McAfee NSP with McAfee Global Threat Intelligence VBMania sent to user = McAfee Global Threat Intelligence file reputation identifies malware action prompts lookup in McAfee Global Threat Intelligence cloud user clicks to URL containing malicious.scr McAfee NSP using McAfee Global Threat Intelligence file reputation protected against VBMania malware download

23 McAfee epo Integration Benefits Centralized Reporting Host IPS feeds Tuning recommendations Global Risk Assessment 23 September 21, 2011

24 Visibility Extensions Benefits Network-wide visibility System & application profiling Additional host context Detect bots, malicious hosts Inspect virtual environments 24 September 21, 2011

25 Example: Network Behavior Analysis Web Intranet Data Center Database Servers NTBA Appliance Network Security Manager Network Security Platform Threat Detected!! Quarantine New Peer to Peer Application Source of Malware

26 Analysis Extensions Alert Benefits Travel back in time (log analysis) Detect the un-detectable Find APTs Prevent data loss Protection Strategy Automatic Unwrapping Heuristic Code Analysis 26 September 21, 2011

27 Benefit of the Security Connected DRAMATIC REDUCTION IN EFFORT TO IDENTIFY AND RESOLVE ISSUES RESOLUTION PERIOD REDUCED FROM WEEKS TO HOURS ELIMINATION OF ROOT OF ATTACK PREVENTS REPEATED EVENTS 27

28 THANK YOU 28 September 21, 2011