Next Generation IPS and Reputation Services
|
|
- Kerry Heath
- 8 years ago
- Views:
Transcription
1 Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1
2 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become an effective and required ingredient for many aspects of security. Using a large database of known suspicious or bad source IP addresses, even URLs, has made dramatic improvements to spam filters and web security gateways. Now reputation is beginning to be used to improve the effectiveness of Intrusion Prevention Systems (IPS). How these systems employ reputation will be the determining factor in the success of any IPS solution. Anti-spam vendors have long used reputation. Through a series of honey pots, accounts set up to capture spam samples it is possible to quickly identify the sources of spam, usually infected hosts belonging to consumers with broad band access. The behavior of such a spam bot is easy to identify as it spews millions of spam messages. Once identified it is simple to quickly update anti-spam solutions with a list of spam sources that are automatically blocked. This saves on processing requirements as the individual messages do not need to be investigated. One of the fastest and thus lowest stress on network gear, functions is dropping connections from a list of sites. Secure web gateways also rely on reputation to quickly identify sources of malware and block access to URLs that are known to contain malware. Discovering malicious URLs, however, needs a different approach. Honey pots, passive accounts, are not effective at discovering sources of malware. Likewise, a web crawling robot which follows links such as Google is not effective. Most reputation services for identifying malicious sites relies on a large install base of deployed appliances that report new URLs and their associated behavior back to a central database for automated inspection backed up by teams of researchers for those sites that defy automated analysis. Through this technique a realtime list of bad URLs is formed and pushed back out to the secure web gateways for blocking. However, signatures that are written to be general purpose and block based on a category of potential exploits against known vulnerabilities can cause false positives and thus block legitimate connections. While IPS vendors strive to reduce these false positives and increase the effectiveness of their signature bases they are also beginning to borrow from the success other solutions have had with reputation. An example of how reputation services could protect an organization is provided by the recent attack against NASDAQ s Director s Desk service. The Director s Desk is a service that NASDAQ offers to public companies whose stock is traded on the NASDAQ exchange. Directors Desk is a third party hosting solution for critical documents and communication generated by the boards of over 230 companies. There are over 10,000 users of the service. In February, 2011 it was revealed that malware had been inserted into the Director s Desk portal. This is a common 2011 IT-Harvest 2
3 way for attackers to target high-value users. In this case, the users were high value in that they had access to valuable inside information and from a cyber criminal s perspective were likely to engage in high value transactions on other platforms such as banking and stock trading sites. Infecting their machines to garner additional information on target organizations or steal access credentials would justify the attack. Similar infections through ad serving sites have been recorded. An IP reputation service, once the NASDAQ site had been identified as compromised through either publication or detection by continual IPS reputation evaluation, would have given system administrators early warning of the attack. Reputation, if properly executed, can improve both the performance and accuracy of modern IPS solutions. Developing a reliable, scalable, and effective reputation service is the key to effective IPS and will quickly become a required function in next generation IPS. This paper examines the IPS solutions that have begun to use reputation services, looking specifically at flexibility, effectiveness and performance. Of note, there are a number of IPS vendors that were not included in this study due to lack of a reputation solution. Cisco Cisco acquired IronPort, an gateway antispam and protection vendor in IronPort's strongest feature was the use of reputation to enhance the speed and accuracy of spam blocking. Cisco has incorporated some of Iron Port's technology in their IPS which is included in the Cisco ASA gateway device (note that the ASA is a firewall with a separate card that can be configured to provide anti-virus delivered from Trend Micro Systems, or their own IPS service). Cisco's Global Correlation is a cloud based store of of sources of attacks and provides threat scores from 1 to 10. Like all reputation services it can also incorporate the feeds of known sources of attacks and command and control servers that is provided by open source and private research teams. Cisco derives reputation from its Sensor Base: all the IPS, firewall, web proxies, and IronPort gateways that have enrolled. The assigning of reputation scores from 1-10 is done automatically in the Cisco Security Information Operation (SIO), a cloud hosted database of signatures and reputations. Cisco IPS is available in stand alone appliances IPS 4200 series and in Advanced Inspection and Protection (AIP) Security Service Modules or Security Service Cards (SSM or SSC) in the Cisco ASA 5500 series. Cisco Global Correlation is an update feed of IPS signatures delivered every 3 to 5 minutes for low bad reputations and immediately for any reputation data scored from 8 to 10. Cisco IPS scores threats from 1 to 10 and in version 7.0 for the Cisco IPS appliances and 8.2 for ASA appliances reputation is used to enhance those scores. However, direct visibility into reputation scores for particular IP addresses is not available and rules cannot be written taking advantage of reputation IT-Harvest 3
4 HP TippingPoint is the IPS technology that HP acquired along with 3Com in The HP TippingPoint Reputation Digital Vaccine (RepDV) is a product of HP DVLabs. Globally deployed sensors in their ThreatLinQ network as well as customer IPS appliances participate in providing a constant stream of known attacks and misbehavior on the part of IP addresses. A threat score of 1 to 100 is applied and IPS devices receive a constantly updated feed of both IP addresses and domains with associated threat scores. The data base is aged and refreshed quickly (every two hours) which avoids unwarranted black holing of innocent IPs. The HP TippingPoint RepDV service is the most feature rich reputation service we have investigated for IPS. In addition to the IP and domain reputations, an administrator can choose to block entire ranges of IP addresses based on country. Feeds are incorporated from numerous sources including open source, SANS, and the ThreatLinQ database. Customers can use the capability to add their own blacklists or modify feeds by whitelisting sources. Customers also have access to the ThreatLinQ library of threat data to help understand why a particular IP address or domain has received is score. Reputation feeds are tagged with additional information that assists in setting policies. The source of the feed is one such tag so, for instance, one could choose to apply one policy to threats reported by SANS and another policy to an internally generated blacklist. A critical capability that is rapidly becoming one of the most important functions for IPS devices is the ability to detect and block communication from inside a network to known bad IP addresses. This anti-botnet feature, often called beaconing detection, is one of the most powerful tools for countering Advanced Persistent Threats that have managed to infiltrate a network and exfiltrate data to command and control servers of cyber criminals or state sponsored industrial spies. Juniper Networks Juiper Networks is another IPS vendor that has incorporated IP reputation into their IPS appliances. Each deployed appliance can report back to the cloud new suspicious sources of attacks which get incorporated into the threat database and pushed to all appliances that are subscribed to the service. Juniper's management interface does not provide much visibility into how reputation is applied to come up with risk scores and there is no ability for the administrator to add or change reputation rules IT-Harvest 4
5 Toplayer TopLayer is an IPS and DDoS mitigation vendor. They depend on the SANS Dshield service which collects log data from IDS sensors deployed around the world which TopLayer uses to create a list of IP addresses that are behaving poorly and then provides a feed to its IPS 5500 ap-pliances. Customers can choose to block traffic from those IPS addresses. This provides the benefit of improving performance by reducing the amount of traffic the IPS has to inspect. Threat scores are not created so the service is binary in nature; either allow or deny with no in-herent ability to provide better judgement to IPS decisions, thus it is not a full implementation of IPS reputation services. McAfee McAfee s IPS product is the Network Security Platform. It is an in-line appliance based on the technology acquired when they purchased Intruvert. McAfee has incorporated reputation services derived from their Global Threat Intelligence network connection reputation service. Data is collected from a global network of participating devices and assigned a threat score based on as-sociation with bad behavior such as participation in a botnet or DDoS attack. IPS administrators can use these threat scores to determine what action to take based on policy. McAfee shares with TippingPoint the ability to block communication to Command and Control servers by Advanced Persistent Threats. IBM IBM ISS global filter database is one of the largest environments for cataloging and ranking the reputations of domains, URLs, and malicious content. It is comprised of over 1,000 clustered CPUs. It combines web crawling with open source lists as well as custom lists created from input from their X-Force research team. Customers can elect to set their IBM security products to report unclassified URLs too. The core technology of the global filter database was acquired by ISS in 2004 with the purchase of the German company Cobion, an early innovator in the automatic classification of web sites. The reputation data base sends updates to IBM Security s web and filtering products. While the IBM Security IPS products, which are stand alone IPS appliances, do not receive these updates, the IBM Proventia Multifunction Security Appliance does. The reputation scores are used to block spam and update the URL Content Filtering services of this UTM device IT-Harvest 5
6 CRITICAL FEATURES OF REPUTATION ENHANCED IPS As reputation becomes recognized as a game changing way to enhance the efficiency, reliability, and effectiveness of IPS products IT-Harvest has identified the following components of best in class use of reputation for IPS. Reputation intelligence gathered from customer networks. IPS appliance vendors have the opportunity to collect reputation from their deployed base. The size and distribution of that base is key to feeding the reputation database and enhancing negative reputation scores. Customer networks see real attacks coming from malicious source IP addresses. This capability, by a vendor, is much more effective than web crawlers or honey pots. Feeds from 3rd parties. There are many open source lists of malicious hosts, and command and control servers, such as: Spamhous, the Domain Name System Real-time Black List, and ShadowServer.org. A key feature is the ability to accept feeds from these organizations into the IPS reputation service. Policy based on reputation score. Every IPS needs tuning based on the types of assets being protecting within an organization as well as the types of services and attacks that need to be allowed or denied. Setting policy based on a the scoring provided by the reputation service enhances the administrator s ability to eliminate false positives and ensure blocking of as much suspicious traffic as possible. Knowledgebase. It is valuable to understand the reputation scores of individual attack sources. The vendors should make it easy to navigate their knowledgebase in order for the administrator to have full knowledge of the reason a particular score is assigned. Customer blacklists/whitelists. Every environment will encounter special use cases where wither adding particular IP addresses (black listing) or allowing IP addresses (whitelisting) is required. This level of customization is required to enhance the usability of reputation services IT-Harvest 6
7 FEATURE CISCO JUNIPER McAFEE IBM TopLayer HP Intel from own devices Feeds from 3rd parties Policy based on reputation score Knowledge base Customer black listing/ white listing CONCLUSION An effective reputation service must have three primary qualities to enhance IPS catch rates, and throughputs. First is the quality and number of deployed sensors that capture and report attack sites. Second is the research and automation that turns those reports into a stream of constantly updated sources. Finally is the management interface that allows flexibility in applying reputation. From our investigation of available data HP Networking's TippingPoint IPS solution makes the best use of IPS reputation. REFERENCES IBM ISS global filter database content analysis technology fid=gtw03026usen&attachment=gtw03026usen.pdf IBM Security Network Intrusion Prevention System data sheet mlfid=wgd03002usen&attachment=wgd03002usen_hr.pdf Spam realtime black lists. Shadowserver.org NASDAQ Director s Desk exploit. Security+-+Sophos% IT-Harvest 7
Fighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationAdaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationIT Sicherheit im Web 2.0 Zeitalter
IT Sicherheit im Web 2.0 Zeitalter Dirk Beste Consulting System Engineer 1 IT Sicherheit im Web 2.0 Zeitalter Cisco SIO und Global Threat Correlation Nach dem Webinar sollte der Zuhörer in der Lage sein:
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationUnified Security Management and Open Threat Exchange
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationThreat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity
Threat Intelligence for Dummies Karen Scarfone Scarfone Cybersecurity 1 Source Material Threat Intelligence for Dummies ebook Co-authored with Steve Piper of CyberEdge Group Published by Wiley Sponsored
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More information聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 職 稱 : 技 術 顧 問
聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 主 講 人 : 廖 國 宏 Jerry Liao 職 稱 : 技 術 顧 問 Each attack instance can be slightly different 攻 擊 模 式 有 些 微 的 不 同 Domains are rotated in days, even hours 攻 擊 主 機 位 置
More informationSikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges
More informationThe Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know
The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationCisco Reputation Filtering: Providing New Levels of Network Security. Solution Overview
Solution Overview Table of Contents Executive Summary...3 Dangerous Threats on the Rise...3 Traditional Defenses Unequal to the Level of Sophisticated Attacks...4 Cisco s Response Cloud-Based Global Intelligence
More informationSecuring Cloud-Based Email
White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures
More informationIndusGuard Web Application Firewall Test Drive User Registration
IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015 Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationProtecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009
Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationSecurity Intelligence Blacklisting
The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationThe Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.
The Latest Internet Threats to Affect Your Organisation Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc. Agenda Spam Trends Staying Ahead Blended Threats Spam Trends What Do Dick Cheney & Bill
More informationIBM Security X-Force Threat Intelligence
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
More informationProactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution.
Security capabilities To support your business objectives Proactively protecting your messaging infrastructure with the IBM Lotus Protector for Mail Security solution. Preemptive protection and spam control
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationyou us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services
MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationREPUTATION-BASED MAIL FLOW CONTROL
WHITE PAPER REPUTATION-BASED MAIL FLOW CONTROL Blocking Extreme Spam and Reducing False Positives Blocking unsolicited commercial email or spam is an increasingly important but difficult task for IT staff.
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationJoshua Beeman University Information Security Officer October 17, 2011
Joshua Beeman University Information Security Officer October 17, 2011 1 June, 2011- NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon
More informationSecurity Without Compromise: Context-Aware and Adaptive Next-Generation Firewalls
Fast Facts In 2012, 9 billion devices were connected to the Internet, and 50 billion are projected to be connected by 2020. Global data center traffic is expected to quadruple over the next five years,
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationVeranderende bedreigingen Security in het virtuele datacenter
Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright Fortinet Inc. All rights reserved. Veranderende bedreigingen Security in het virtuele datacenter Dennis Hagens Copyright
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationCisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module
Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module The Cisco Advanced Inspection and Prevention Security Services Module (AIP-SSM) for the Cisco ASA 5500 Series Adaptive
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationSecurity Administration R77
Security Administration R77 Validate your skills on the GAiA operating system Check Point Security Administration R77 provides an understanding of the basic concepts and skills necessary to configure Check
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationSR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner
SR B17 The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner Director - Engineering, Global Intelligence Network Symantec Intelligence Group Agenda 1 2 3 5 Symantec Intelligence
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationCisco EXAM - 300-207. Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product. http://www.examskey.com/300-207.html
Cisco EXAM - 300-207 Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product http://www.examskey.com/300-207.html Examskey Cisco 300-207 exam demo product is here for you to test the quality
More informationTechnology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse
Technology Blueprint Defend Against Denial of Service (DOS and DDOS) Attacks Protect each IT service layer against exploitation and abuse LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationAPPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationScaling Big Data Mining Infrastructure: The Smart Protection Network Experience
Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience 黃 振 修 (Chris Huang) SPN 主 動 式 雲 端 截 毒 技 術 架 構 師 About Me SPN 主 動 式 雲 端 截 毒 技 術 架 構 師 SPN Hadoop 基 礎 運 算 架 構 師 Hadoop in Taiwan
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationBig Data and Cyber Security A bibliometric study Jacky Akoka, Isabelle Comyn-Wattiau, Nabil Laoufi Workshop SCBC - 2015 (ER 2015) 1 Big Data a new generation of technologies and architectures, designed
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationHP TIPPINGPOINT ADAPTIVE REAL-WORLD SECURITY. Stefan Schmid Sales Manager Central & Eastern Europe & Middle East s.schmid@hp.com
HP TIPPINGPOINT ADAPTIVE REAL-WORLD SECURITY Stefan Schmid Sales Manager Central & Eastern Europe & Middle East s.schmid@hp.com 2010 2011 Hewlett-Packard Development Company, L.P. The information contained
More informationIDS or IPS? Pocket E-Guide
Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly
More informationOpen Source Software for Cyber Operations:
W H I T E P A P E R Open Source Software for Cyber Operations: Delivering Network Security, Flexibility and Interoperability Introduction For the last decade, the use of open source software (OSS) in corporate
More information