How To Build Security By Silo

Transcription

1 Leading The World Into Connected Security

2 Building Security By Silo Technology Acquisition Process Has Delivered Security Chaos Endpoint Protection Firewall Gateway Security Network IPS Compliance Data Protection Mobility Analytics 2

3 Building Security By Silo Creating a False Sense of Security Lessons Learned Well funded organizations do not equal well defended organizations Maintaining compliance will not result in protection Massive alerting in a sea of noise cannot receive action Defenses operating in silos are setup to fail TCO CapEx + OpEx Security Posture Layered Tools Point Products Parity TIME Advancement 3

4 Optimizing Security Infrastructure Delivering Operationally Effective Security TCO CapEx + OpEx Connected Architecture Security Posture Layered Tools Point Products Parity TIME Advancement 4

5 History of Defining Architecture Inventor of the world s most widely used computing architecture Defining countless standards used in everyday lives ranging from USB, WiFi, to IoT Top 10 Most Influential Brands in the World Delivering a Next Generation Security Architecture Defining innovative industry approaches for collaborative and adaptive security Introducing security integrations which are sustainable and broadly reaching Developing capabilities for new security paradigms in areas such as Software Defined Datacenter, Cloud, and IoT Largest Dedicated Security Provider Broadest security product coverage in the industry Complete portfolio focused upon security Leadership position in 6 of 8 Gartner Security Magic Quadrants 5

6 Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Reduced endpoint agent footprint to a single agent Increased hardware lifespan by reducing host footprint/load

7 Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Single Console Consolidated endpoint console management to a single interface via epo Significantly reduced administrative burden

8 Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Network/ Vulnerability Management Single Console Network/Endpoint Integration Delivered endpoint contextual information within network alerting Created relevance and actionability within the network security environment

9 Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Network/ Vulnerability Management Endpoint/Vulnerability Management Hybrid Web Protection Shared cross-vector threat information across product-sets Single Console Network/Endpoint Integration Security Innovation Alliance Global Threat Intelligence Delivered actionable intelligence to provide adaptive protection

10 Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Single Console Network/ Vulnerability Management Network/Endpoint Integration Security Innovation Alliance Endpoint/Vulnerability Management Hybrid Web Protection Host/ Network DLP Consolidation Delivers new architecture for products to share threat data Endpoint/ Web Gateway Integration Introduces realtime adaptive threat protection One Time Password/ Web Gateway Global Threat Integration Intelligence Enables an organization s security posture to instantly self-improve Threat Intelligence Exchange Advanced Threat Defense Click to Protect

11 The Security Connected Platform SECURITY RISK MANAGEMENT Enterprise Security Manager (SIEM) epolicy Orchestrator Threat Intelligence Exchange Vulnerability Manager Active Response NETWORK SECURITY Advanced Malware Defense Network Security Platform (IPS) Firewall Enterprise Next Generation Firewall Security Risk Management Security Management Threat Intelligence Analytics Context and Orchestration CONTENT SECURITY Gateway Web Gateway Data Loss Prevention ENDPOINT SECURITY Endpoint Security Suites Data Center Security Suites Embedded Security Device Control Endpoint Encryption Hardware Enhanced Security 11

12 Enabling Complete a Protection Next Generation From Endpoint to Architecture Network SIEM ATD Web / Mail Gateway SIA Partners / 3 rd Parties NGFW DLP Active Response Threat Intelligence Exchange NSP. 12

13 Targeting Advanced Threats Advanced Threat Defense + Threat Intelligence Exchange + Active Response 13

14 Threat Landscape % 49% 81% 165% 317% 400,000,000+ New threats every minute, or more than 6 every second Growth of the Labs malware zoo between Q and Q Rise in mobile malware samples from Q to Q Jump in new suspect URLs found in Q compared to Q Increase in new ransomware in Q Growth in Adobe Flash exploits in Q Unique malware samples in the Labs Zoo as of Q Source: Labs Threats Report: 1 st Quarter

15 What Is Advanced Malware? Typically Criminal Theft Sabotage Espionage Stealthy Targeted Unknown Evades Legacy-based Defenses Discovered After the Fact Data loss Costly clean-up Long-term damage Key Challenges Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signaturebased mechanisms. Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) 15

16 Advanced Malware Market wisdom Sandboxing?????? Safe?? Not Real Time? Malware Resource Intensive Unknown Because No Signature Match Lacks Scalability Alert vs Actions Not effective against all malware Malware Identified Because of Behavior Analysis 16

17 Comprehensive Approach to Malware Next Generation Firewall Network Security Platform Web Gateway Gateway Threat Intelligence Exchange Enabled Endpoint Protect Advanced Threat Defense Active Response Active Response Enterprise Security Manager (SIEM) Correct Detect Enterprise Security Manager (SIEM) epo epo Threat Intelligence Exchange/ Data Exchange Layer Threat Intelligence Exchange/ Data Exchange Layer 17

18 Dynamic and Static Code Analysis Run Time DLLs Network Operations File Operations Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Process Operations Delayed Execution Dynamic Analysis Analyze Analyze Static Code Analysis 18

19 Static Code Analysis Advanced Threat Defense unpacks and reverse engineers the file to expose the actual code for analysis Compares code to known malicious code, identifying this relatively unknown file as part of the Trojan.Win32.simda malware family Static code analysis finds 96% similarity to known malware family 19

20 Advanced Targeted Attacks The Reality Increased threat complexity complicates detection and analysis Fragmented visibility abets attackers Slow response increases DISCOVERY damage $8769/Incident $3,840,988/Year COMPROMISE 1.2 Incidents/Day 11% Days 9% Hours COMPROMISE TO DISCOVERY 4% 12% Years Months 19% Hours DISCOVERY TO CONTAINMENT 2% Minutes 23% Months 14% Weeks ATTACK 64% Weeks 42% Days $8,769 / Incident $3,840,988 / Year 1.2 incidents / Day 20

21 Adaptive Threat Prevention in Real-Time From Encounter to Containment in Milliseconds

22 BPM Asset Data Exchange Layer Identity An innovative, real-time, bi-directional communications fabric providing with product integration simplicity. Risk Threat Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security. Activity Data Location THE SECURITY CONNECTED FRAMEWORK ADAPTIVE SECURITY ARCHITECTURE

23 Apply the Power of Knowledge ORGANIZATIONAL INTELLIGENCE? Other Data Sources Future Administrator Organizational Knowledge 3 rd Party Feeds (VirusTotal) Web Gateway Endpoint Client Threat Intelligence Exchange Global Threat Intelligence NGFW Gateway NSP ATD Personalized Threat Intelligence Assemble, override, augment and tune the intelligence source information Optimizing Security for Your Organization 23

24 Threat Intelligence Exchange (TIE) VirusScan SIEM Advanced Threat Defense VirusTotal SiteAdvisor epo Visibility Detection Response Security Connected Add collective threat intelligence to endpoint and network operations and incident response workflows and reduce noise through custom preferences. Protect against emerging threats in just milliseconds based on local, global, and organizational knowledge. Pinpoint first contact, prevalence, reputation, execution, and overall risk of threats, and adapt as you protect. Transform security infrastructure into an efficient, self learning, collaborative system that integrates, automates, and simplifies security. 24

25 Threat Intelligence Exchange Instant protection across the enterprise Global Threat Intelligence TIE Server ATD Gateways block access based on endpoint convictions NGFW NSP Web Gateway Gateway 3 rd Party Feeds Proactively and efficiently protect your organization as soon as a threat is revealed epo ESM Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products VSE Threat Intelligence Module VSE Threat Intelligence Module Data Exchange Layer 25

26 Threat Intelligence Exchange Adapt and Immunize From Encounter to Containment in Milliseconds NGFW NSP Web Gateway Gateway Global Threat Intelligence TIE Server ATD 3 rd Party Feeds YES NO Data Exchange Layer epo ESM TIE Endpoint Module TIE Endpoint Module Endpoints are protected based on gateway convictions

27 Adaptive Threat Prevention and Detection NGFW Network & Gateway NIPS Web Gateway Gateway network and endpoints adapt Sandbox IOC 1 IOC 2 IOC 3 IOC 4 payload is analyzed SIEM new IOC intelligence pinpoints historic breaches DXL Ecosystem DXL Ecosystem Endpoints previously breached systems are isolated and remediated 27

28 Traditional Incident Response Pre-breach Post-breach Minimal Threat Reduction Number of events Protect Detect Correct Prolonged Dwell Time Time 28

29 Security Connected and Active Response Pre-breach Post-breach Minimal Threat Reduction Number of events Protect Detect Correct Minimized Dwell Time Prolonged Dwell Time Time 29

30 Growth of Endpoint Threat Detection & Response The need for more advanced EDR is growing fast Most security teams cannot detect and react fast enough to targeted attacks with the tools they have. Existing security tools do not have sufficient security monitoring, detection and response capabilities. Organizations investing in EDR tools are purposefully moving from an incident response mentality to one of continuous monitoring in search of incidents that they know are constantly occurring. - Gartner Security budgets for rapid detection and response 10 % 60 % by 2014 by 2020 Gartner, Market Guide for Endpoint Detection and Response Solutions, May 13,

31 Active Response Persistently monitor critical events and state changes at endpoints Use continuous collectors to find and visualize all files executable and dormant Set traps, triggering automatic or customized responses. Manage the entire solution from a single console Adaptable Continuous Automated

32 Use Case Proactively Search for Undetonated Files Network & Gateway Admin NGFW TIE Web Gateway Gateway Active Response epo Endpoints 32

33 The Next Dimension of Security: Managed Services Specialization

34 Managed Security Services Market It s here and the game has changed Customer Managed Managed Security TAM Today $33B TAM 2017 $40B TAM Today $13B TAM 2017 $19B When you materially improve an offering, and create new features, functions, experiences, price points, and even enable new use cases, you can materially expand the market in the process. The past can be a poor guide for the future if the future offering is materially different than the past * *Bill Gurley, 2014, Benchmark Capital

35 Are you ready to win big? Top 5 reasons your customers are buying MSS: 1. Compliance requirements are more demanding. 2. Increasing complexity and focused targeting of attacks. 3. MSS help customers maximize their ROI. 4. Shortage of in-house deep security expertise. 5. Remove upfront or CAPEX expenditure. MSS Market Maturity Gross Margins of leading MSP s Number of MSP s that dominate adoption

36 How Intel Security can help you win Tailored and specific MSP partnership; Mission: an ecosystem that helps you build a sustainable and profitable MSS business Managed Services Specialization MSP specific Commercials MSP specific Support MSP specific Tools, Resource MSP specific Products and P.S. Pay up front or Pay-as-you-Go Scaled pricing More volume = lower prices Consolidated provisioning and Management consoles Multi-Tennant solutions Elevated Support levels and response times Scaling and Pricing Tools MSP Reference Architectures and How-To guides MSP domain experts in each region Aligned and Compensated sales teams MSP specific Professional Services Security Connected broadest and most connected portfolio MSP relevant product development

37 Ready to meet the demand and transform your business? Join the Managed Services Specialization 1. Contact your regional channel account manager to map our your MSP success 2. Review the Intel Security Managed Services collateral from our Partner Portal 3. Work with an activated Distributor to place your Managed Services orders General Questions:

38 38