NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM
|
|
- Richard Leonard
- 8 years ago
- Views:
Transcription
1 NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM
2 SECURITY ANALYTICS: MUCH MORE THAN NETWORK FORENSICS Prior generations of security analytics products were mostly used as tools by incident response teams to perform retrospective analysis and forensics on breaches after the fact. This is still an important function, but today s security analytics solutions have evolved to deliver business value across a much broader range of circumstances, and to address a number of critical issues faced by IT and security teams of all sizes. This white paper briefly discusses the need for security analytics, provides a brief overview of the next-generation security analytics platform offered by Blue Coat, and describes how a modern security analytics solution can address seven important, real-world use cases: 1. Situational awareness 2. Continuous monitoring 3. incident response and resolution 4. Advanced malware detection 5. Data loss monitoring and analysis 6. Web traffic monitoring and analysis 7. IT governance, risk management and compliance Situational Awareness IT Governance, Risk Management and Compliance Continuous Monitoring Web Traffic Monitoring and Analysis Incident Response and Resolution Data Loss Monitoring and Analysis Advanced Malware Detection 2
3 The Need for Analytics Until recently, most enterprises relied primarily on preventative signature-based tools for network security, tools such as nextgeneration firewalls, intrusion prevention systems, secure web gateways, and network anti-malware gateways. While these products can be effective against known threats, cybercriminals and hackers have developed many techniques to evade these products. These include zero-day attacks, polymorphic malware, encryption, targeted attacks that utilize social engineering, and advanced, persistent, multi-stage attacks. These techniques strike before signatures can be developed, obfuscate malware and attacks so they cannot be matched to signatures, or link together actions which individually appear to be legitimate. Most IT security experts today agree that no enterprise can stop all security threats at the network perimeter. Instead, they must assume that some attacks will get through, and take appropriate measures to monitor activities and to detect patterns that indicate attacks. As Mike Rothman, President of IT security firm Securosis states: The difference between success and failure breaks down to how quickly you can isolate the attack, contain the damage, and then remediate the issue. We cannot assume we can stop the attackers, so we have to plan for a compromise. The difference between success and failure breaks down to how quickly you can isolate the attack, contain the damage, and then remediate the issue. So we build our core security philosophy around monitoring critical networks and devices, facilitating our ability to find the root cause of any attack. Mike Rothman, President of Securosis, blog post In fact, the need for better information about attacks is urgent. In one recent survey, more than half of enterprises reported that they did not have adequate intelligence about attacks and could not identify root causes. A third of them said they could not determine exactly what information had been lost when they had a data breach. Companies do not have adequate intelligence 59% of companies [surveyed] do not have adequate intelligence about attempted attacks and their impact. 51% say their security solutions do not inform them about the root causes of attacks. 55% of those who had lost sensitive or confidential information did not know exactly what data had been stolen. Ponemon Institute: Exposing the Cybersecurity Cracks: A Global Perspective, Part I, April 2014 Overview of a Next-Generation Analytics Platform Analytics solutions help organizations derive contextual and actionable intelligence from massive volumes of security and network data. They capture all types of data entering and leaving the network. They organize that data so that administrators, security analysts, incident responders, compliance officers and others can detect advanced threats in real-time, conduct detailed analysis, measure and remediate breaches, and prevent future compromises. The key capabilities of the Blue Coat Analytics Platform include: Full packet capture: Recording, classifying and indexing every packet that enters, leaves and travels within the network, even on today s highspeed networks. Deep Packet Inspection: Visibility into all layers of the OSI stack from layer 2 to layer 7, including application data and payload data. Application classification: Identifying traffic from specific commercial and custom applications, including application traffic over non-standard ports. Real-time threat intelligence: Enriching analysis with real-time threat information feeds from Blue Coat Global Intelligence Network (which compiles intelligence from 15,000 customers and 75 million endpoints) and other reputation feeds, from IP geo-location services, and from more than 40 industry-leading intelligence sources. 3
4 Session and object reconstruction: The ability to convert traffic from raw packets to meaningful artifacts like files, s, instant messages, VoIP conversations and even complex PHP, Ajax and JavaScript files. Context-aware security: Correlating meta-data about users, files and sessions with real-time threat information, and using the correlations to provide situational awareness and alerts. Layer 2-7 analysis: Tools to analyze metadata about packets, ports, protocols, applications, user sessions and files. Integration with traditional security products: Connectors and APIs to incorporate data from best-of-breed security and network technologies, including dynamic analysis ( sandboxing ) products, next-generation firewalls, intrusion prevention systems, security information and event management products, and data loss prevention tools. File brokering: Features to identify known threats and deliver only suspicious files to sandboxing technologies for optimized advanced malware analysis and threat detection. Real-time alerting: The ability to create rules to notify designated administrators and security staff when suspicious and prohibited behaviors are detected, or when baseline thresholds are exceeded. Playback: Facilities to replay network traffic and transmit captured data flows to third party tools for further analysis. Root cause exploration: Reconstruction of complete attack timelines, pinpointing the root cause attributes and metadata of an attack such as the originating file, server or user. Dashboards and centralized management: Tools to see threats and trends at a glance, and to monitor thousands of network segments from a single pane of glass. For more information on the features of the Analytics Platform, please see the solution brief, data sheet and white papers at bluecoat.com/products/atp-security-analytics-platform. Use Case #1: Situational Awareness Situational awareness (SA) is the ability to extract information from the environment, integrate that information with relevant internal knowledge, and use the resulting mental picture to anticipate future events. 1 For information security professionals, situational awareness means being able to extract and decipher as much information as possible from networks, to have the tools to differentiate suspicious behaviors and anomalies from legitimate computing activities, and to generate actionable intelligence from that analysis. Essentially it is having the data and tools to visualize all network-related events, to establish what is normal, and to recognize departures from normality. Those are exactly the capabilities provided by a next-generation security analytics solution. professionals can take advantage of features like full packet capture, deep packet inspection, application classification and session and object reconstruction to obtain complete visual insight into packets, protocols, network flows, files and applications across the entire network. Through next generation security analytics features such as artifact timelines, media panel displays, geolocation, inferential reporting and other analysis tools, they gain complete visibility into all aspects of their operational domain. For example, a security analytics solution might show archived files being transmitted via FTP from an internal PC to a server in a location known to harbor cybercriminals. It could flag this as suspicious activity, and even reconstruct the files and the network sessions. A security analyst could use this information to determine if the file transfers represented ordinary business activity or were part of an advanced attack. An Example: Situational Awareness in the Military An organization in the U.S. armed forces uses Blue Coat Analytics Platform to monitor the Internet traffic of a large group of military analysts and ensure that their activities are consistent with each person s role and security privileges. 1 Dominguez, C., Vidulich, M., Vogel, E. & McMillan, G. (1994). Situation awareness: Papers and annotated bibliography. Armstrong Laboratory, Human System Center, ref. AL/ CF-TR
5 Use Case #2: Continuous Monitoring Continuous monitoring is the ability to capture, index and play back all network data, and to provide administrators and security professionals with timely, targeted and prioritized information. While the idea of continuous monitoring sounds simple, it is difficult to put into practice in today s enterprises. A modern security analytics solution needs to be able to capture all types of data, not just security events. It must be able to handle gigabytes of network traffic every second without losing a packet, and to provide the capacity to store hundreds of terabytes or even petabytes of data. When continuous monitoring is implemented, it provides tremendous benefits, resembling those of a security camera in a bank. Analysts can play back network activities related to an attack in their chronological sequence. This unique capability of security analytics solutions provides deep insights into attacks, helps assess the damage done by breaches, and lets analysts go back in time to determine the full scope of the attacks. Continuous Monitoring at a Leading Financial Firm A large investment bank uses Blue Coat Analytics Platform to monitor a dozen international locations and to achieve complete visibility into network traffic, users and data. The Analytics Platform also provides context to information available from other security systems, including a third-party sandbox product, Blue Coat ProxySG, and the Blue Coat SSL Visibility Appliance. These capabilities have significantly reduced incident response times. Use Case #3: Incident Response and Resolution incident response, which involves quickly analyzing, identifying and resolving cyber attacks and breaches, remains the most popular use case for security analytics solutions. A security analytics solution provides incident responders with invaluable tools for incident response, including session and object reconstruction, session playback, root cause exploration, and integration with other security products such as SIEM and next-generation firewall systems. These tools help answer questions such as: Who is responsible for the attack and what exactly did they do? What systems were affected and what data was compromised? Is the attack continuing, and if so, how can we stop it immediately? Is the attack over, and if so, how can we prevent a recurrence? This is an area where time-to-resolution is critical. Many attacks are persistent, and in many cases costs to the enterprise are proportional to the length of time the attack remains undiscovered. The longer the attack lasts, the greater the number of credentials that will be captured, the more systems and applications that will be compromised, and the higher volume of sensitive data that will be exfiltrated. By providing precise, actionable intelligence faster, a security analytics solution produces savings in revenue, corporate reputation, breach notification costs and fines, and clean-up costs. Next-Generation Analytics Solutions can reduce meantime to resolution by up to 85%. 2 2 Based on Blue Coat customer case studies. 5
6 Incident Response at a Major Online Retailer using root cause analysis from [Blue Coat], we were able to pinpoint how the exploit occurred, understand the full scope of the problem, and completely prevent that exploit from ever happening again... A large online retailer built its security operations center and incident response process around the Analytics Platform. They use it to identify malicious activity inside and outside the network, to pinpoint all compromised systems through root cause analysis, and to conduct assurance testing on preventative controls by replaying attacks in a lab environment. The Analytics Platform provides much-needed context to alerts, including alerts from their new advanced malware analysis appliances. Use Case #4: Advanced Malware Detection Until recently, security analytics solutions were brought into play after a breach had been detected, and used almost exclusively for retrospective analysis and forensics. But that has changed. Blue Coat has added real-time threat detection to the Analytics Platform with add-on software modules called Blue Coat ThreatBLADES. ThreatBLADES provide real-time threat intelligence services. Each one is optimized to scan specific protocols (HTTP, SMTP, POP3, Webmail, FTP, etc.), detect and extract objects (files, URLs, IP addresses, etc.), inspect and categorize those objects as good, bad (malicious), or unknown, and take appropriate actions in real-time. Those actions can include alerting administrators in real time to malware, querying the Blue Coat Global Intelligence Network about unknown files, brokering unknown files to Blue Coat s Malware Analysis Appliance for detailed analysis in a sandbox, and adding file signatures to a white list or black list. Malware is often a component of advanced multi-stage attacks. By identifying malware in real time, ThreatBLADES help security analysts and incident responders get a jump on finding and analyzing advanced threats and zero-day attacks. For more information on Blue Coat ThreatBLADES and how they help with malware detection, see the white paper Analytics Moves to Real-Time Protection. Global Intelligence Network Dynamic Malware Sandboxing Analytics Analytics combines many forms of threat intelligence to deliver accurate and complete malware detection and analysis Built-in Knowledgebase Threat Intelligence Services 6
7 Use Case #5: Data Loss Monitoring and Analysis In the Ponemon Institute study mentioned earlier, more than a third of IT managers reported that when their company had a data breach they could not determine exactly what information had been lost. The ability to precisely identify data losses can produce major cost savings. Breach notification costs and regulatory fines are often proportional to the amount of data compromised in an attack. Enterprises can realize large savings by demonstrating that only a few files were exfiltrated, and not an entire file store, or that only a small portion of a database was accessed by the attacker. Also, identifying exactly what systems have been compromised in an attack can dramatically reduce post-breach clean-up costs. The Analytics Platform provides a powerful set of tools to determine the full extent of attacks and data losses. For example, administrators and security analysts can monitor and record all the common media used to exfiltrate sensitive data, such as s, file attachments, instant messages, chat sessions, web activity and other traffic arriving and leaving the network. They can quickly evaluate any session that appears to be suspicious. They can monitor database queries and file requests, relate them to their sources, and then pivot to reconstruct all of the activities carried out by those sources. Incident responders can list and recreate all of the files accessed over the course of a persistent attack, and view the sequence of all of the s, SMS messages and files exchanged during a phishing attack. The Analytics Platform also reduces the extent and duration of attacks by working with data loss prevention (DLP) products to issue real-time alerts when sensitive files and data leave the network. Use Case #6: Web Traffic Monitoring and Analysis Most web traffic monitoring is performed by secure web gateways, next-generation firewalls, and other technologies that inspect web traffic. However, security analytics solutions also play an important role in this area. The Blue Coat WebThreat BLADE, one of the ThreatBLADES discussed in the Advanced Malware Detection use case, monitors HTTP traffic (and HTTPS traffic decrypted by the Blue Coat SSL Visibility Appliance). It uses IP, URL, domain, and file reputation information, together with threat intelligence from the Blue Coat Global Intelligence Network, to identify traffic to and from botnets, command-and-control (CnC) callbacks, and evidence of web-based advanced persistent threats (APTs). The WebThreat BLADE can also help enforce web usage policies by monitoring access to web sites that fall into categories such as gambling, shopping, pornography and entertainment. The Analytics Platform also allows administrators to create rules to identify indicators of compromise (IOCs) based on anomalous web traffic patterns and inferential reporting. Information about advanced web attacks can be relayed to secure web gateways to thwart further attacks. Evasive Botnet Detected and Crushed The Blue Coat Threat Research Team used the Analytics Platform to identify a malicious botnet, as well as all the victim hosts that were communicating with the botnet s command and control servers across the globe. Government authorities used this information to take down the botnet servers and all associated domains. Data Loss Monitoring at a Leading-Edge Technology Company A technology company with world-famous consumer electronics products and a soaring stock price uses Blue Coat Analytics Platform to ensure that employees and contractors do not leak intellectual property, confidential business plans or corporate financial information. They also use it to determine material impact when information leakage does occur. 7
8 Use Case #7: IT Governance, Risk Management and Compliance Enterprises need to ensure that employees and other computer users comply with acceptable use policies (AUPs), and to demonstrate to auditors and regulators that they are in compliance with government and industry regulations and standards. analytics solutions play a major role in enforcing and proving compliance with organizational policies. Through application classification, they can quickly identify employees using unapproved applications or using applications in ways that violate policies (for example, exporting files through a chat service). They can monitor users and sessions accessing databases and file stores holding confidential information, to identify unauthorized access. In the event that there is a data breach or policy violation, the complete record of all network activity is used to determine exactly what information has been lost (see the discussion of Data Loss Monitoring and Analysis). The Analytics Platform also includes a media panel that lets administrators monitor images, audio files and video files, to ensure that employees are not viewing inappropriate or illegal content, or abusing online games and entertainment media during work hours. A media panel helps administrators find policy violations related to images, audio files and video files Continuous Monitoring, Situational Awareness and Risk Mitigation Situational awareness through full network visibility is a key means for mitigating risk. In testimony about real risk reduction to come about through continuous monitoring, the State Department reports a 90 percent improvement in its risk posture after implementing a continuous monitoring program. SANS Institute: Continuous Monitoring: What It Is, Why It Is Needed, and How to Use It 8
9 Summary Today, a security analytics solution like the Blue Coat Analytics Platform is for much more than just network forensics. In fact, it provides substantial value for seven use cases: 1. Situational awareness: professionals gain complete 360, 20:20 visibility into their operational domain. The Blue Coat Analytics Platform delivers unprecedented views and visual insights into all activity on an enterprise network. 2. Continuous monitoring: The Analytics Platform is like a security camera for networks. analysts can have access to terabytes of all types of historical network and security data, and can play back any activity of interest at the click of a button. 3. incident response and resolution: Blue Coat s security analytics solution provides incident responders with invaluable tools such as session and object reconstruction, session playback and root cause exploration. These tools allow them to quickly and accurately answer critical post-breach who?, why?, what?, when?, and how? questions and greatly reduce time-to-resolution. 4. Advanced malware detection: Blue Coat ThreatBLADES, which run on the Analytics Platform, can detect and extract files from traffic on all major protocols, send alerts when malware is detected, and send unknown files to a sandbox for dynamic malware analysis. 5. Data loss monitoring and analysis: The Blue Coat Analytics Platform allows administrators to monitor and extract all files leaving an enterprise network, across communication channels such as , HTTP uploads, instant messaging chats and more. Along with a builtin alerting system, this provides a powerful capability for corporations worried about sensitive data loss. 6. Web traffic monitoring and analysis: Blue Coat s security analytics solution provides detailed web traffic analysis to identify advanced web-based threats, including botnets, command and control activity, malicious websites, embedded malware and more. 7. IT governance, risk management and compliance: The Blue Coat Analytics Platform can monitor application use and data access to ensure that employees are complying with company and government policies. It also allows policy owners such as Human Resources Directors and Chief Financial Officers to demonstrate compliance with government regulations and industry standards. For more information on the concepts and products discussed in this white paper, please visit the Analytics Platform section of the Blue Coat website, and try the Analytics Virtual Appliance for 30 days. 9
10 Blue Coat Systems Inc. Corporate Headquarters Sunnyvale, CA Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheEOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, Mach5, Packetwise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, See Everything. Know Everything.,, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.wp-next-gen-security-analytics:real-world-use-cases- EN-v1d-0714 EMEA Headquarters Hampshire, UK APAC Headquarters Singapore
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION HOW TO BEAT ADVANCED THREATS WITH AN INTEGRATED APPROACH TO SECURITY VISIBILITY, ANALYTICS, THREAT INTELLIGENCE, AND ENFORCEMENT INTRODUCTION Today s threat protection
More informationNEXT GENERATION SECURE WEB GATEWAY: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE
: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE A CLOSER LOOK REVEALS WHY PROXY-BASED ARCHITECTURE IS UNIQUELY EFFECTIVE IN DEFENDING AGAINST WEB-BASED THREATS. The web is central to the way we work, live,
More informationDecrypt Inbound SSL Traffic for Passive Security Device (D-H)
Decrypt Inbound SSL Traffic for Passive Security Device (D-H) SSL Visibility Appliance First Steps Guide Third Party Copyright Notices 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG,
More informationSECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES
WHITEPAPER In today s complex network architectures it seems there are limitless ways to deploy networking equipment. This may be the case for some networking gear, but for web gateways there are only
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationWAN OPTIMIZATION FOR MICROSOFT SHAREPOINT BPOS
WHITEPAPER EXECUTIVE SUMMARY Microsoft SharePoint is a web-based collaboration and information-sharing platform designed as a centralized replacement for multiple web applications. SharePoint leverages
More informationBlue Coat Security First Steps. Solution for HTTP Object Caching
Solution for HTTP Object Caching Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM,
More informationSecurity Report. Security Empowers Business DO NOT ENTER. Blue Coat Research Maps the Web s Shadiest Neighborhoods. September 2015
Security Report Security Empowers Business DO NOT ENTER Blue Coat Research Maps the Web s Shadiest Neighborhoods September 2015 The Web s Shadiest Neighborhoods KEY FINDINGS There has been an explosion
More informationThreat Containment for Facebook
Threat Containment for Facebook Based on statistics for more than 62M users in 2009, the Blue Coat WebPulse cloud service ranked social networking as the number one most requested web category, surpassing
More informationVIRTUALIZED SECURITY: THE NEXT GENERATION OF CONSOLIDATION
WHITEPAPER A consolidated security infrastructure is more than just an idea; in today s world of increasingly diversified threats and associated rising costs, it s imperative that organizations adopt a
More informationA TECHNICAL REVIEW OF CACHING TECHNOLOGIES
WHITEPAPER Over the past 10 years, the use of applications to enable business processes has evolved drastically. What was once a nice-to-have is now a mainstream staple that exists at the core of business,
More informationBlue Coat ICS PROTECTION Scanner Station Version
Blue Coat ICS PROTECTION Scanner Station Version USB Malware Defense for Industrial Computers User Guide, version 5.3.1 Contents Contents 1. ABOUT... 3 1.1. About this Guide... 3 1.2. System Requirements...
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationProducts & Services. Security Empowers Business SHIFT FORWARD. Security powers business acceleration.
Products & Services Security Empowers Business SHIFT FORWARD Security powers business acceleration. Security & Policy Enforcement Center Old-school security is all about protection. Avoiding the unthinkable.
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationBlue Coat Security First Steps Solution for Controlling HTTPS
Solution for Controlling HTTPS SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More information1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS
1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS $32.8B 100,000 Cyber Criminals State-Sponsored Spies Hactivists We live in a POST-PREVENTION Amount enterprises are
More informationWeb Application Classification Feature
Web Application Classification Feature PacketShaper 11.5 Third Party Copyright Notices 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationEXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS
EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationBlue Coat Security First Steps Solution for Deploying an Explicit Proxy
Blue Coat Security First Steps Solution for Deploying an Explicit Proxy SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationSECURITY ANALYTICS FOR SECURITY OPERATION CENTER 2.0 A TECHNICAL OVERVIEW
A TECHNICAL OVERVIEW BLUE COAT: SECURITY EMPOWERS BUSINESS Blue Coat empowers enterprises to safely and securely choose the best applications, services, devices, data sources, and content the world has
More informationBlue Coat Security First Steps Transparent Proxy Deployments
Transparent Proxy Deployments SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationHow Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail
How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationBLUE COAT SYSTEMS 2014 MOBILE MALWARE REPORT
Security Report Security Empowers Business BLUE COAT SYSTEMS 2014 MOBILE MALWARE REPORT A New Look at Old Threats MOBILE DEVICES STILL REMAIN LARGELY FREE OF DRIVE-BY DOWNLOADS Mobile Malware: A New Look
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationEXPLORING ADVANCED THREATS
Whitepaper Blue Coat Advanced Threat Protection Series Security Empowers Business EXPLORING ADVANCED THREATS Advanced Threat Protection (ATP) Essentials, Part 1 SECURITY ISN T ONLY ABOUT PREPARING FOR
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationBlue Coat Security First Steps Solution for Recording and Reporting Employee Web Activity
Solution for Recording and Reporting Employee Web Activity SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationBlue Coat Security First Steps Solution for Streaming Media
Blue Coat Security First Steps Solution for Streaming Media SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationIBM Security QRadar QFlow Collector appliances for security intelligence
IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationBOOSTING INTERNET ACCESS LINK PERFORMANCE WITH BLUE COAT WAN OPTIMIZATION TECHNOLOGIES
PERFORMANCE WITH BLUE COAT WHITEPAPER EXECUTIVE SUMMARY Gateways to Internet traffic are facing unprecedented loads and growth rates in all types of industries and organizations due to the growth of mobile
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationThe Value of QRadar QFlow and QRadar VFlow for Security Intelligence
BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationWin the race against time to stay ahead of cybercriminals
IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationA Modern Framework for Network Security in Government
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationSymantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationThe Next Generation IPS
The Next Generation IPS Comprehensive Defense Against Advanced Persistent Threats Contents Introduction.............................................. 1 What Are Advanced Persistent Threats?.............................
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationFidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence. June 2010 Version 1.0 PAGE 1 PAGE 1
Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence June 2010 Version 1.0 PAGE 1 PAGE 1 Contents Introduction... 3 Fidelis XPS Feed Manager... 4 Fidelis XPS Policy: A Primer...
More informationBlue Coat Security First Steps Solution for Controlling Web Applications
Blue Coat Security First Steps Solution for Controlling Web Applications SGOS 6.5 Third Party Copyright Notices 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationWebsense Data Security Solutions
Data Security Suite Data Discover Data Monitor Data Protect Data Endpoint Data Security Solutions What is your confidential data and where is it stored? Who is using your confidential data and how? Protecting
More informationWHAT S NEW IN WEBSENSE TRITON RELEASE 7.8
WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8 Overview Global organizations are constantly battling with advanced persistent threats (APTs) and targeted attacks focused on extracting intellectual property
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More information