Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence. June 2010 Version 1.0 PAGE 1 PAGE 1



Similar documents
Defending Against Cyber Attacks with SessionLevel Network Security

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

INTRODUCING isheriff CLOUD SECURITY

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Advanced Threat Protection with Dell SecureWorks Security Services

WEBSENSE TRITON SOLUTIONS

Websense Data Security Solutions

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

V1.4. Spambrella Continuity SaaS. August 2

A New Approach to Assessing Advanced Threat Solutions

Bridging the gap between COTS tool alerting and raw data analysis

Comprehensive Advanced Threat Defense

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Best Practices in Deploying Anti-Malware for Best Performance

FIREMON SECURITY MANAGER

The SIEM Evaluator s Guide

Web Security Monitor. I R O N P O R T S - S E R I E S F e a t u r e Overview

IBM Security X-Force Threat Intelligence

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Unified Security, ATP and more

Breaking the Cyber Attack Lifecycle

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Achieve Deeper Network Security

Integrating MSS, SEP and NGFW to catch targeted APTs

ENABLING FAST RESPONSES THREAT MONITORING

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Comprehensive real-time protection against Advanced Threats and data theft

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

Achieve Deeper Network Security and Application Control

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

WHITE PAPER. Understanding How File Size Affects Malware Detection

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM

Reduce Your Network's Attack Surface

Threat Containment for Facebook

Six Days in the Network Security Trenches at SC14. A Cray Graph Analytics Case Study

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Streamlining Web and Security

IBM Advanced Threat Protection Solution

Symantec Messaging Gateway 10.6

Trend Micro. Advanced Security Built for the Cloud

WEBSENSE SECURITY SOLUTIONS OVERVIEW

SafeNet Content Security Product Overview. Protecting the Network Edge

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

A New Perspective on Protecting Critical Networks from Attack:

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

SIEM is only as good as the data it consumes

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

The Cloud App Visibility Blindspot

Symantec Cyber Security Services: DeepSight Intelligence

Content Security: Protect Your Network with Five Must-Haves

The Hillstone and Trend Micro Joint Solution

isheriff CLOUD SECURITY

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

IBM Security Intrusion Prevention Solutions

On-Premises DDoS Mitigation for the Enterprise

Requirements When Considering a Next- Generation Firewall

IBM Security QRadar QFlow Collector appliances for security intelligence

Protecting against cyber threats and security breaches

October Application Control: The PowerBroker for Windows Difference

Securing Endpoints without a Security Expert

GOING BEYOND BLOCKING AN ATTACK

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Symantec Messaging Gateway 10.5

McAfee Web Reporter Turning volumes of data into actionable intelligence

The Cloud App Visibility Blind Spot

VESZPROG ANTI-MALWARE TEST BATTERY

Networking for Caribbean Development

THE EVOLUTION OF SIEM

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Next-Generation Firewalls: Critical to SMB Network Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Cyber Security Services: Data Loss Prevention Monitoring Overview

Beyond the Hype: Advanced Persistent Threats

Content-ID. Content-ID URLS THREATS DATA

Websense Web Security Solutions

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Edge-based Virus Scanning

IBM Endpoint Manager for Core Protection

SafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Cisco Advanced Malware Protection

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Web DLP Quick Start. To get started with your Web DLP policy

APERTURE. Safely enable your SaaS applications.

10 Things Every Web Application Firewall Should Provide Share this ebook

Managed File Transfer

Symantec Advanced Threat Protection: Network

Types of cyber-attacks. And how to prevent them

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Transcription:

Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence June 2010 Version 1.0 PAGE 1 PAGE 1

Contents Introduction... 3 Fidelis XPS Feed Manager... 4 Fidelis XPS Policy: A Primer... 5 Reputational Feeds and the Information Flow Map... 5 Alerting on Malicious Traffic... 6 Conclusion... 8 Figures Figure 1 New "Reputation" location fingerprint.... 4 Figure 2 Information Flow Map: A Suspicious Node.... 6 Figure 3 Reputational Details From Fidelis XPS and Cyveillance.... 7 Figure 4 Decoding Path and Single-Click Payload Extraction.... 8 FIDELIS SECURITY SYSTEMS, FIDELIS EXTRUSION PREVENTION SYSTEM, FIDELIS XPS, the FIDELIS SECURITY SYSTEMS logo, and/or other FIDELIS SECURITY SYSTEMS products referenced herein are trademarks of Fidelis Security Systems, Inc. Copying, use or distribution of any material contained herein is expressly prohibited. Copyright 2010 Fidelis Security Systems, Inc. All rights reserved. PAGE 2 PAGE 2

Introduction Fidelis XPS is an incredible network security platform. The patented Deep Session Inspection engine in our solutions gives our customers unprecedented wire-speed network visibility into content and application activity, coupled with real-time control over how information is exchanged on today s complex and interconnected networks. The Fidelis XPS Information Flow Map feature, another Fidelis innovation, has given our customers even deeper awareness of network traffic, in the form of a real-time display that provides an intuitive, content-aware view of all activity. Fidelis XPS CommandPost, our policy configuration and sensor management environment, enables user-friendly, customizable analysis of alerts and events, not to mention an incredibly powerful and flexible policy system that connects the power of the Deep Session Inspection platform with actual business policies, objectives and requirements. In addition to our ability to solve data leakage prevention (DLP) problems for our customers, our unique set of technologies are uniquely suited to managing the cyber security risks posed by today s most advanced, dedicated and well-resourced adversaries by working at the session, protocol and payload levels targeted by the newest threats. But most of our customers don't have a crack team of malware researchers and threat analysts to maintain awareness of all the very latest threats, and as a matter of fact we don t either. So we ve built an innovative new feed management system that can improve situational awareness by automatically importing and updating reputational data from any number of free or subscription-based sources. To demonstrate the value of this exciting new feature we See our latest innovations in a four-minute video: http://goo.gl/zr7e have partnered with Cyveillance, an industry-leading provider of intelligence-led security solutions. Their advanced Internet monitoring platform and research organization constitute an unparalleled source of continuously updated reputational knowledge that evolves just as quickly as the threats. Fidelis and Cyveillance are working together to bring additional value to our securitydriven customers. It s an ideal partnership: Fidelis delivers network security appliances with the power to prevent content-based attacks from infecting critical networks or causing costly and embarrassing data breaches, and Cyveillance delivers the reputational intelligence required to stay on top of ever-evolving malware and phishing attacks. Taken together, the visibility and control from Fidelis XPS paired with continuously updated threat intelligence from Cyveillance delivers a degree of situational awareness and a standard of protection well beyond what traditional threat mitigation technologies can offer. PAGE 3 PAGE 3

Fidelis XPS Feed Manager Fidelis XPS network security appliances now include the Feed Manager feature, which arrives preconfigured with two of the most powerful threat intelligence feeds available anywhere: an anti-phishing feed and an anti-malware distribution feed, both powered by Cyveillance. These advanced data sources, continuously updated by Cyveillance and automatically kept up to date by Fidelis XPS, allow our customers to enforce network security policy by monitoring and controlling network access to sites known to Cyveillance to host phishing or malware threats. In addition, Fidelis XPS can be configured to use any number of additional threat intelligence feeds from sources either internal or external to enterprises. These customized feeds can be formatted as XML, CSV or as simple text files, and it s easy to adjust feed sources, refresh rates and access credentials from the CommandPost GUI. Once the right combination of free, paid and custom feeds has been configured, reputational feeds from Fidelis XPS can easily be incorporated into Fidelis XPS policy. Figure 1 New "Reputation" location fingerprint. The Fidelis XPS location fingerprint category has a new Reputation type alongside the previously available Country, Directory, and IP Address location types (see Figure 1). You can construct Reputation fingerprints that use any combination of the available feed categories ( Phishing, Malware, and Custom ), and then use these fingerprints in Fidelis XPS policy rules by themselves, or in combination with other fingerprints as part of more sophisticated rules. The anti-malware distribution and anti-phishing feeds powered by Cyveillance and included with Fidelis XPS are available to all Fidelis customers for a free 90 day trial, after which they are available from Fidelis on a subscription basis. PAGE 4 PAGE 4

Fidelis XPS Policy: A Primer Fidelis XPS policy is constructed from building blocks we call fingerprints. These fingerprints come in three categories, focused on content (the message itself, after all the protocols, payloads, applications and archiving has been stripped away), location (the origin and destination of the message), and channel (any of thousands of attributes having to do with how the message has been transmitted). These fingerprints are assembled into rules as boolean expressions. A rule expression can be somewhat complex, like this: C_Source AND From_Engineering_Dept AND NOT (To_QA_Testing AND FTP AND Normal_Business_Hours) (In English: prevent or alert on any traffic containing C source code if it s transmitted from the engineering department, unless it s destined for the QA lab via FTP during normal business hours. ) Here s a simpler favorite: MS-DOS AND ImageFileNames (In English: prevent or alert on any traffic containing a DOS/Windows executable that s been renamed to look like an image. Remember, this rule doesn t care if the renamed executable is buried in a dozen nested zip archives; Fidelis XPS will still spot this payload quickly enough to block the transfer, if prevention is specified.) Dozens of different types of content, location and channel fingerprints are available, enabling the creation of a content protection and network security policy that s as simple or as complex as business requirements dictate. Reputational Feeds and the Information Flow Map While it may be tempting to start by constructing a comprehensive set of Fidelis rules leveraging the new threat intelligence feeds, it isn t necessary to take this get immediate value from those feeds. The Fidelis XPS Information Flow Map will automatically display malicious hosts in red, drawing instant attention to nodes talking to hostile hosts and enabling a rapid, targeted threat mitigation (see Figure 2). PAGE 5 PAGE 5

Figure 2 Fidelis XPS Information Flow Map: A Suspicious Node. Alerting on Malicious Traffic When threat intelligence feeds are used in Fidelis XPS rules, the resulting alerts tell the whole story of sessions. Fidelis XPS reports on exactly what was transmitted, what protocol was involved, the format contents of the payload and we can see at a glance the destination host was suspicious in the first place (see Learn more about using Fidelis XPS to kill content-based malware: http://goo.gl/avsp Figure 3). PAGE 6 PAGE 6

Figure 3 Reputational Details From Fidelis XPS and Cyveillance. Another analysis feature our customers love is the decoding path display and our singleclick payload extraction capability. Alert detail views include extensive information about all the work the Deep Session Inspection engine did to uncover each threat. If, for example, an FTP session is used to transmit a ZIP archive containing a renamed RAR archive containing a malware-infected PDF, Fidelis XPS CommandPost presents this information in the form of a decoding path (which itself can be made part of policy). Better still, each level in the decoding path includes a clickable link for downloading the payload as it existed at every step along the decoding process (see Figure 4). And as if that isn t enough, CommandPost permits network session downloading of both sides of any conversations that violate policy, enabling a detailed and comprehensive forensic response. PAGE 7 PAGE 7

Conclusion Figure 4 Decoding Path and Single-Click Payload Extraction. The word for 2010 is proliferation. Threats are proliferating: enterprises face internal accidental misuse, unknown internal threats and an increasingly sophisticated and talented set of external adversaries. Network communication modes are proliferating: it s not always sensible to institute blanket bans against social networking sites, instant messaging or even peer-to-peer channels. Finally, threat mitigation technologies are proliferating: the days when a socket-based firewall was enough are long gone, Fidelis gives us big bang for the and security vendors have saturated the market buck from the pure security with an alphabet soup of solutions that add compliance perspective. Best unwanted complexity. Find out what our most tool that we can use to give us demanding customers already know about situational awareness. Fidelis XPS: the incredible Deep Session US Energy Company Inspection platform, blended with our Information Flow Map, flexible policy engine and intelligenceled reputational data from Cyveillance, provide unsurpassed leverage you can use to achieve and enhance situational awareness and decisively answer today s advanced online threats. Call us today at 800.652.4020 to schedule a closer look. PAGE 8 PAGE 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information