Modular Network Security. Tyler Carter, McAfee Network Security

Similar documents

Security Information & Event Management (SIEM)

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

McAfee Network Security Platform

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

McAfee - Overview. Anthony Albisser

How To Buy Nitro Security

Protecting the un-protectable Addressing Virtualisation Security Challenges

Networking for Caribbean Development

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Hillstone and Trend Micro Joint Solution

REVOLUTIONIZING ADVANCED THREAT PROTECTION

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Unified Threat Management, Managed Security, and the Cloud Services Model

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Technology Blueprint. Protect the Network Perimeter. Controlling what gets through into and out of your organization

Next Generation IPS and Reputation Services

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Unprecedented Malware Growth

Mucho Big Data y La Seguridad para cuándo?

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Cisco Advanced Malware Protection for Endpoints

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Securing Cloud-Based

Secure Cloud-Ready Data Centers Juniper Networks

SourceFireNext-Generation IPS

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

External Supplier Control Requirements

IBM Advanced Threat Protection Solution

Fighting Advanced Threats

Data Protection McAfee s Endpoint and Network Data Loss Prevention

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Symantec Advanced Threat Protection: Network

McAfee Endpoint Protection Products

Cisco & Big Data Security

IBM Security Strategy

End-user Security Analytics Strengthens Protection with ArcSight

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

24/7 Visibility into Advanced Malware on Networks and Endpoints

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Uncover security risks on your enterprise network

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

Requirements When Considering a Next- Generation Firewall

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

High End Information Security Services

Symantec Security Information Manager Version 4.7

SIEM Orchestration. How McAfee Enterprise Security Manager can drive action, automate remediation, and increase situational awareness

Innovations in Network Security

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

McAfee Tackles the Complexities of Endpoint Security

Automated Protection on UCS with Trend Micro Deep Security

Endpoint protection for physical and virtual desktops

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

McAfee Botnet Protection: Correlation, Context and Intelligence. REV: (July 2011)

Managed Security Services Portfolio

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

How To Protect A Network From Attack From A Hacker (Hbss)

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

IT Security Strategy and Priorities. Stefan Lager CTO Services

Integrated Protection for Systems. João Batista Territory Manager

Check Point: Sandblast Zero-Day protection

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Firewall and UTM Solutions Guide

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Unified Security, ATP and more

HP TIPPINGPOINT ADAPTIVE REAL-WORLD SECURITY. Stefan Schmid Sales Manager Central & Eastern Europe & Middle East s.schmid@hp.com

Enabling Security Operations with RSA envision. August, 2009

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

OUR MISSION IS TO PROTECT EVERYONE FROM CYBERCRIME

74% 96 Action Items. Compliance

On and off premises technologies Which is best for you?

ENABLING FAST RESPONSES THREAT MONITORING

UNCLASSIFIED. General Enquiries. Incidents Incidents

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

What is Security Intelligence?

Integrating MSS, SEP and NGFW to catch targeted APTs

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

IBM Security IBM Corporation IBM Corporation

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Secure Your Mobile Workplace

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Configuration Information

Cyber Security Metrics Dashboards & Analytics

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

IBM Security re-defines enterprise endpoint protection against advanced malware

Redefining SIEM to Real Time Security Intelligence

Transcription:

Modular Network Security Tyler Carter, McAfee Network Security

Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks

No Single Solution for All Security Challenges 3 Cloud Security Spam Trojan Network IPS Viruses Obfuscation Security Management Encrypted attacks Firewall APTs Bot Web Security Mail Security Botnets Zero-day attacks Host AV Spear phishing Network Behavior Denial of Service Targeted attacks Host IPS Social media exploits Social engineering 3rd Party Feeds DDOS September 21, 2011 Database Security Forensics Spambots Vulnerability Scanning

Balancing Risk & Costs OpEx CapEx Risk 4 September 21, 2011

Balancing Risk & Costs Where are you? OpEx Total CapEx Costs Risk 5 September 21, 2011

Reducing Management & Infrastructure Costs 6 September 21, 2011

Technology Architecture for Security How Connected Is Your Security? Host IPS Agent DLP Agent Encryption Antivirus Agent NAC Audit Agent Systems Management Agent EVERY SOLUTION HAS AN AGENT EVERY AGENT HAS A CONSOLE EVERY CONSOLE NEEDS A SERVER EVERY SERVER NEEDS AN OS/DB EVERY OS/DB NEEDS PEOPLE, MAINTENANCE, PATCHING WHERE DOES IT END?

Technology Architecture for Security How Connected Is Your Security? epo Server (AV, DLP, NAC, Encryption, PA, Site Advisor) SINGLE AGENT SINGLE CONSOLE

Unknown Threat: Non-Optimized Approach! Notification of a new threat, analysis of applicability based on vulnerabilities, determine managed or rogue systems Assess protection to determine risk and countermeasures available across IPS, firewall, and AV environments Managed Systems Vulnerable Systems Analysis Priority Protection Status Existing Countermeasures Determine priority and engage operations team with recommendations (adjust policies, vendor engage, patch mgmt) Consoles, upon consoles, upon consoles with no connection across the infrastructure Unmanaged Systems Next Steps Exposed Risk AV Manual Scans Log Analysis Ops Team IPS FW Patch/ Updates Policy Config Contact Vendor IPS Monitor IPS AV IPS FW AV IPS FW AV FW AV

Unknown Threat: Optimized Approach! Situational Awareness Recommendations Ops Team Patch Policy Config Contact Vendor Monitor

Reducing Incident Costs 11 September 21, 2011

Reduce Outbreak Lifecycle Permanent Protection Scope Suspect Identify Mitigate Tools Fixed 12

Outbreak Lifecycle 13 September 21, 2011

Outbreak Lifecycle Unique Event 14

Outbreak Lifecycle Faster Remediation Minimize Scope of Impact ID the Root Attack Reduced Frequency 15

Ability to Execute McAfee Network Security Challengers Leaders McAfee Next Gen Firewall Intrusion Prevention Cisco HP Sourcefire Network Access Control Advanced Threat Detection IBM Juniper Networks Stonesoft Top Layer Security NitroSecurity Radware Check Point Software Technologies StillSecure Best Performance, Protection, and TCO DeepNines Technologies Enterasys Networks Niche Players Visionaries Completeness of Vision

Modular Approach to Network Security 17 September 21, 2011

Network Security Deployment Strategy 2 3 1 Recommendation Start with Network IPS Enable McAfee GTI ($0) Integrate McAfee epo ($0) Add vulnerability scanning Visibility extensions Analysis extensions 5 4 18 September 21, 2011

Network Security Deployment Strategy Network Security Platform Industry-leading IPS Up to 10 Gbps Blocks 95% of network threats Best zero-day coverage Integrated NAC Integrated McAfee GTI 19 September 21, 2011

Network Security Deployment Strategy Global Threat Intelligence Real-time threat feeds File reputation IP reputation Geo-locations 20 September 21, 2011

GTI for Improved Time and Effort to Coverage Threat Reputation Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed. 300M IPS Attacks/Mo. 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. 20B Message Reputation Queries/Mo. 2.5B Malware Reputation Queries/Mo. 300M IPS Attacks/Mo. Geo Location Feeds

How Did McAfee Protect Against VBMania? McAfee NSP with McAfee Global Threat Intelligence VBMania e-mail sent to user = McAfee Global Threat Intelligence file reputation identifies malware action prompts lookup in McAfee Global Threat Intelligence cloud user clicks to URL containing malicious.scr McAfee NSP using McAfee Global Threat Intelligence file reputation protected against VBMania malware download

McAfee epo Integration Benefits Centralized Reporting Host IPS feeds Tuning recommendations Global Risk Assessment 23 September 21, 2011

Visibility Extensions Benefits Network-wide visibility System & application profiling Additional host context Detect bots, malicious hosts Inspect virtual environments 24 September 21, 2011

Example: Network Behavior Analysis Web Intranet Data Center Database Email Servers NTBA Appliance Network Security Manager Network Security Platform Threat Detected!! Quarantine New Peer to Peer Application Source of Malware

Analysis Extensions Alert Benefits Travel back in time (log analysis) Detect the un-detectable Find APTs Prevent data loss 1001 100110 01011 Protection Strategy Automatic Unwrapping Heuristic Code Analysis 26 September 21, 2011

Benefit of the Security Connected DRAMATIC REDUCTION IN EFFORT TO IDENTIFY AND RESOLVE ISSUES RESOLUTION PERIOD REDUCED FROM WEEKS TO HOURS ELIMINATION OF ROOT OF ATTACK PREVENTS REPEATED EVENTS 27

THANK YOU www.mcafee.com Tyler_carter@mcafee.com 28 September 21, 2011