Modular Network Security Tyler Carter, McAfee Network Security
Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks
No Single Solution for All Security Challenges 3 Cloud Security Spam Trojan Network IPS Viruses Obfuscation Security Management Encrypted attacks Firewall APTs Bot Web Security Mail Security Botnets Zero-day attacks Host AV Spear phishing Network Behavior Denial of Service Targeted attacks Host IPS Social media exploits Social engineering 3rd Party Feeds DDOS September 21, 2011 Database Security Forensics Spambots Vulnerability Scanning
Balancing Risk & Costs OpEx CapEx Risk 4 September 21, 2011
Balancing Risk & Costs Where are you? OpEx Total CapEx Costs Risk 5 September 21, 2011
Reducing Management & Infrastructure Costs 6 September 21, 2011
Technology Architecture for Security How Connected Is Your Security? Host IPS Agent DLP Agent Encryption Antivirus Agent NAC Audit Agent Systems Management Agent EVERY SOLUTION HAS AN AGENT EVERY AGENT HAS A CONSOLE EVERY CONSOLE NEEDS A SERVER EVERY SERVER NEEDS AN OS/DB EVERY OS/DB NEEDS PEOPLE, MAINTENANCE, PATCHING WHERE DOES IT END?
Technology Architecture for Security How Connected Is Your Security? epo Server (AV, DLP, NAC, Encryption, PA, Site Advisor) SINGLE AGENT SINGLE CONSOLE
Unknown Threat: Non-Optimized Approach! Notification of a new threat, analysis of applicability based on vulnerabilities, determine managed or rogue systems Assess protection to determine risk and countermeasures available across IPS, firewall, and AV environments Managed Systems Vulnerable Systems Analysis Priority Protection Status Existing Countermeasures Determine priority and engage operations team with recommendations (adjust policies, vendor engage, patch mgmt) Consoles, upon consoles, upon consoles with no connection across the infrastructure Unmanaged Systems Next Steps Exposed Risk AV Manual Scans Log Analysis Ops Team IPS FW Patch/ Updates Policy Config Contact Vendor IPS Monitor IPS AV IPS FW AV IPS FW AV FW AV
Unknown Threat: Optimized Approach! Situational Awareness Recommendations Ops Team Patch Policy Config Contact Vendor Monitor
Reducing Incident Costs 11 September 21, 2011
Reduce Outbreak Lifecycle Permanent Protection Scope Suspect Identify Mitigate Tools Fixed 12
Outbreak Lifecycle 13 September 21, 2011
Outbreak Lifecycle Unique Event 14
Outbreak Lifecycle Faster Remediation Minimize Scope of Impact ID the Root Attack Reduced Frequency 15
Ability to Execute McAfee Network Security Challengers Leaders McAfee Next Gen Firewall Intrusion Prevention Cisco HP Sourcefire Network Access Control Advanced Threat Detection IBM Juniper Networks Stonesoft Top Layer Security NitroSecurity Radware Check Point Software Technologies StillSecure Best Performance, Protection, and TCO DeepNines Technologies Enterasys Networks Niche Players Visionaries Completeness of Vision
Modular Approach to Network Security 17 September 21, 2011
Network Security Deployment Strategy 2 3 1 Recommendation Start with Network IPS Enable McAfee GTI ($0) Integrate McAfee epo ($0) Add vulnerability scanning Visibility extensions Analysis extensions 5 4 18 September 21, 2011
Network Security Deployment Strategy Network Security Platform Industry-leading IPS Up to 10 Gbps Blocks 95% of network threats Best zero-day coverage Integrated NAC Integrated McAfee GTI 19 September 21, 2011
Network Security Deployment Strategy Global Threat Intelligence Real-time threat feeds File reputation IP reputation Geo-locations 20 September 21, 2011
GTI for Improved Time and Effort to Coverage Threat Reputation Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed. 300M IPS Attacks/Mo. 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. 20B Message Reputation Queries/Mo. 2.5B Malware Reputation Queries/Mo. 300M IPS Attacks/Mo. Geo Location Feeds
How Did McAfee Protect Against VBMania? McAfee NSP with McAfee Global Threat Intelligence VBMania e-mail sent to user = McAfee Global Threat Intelligence file reputation identifies malware action prompts lookup in McAfee Global Threat Intelligence cloud user clicks to URL containing malicious.scr McAfee NSP using McAfee Global Threat Intelligence file reputation protected against VBMania malware download
McAfee epo Integration Benefits Centralized Reporting Host IPS feeds Tuning recommendations Global Risk Assessment 23 September 21, 2011
Visibility Extensions Benefits Network-wide visibility System & application profiling Additional host context Detect bots, malicious hosts Inspect virtual environments 24 September 21, 2011
Example: Network Behavior Analysis Web Intranet Data Center Database Email Servers NTBA Appliance Network Security Manager Network Security Platform Threat Detected!! Quarantine New Peer to Peer Application Source of Malware
Analysis Extensions Alert Benefits Travel back in time (log analysis) Detect the un-detectable Find APTs Prevent data loss 1001 100110 01011 Protection Strategy Automatic Unwrapping Heuristic Code Analysis 26 September 21, 2011
Benefit of the Security Connected DRAMATIC REDUCTION IN EFFORT TO IDENTIFY AND RESOLVE ISSUES RESOLUTION PERIOD REDUCED FROM WEEKS TO HOURS ELIMINATION OF ROOT OF ATTACK PREVENTS REPEATED EVENTS 27
THANK YOU www.mcafee.com Tyler_carter@mcafee.com 28 September 21, 2011