Integrated Protection for Systems. João Batista Joao_batista@mcafee.com Territory Manager

Similar documents
Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Host-based Intrusion Prevention System (HIPS)

McAfee Endpoint Protection Products

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

McAfee Server Security

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Unprecedented Malware Growth

Endpoint Security 2.0: The Emerging Role of Application Whitelisting Solutions. Todd Schell

End-user Security Analytics Strengthens Protection with ArcSight

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Stopping zombies, botnets and other - and web-borne threats

Symantec Endpoint Protection Analyzer Report

Endpoint Security Management

Protecting the un-protectable Addressing Virtualisation Security Challenges

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Top five strategies for combating modern threats Is anti-virus dead?

IBM Internet Security Systems

Network Intrusion Prevention Systems Justification and ROI

The Hillstone and Trend Micro Joint Solution

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Managed Security Services

CA Host-Based Intrusion Prevention System r8.1

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Top tips for improved network security

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Cyber Security Solutions:

Firewall and UTM Solutions Guide

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Protection McAfee s Endpoint and Network Data Loss Prevention

McAfee Total Protection Reduce the Complexity of Managing Security

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

ABB s approach concerning IS Security for Automation Systems

Advantages of Managed Security Services

Chapter 4 Application, Data and Host Security

Spyware: Securing gateway and endpoint against data theft

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

13 Ways Through A Firewall

UNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY

GFI White Paper PCI-DSS compliance and GFI Software products

Attacks from the Inside

Spyware Doctor Enterprise Technical Data Sheet

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Xerox Next Generation Security: Partnering with McAfee White Paper

Features Business Perspective.

OfficeScan Corporate Edition 6.5

The Key to Secure Online Financial Transactions

IBM Endpoint Manager for Core Protection

Secure Your Mobile Workplace

Security Information & Event Management (SIEM)

SELF-DEFENDING NETWORKS

ANTIVIRUS BEST PRACTICES

Technology Blueprint. Essential Protection for PCs. Match your endpoint protection with today s risks

Endpoint protection for physical and virtual desktops

Symantec Endpoint Protection A unified, proactive approach to endpoint security

Symantec Endpoint Protection

Endpoint Security: Moving Beyond AV

EndUser Protection. Peter Skondro. Sophos

Symantec Endpoint Protection

Proven LANDesk Solutions

Defending Against Cyber Attacks with SessionLevel Network Security

Symantec Endpoint Protection

Did you know your security solution can help with PCI compliance too?

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Endpoint Security for DeltaV Systems

Modular Network Security. Tyler Carter, McAfee Network Security

PCI Data Security Standards (DSS)

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Devising a Server Protection Strategy with Trend Micro

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

Total Protection for Compliance: Unified IT Policy Auditing

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Confidence in a Connected World. MEEC Symantec Product Availability. John Lally MD Education Account Executive John_Lally@symantec.

13 Ways Through A Firewall What you don t know will hurt you

Devising a Server Protection Strategy with Trend Micro

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System

McAfee Tackles the Complexities of Endpoint Security

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Transcription:

Integrated Protection for Systems João Batista Joao_batista@mcafee.com Territory Manager

2 McAfee Overview Proven Expertise And what it means to you Proof of Expertise Impact of Expertise 1 17 100 300 3800 19,000,000 100,000,000 Focus Years in Business Patents Researchers Employees Online Subscribers End-users Protected 1 st to provide true network-layer IPS 1 st to provide host-level IPS 1 st to integrate HIPS into enterprise AV 1 st to integrate VA and IPS 1,000,000 viruses blocked last year #1 dedicated security company

3 Nearly 20 Years of Single-Minded Focus on a Moving Target Spam, Phishing, Spyware Corporate Data Theft Security Risk Management Integration Zombies Polymorphic Viruses Mass Mailer Viruses Denial of Service Blended Threats Proactive & Automated Comprehensive layers Multiple point products Anti-virus 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007

1. Integrated Protection for Systems

5 Security Risk Management Scope The CSO Challenge What s my risk? Am I compliant? CEO/CIO Audit RISK MANAGEMENT SYSTEM SECURITY NETWORK SECURITY CSO SYSTEM INFRASTRUCTURE What remediation path should I choose? NETWORK INFRASTRUCTURE IT Operations

6 McAfee Security Risk Management Process Applies business discipline by linking people, process and technology to enable organizations to proactively manage security risk Enables customers identify critical assets, assess risks, comprehensively block threats, and minimize compliance exposure Establish POLICY Manage COMPLIANCE Assess RISK Implement PROTECTION

7 The Point-Based Approach to System Security Scan and block (NAC) Mgmt. Console 5 Host intrusion prevention Mgmt. Console 4 Inefficient and Ineffective Anti-virus Mgmt. Console 1 Anti-spyware Mgmt. Console 2 Desktop firewall Mgmt. Console 3

8 Integrated Protection: The Power of M View in slide show mode Best in class protection for all threats Comprehensive, integrated protection leveraging a common agent and management console for efficient and effective security Extensible agent for the future platform for security risk management The Power of M

McAfee Total Protection for Enterprise Reduce the complexity of managing security

10 History and Future of Attacks Increased Number and Complexity Targets are Evolving From consumers, to businesses, to nations. The Latest Target Data theft Malicious Infection Attempts (M) 2.0 1.5 1.0. 5 0 Malicious Infection Attempts Network Intrusion Attempts Polymorphic Viruses Mass Mailer Viruses (Love Letter/Melissa) Zombies Denial of Service (Yahoo!, ebay) Blended Threats (CodeRed, Nimda) Corporate Data Theft (CardSystems TitanRain) Spam, Phishing, Spyware (MyDoom, Sasser) (K) 150 125 100 75 50 25 0 Network Intrusion Attempts 1995 1995 1997 1998 1999 2000 2001 2002 2003 2004 Source: IDC, ICSA, CERT, CSI/FBI, McAfee

11 There is Less Time to React The vulnerability-to-worm cycle is shrinking rapidly 300 250 288 Median Days Trended 200 150 100 104 46 50 34 26 10 3 0 1999 2000 2001 2002 2003 2004 2005 Foundstone, 2004 (represents automated worms January 1999 through May 2004)

12 The Challenges with Traditional Anti-Virus Traditional Anti-Virus Reactive approach Creates Window of Vulnerability Not Effective against Newer Security Risks High TCO for Outbreak Response

13 Complex and Evolving Threats Require Comprehensive Protection Virus, Email Worm, Net Worm Worms Containment/Response or Remediation Application/Process Hijack Protection, DDOS Attack Virus, Worm, Malware Buffer Overflow, Exploit Windows/IE/App Vulnerability, Exploit Browser Hijack, Keylogger, Rogue Dialer Trojan, Backdoor Known Threats/Cleaning Outbreak Malware/PUPs Network Exploits/Zero-Day Anti-virus Anti-spyware Firewall Host intrusion prevention AV email server Anti-spam Network Access Control Security Management Solutions Threats

Next-Generation Anti-Virus for PCs and Servers: Delivering innovation, integration and intrusion prevention to the Enterprise

15 Windows of Vulnerability Security Behavior Vulnerability Identified Security Fix Posted 1 st Attack Starts AV Fix Posted Attack Behavior Traditional AV Update CUSTOMER Vulnerability Gap Traditional Anti-Virus Security Vulnerability McAfee VirusScan Attack Vulnerability Time Proactive 0 Reactive Security Issues and Malware Discovered Providing Zero Day Protection!

Spyware and Potentially Unwanted Programs What your business needs to know

17 The Spyware Epidemic

18 What Are Spyware and Potentially Unwanted Programs (PUPs) Any piece of software which a reasonably security- or privacy-minded computer user may want to be informed of, and, in some cases, remove Alter the security state of the computer on which they are installed, or the privacy posture of the user using the computer Include: Spyware Adware Dialers Jokes Remote Administration Tools Password Crackers Other PUPs Source: AVERT Whitepaper Potentially Unwanted Programs, Feb. 2005

19 The Unique Challenge of PUPs They are very hard to eradicate after they install First PUP pulls others from Web PUPs often transmit data in addition to downloading other applications and files Other PUPs often from multiple companies and sites May share components

20 The McAfee Desktop Defense On-Access scan catches the initial downloader, prevents subsequent installs; logs should be small Real-time scan shows lots of activity as it reacts to infections that just occurred; may leave unknown/new variants that escape notice

21 Total Protection Anti-Virus & Anti-Spyware Features Benefits On-Access Scanning Stops malware and PUPs from installing on a system. Prevents malicious code from compromising and infecting systems. Helps protect from new and unknown threats that may not have Behavior-based Detection be detected by a signature. Allows system files and folders to be locked down to prevent malware from further propagating. Reduced exposure to vulnerabilities means not needing an update every time a new exploit is created Buffer Overflow Protection Port Blocking Protection against exploit attacks like WMF, Sasser, SQL Slammer, etc Protects critical productivity applications, i.e. IE, MS Offices, Windows OS services, Media Player, etc. Prevent further propagation of malware by block outbound communications Prevent spyware and other PUPs from sending confidential information to third parties

22 Total Protection Anti-Virus & Anti-Spyware Features Benefits Enterprise Management Improve security management with epolicy Orchestrator with complete management of all functions including, deployment, configuration, updating and reporting Discover and report the IP address of the end-point system that Infection Trace & Block Email Application Protection sent malicious code Reduces outbreak response time Reduce propagation of malware by identifying source of infection Block all mass mailing viruses containing SMTP engines or connect to a SMTP server Prevent infect machines from propagating malware Enterprise Reporting Develop enterprise reports on all malware and PUP activity Provides a holistic view of end point security posture Produce executive-level reports for compliance reporting

23 Total Protection Email Server Anti-Virus Features Anti-virus, anti-worm Central reporting and management via epo Advanced content filtering Benefits Prevent viruses from propagating from one system to another on your network via email Save administrative time and effort Minimize cost of ownership Prevent sensitive data from leaving your organization Reduce corporate liability by preventing inappropriate or abusive use of your e-mail system

Anti-Spam Roger Wood Senior Product Manager

25 Total Protection Anti-Spam Features Benefits Highly accurate spam detection over 95% Minimize wasted employee productivity Minimize wasted email server storage space Domain name reputation scoring Automatic streaming updates Blacklists and whitelists Proactive technology blocks a large percentage of day zero spam that has never before been seen in the wild. Reactive technology updates SpamKiller rules every 10 minutes for highest effectiveness Over 95% spam accuracy, zero false positives according to independent testing Lets you optimize the system to meet your unique definition of what is spam

Host Intrusion Prevention Roger Wood Senior Product Manager

27 McAfee Host Intrusion Prevention Resource Protection Application Protection Behavioral Protection epo Signature Protection Firewall Protection Vulnerability Signatures Specific Attack Protection Generic Buffer Overflow Protection Reduces the urgency of patching systems Blocks known and unknown attacks Application Protection Connection Aware Rules Port Blocking Protect against SQL injection attacks Blocks USB Drives

28 The Anatomy of an Exploit The Pain of Patching 1 Existing Windows vulnerability yet to be exploited A Crack in the Window Exploit is written to take advantage of the Windows vulnerability Windows Desktop or Server 2 Exploit overflows buffer and writes 3 code to memory Corporate Network Sensitive Data Firewall 4 Once in memory, exploit can perform any number of actions: create admin users, propagate, install remote access tools, steal data Internet Remote Workers Host IPS Vulnerability Shielding protects and gives you time to assess impact of vendor patch rollouts Customers Sales Force Firewall Appliance Router Server Laptop Desktop

29 System Call Interception Program A Program B Program C McAfee Host IPS validates system calls made into the different layers of the OS and kernel Calls are matched to a constantly updated database of both specific and generic attack behaviors. If an attack is found, pre-emptive action is automatically taken ranging from Log Event to Prevent are taken. All activity on the host is seen and analyzed, and is not impaired by encryption, switched data or reliance on system log information User Mode Kernel Mode.EXE.EXE.EXE OS Kernel System Call Table Network Driver Disk Driver Other Driver

30 Application Blocking: Control What Applications Can Do 1 User Launches Application X 2 Application Blocking Policy permits creation Application X can load and run Memory 3 But Policy prevents Application X from hooking Y.DLL to prevent exposure to known vulnerability in Y.DLL App. X Y.dll Disk McAfee Host IPS Application Blocking lets you control what applications can run, and with which other processes they are allowed to interact

31 Shielding and Enveloping: Keep Applications Honest 1 Applications are allowed to access their own files, data, registry and services 2 Shielding - Applications, registry and services are locked down against malicious activity 3 Enveloping Applications are not permitted to access data, registry and services outside their own application envelope App 1 App 2 Memory Memory 101111 101111 Registry Files Registry Files

32 No Compromise Total Protection The Forrester Wave : Client Security Suites, 2006 McAfee leads the market with its comprehensive functionality set and robust management capabilities McAfee is best suited for companies that require comprehensive protection McAfee leads the pack

33 No Compromise Anti-Spyware The Forrester Wave : Enterprise Antispyware, Q1 2006 Forrester Wave Leader in Enterprise AntiSpyware Spyware Certification McAfee s distinguishable strength is its protection against unknown spyware

34 No Compromise Anti-Virus Gartner Magic Quadrant for Enterprise Antivirus 2006 McAfee's main technical strength is its management console epolicy Orchestrator (epo) and secondarily, host-based intrusion detection capabilities. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from McAfee, Inc.

35 What s on our Customer s Mind? Am I at Risk? From Threats? From non-compliance? CSO Ensure compliance with internal and external policies Provide metrics Proactively identify threats Prioritize risks CIO Achieve acceptable level of risk Safeguard critical data Reduce costs of security and compliance management Minimize business disruptions Business Challenges IT Operations Avoid downtime Prioritize remediation tasks Efficiently use of scarce resources Improve workflow Audit Reduce audit costs Automate access to security data Automate risk and regulatory reporting

Obrigado!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information