White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible



Similar documents
IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

WildFire. Preparing for Modern Network Attacks

Analyzing HTTP/HTTPS Traffic Logs

Unified Security, ATP and more

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

End-user Security Analytics Strengthens Protection with ArcSight

Payment Card Industry Data Security Standard

REVOLUTIONIZING ADVANCED THREAT PROTECTION

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Cisco Advanced Malware Protection

ENABLING FAST RESPONSES THREAT MONITORING

Cisco Advanced Malware Protection for Endpoints

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Cisco Cyber Threat Defense - Visibility and Network Prevention

Find the needle in the security haystack

Report. Bromium: Endpoint Protection Attitudes & Trends Increasing Concerns Around Securing End Users

Requirements When Considering a Next- Generation Firewall

Moving Beyond Proxies

Integrating MSS, SEP and NGFW to catch targeted APTs

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Practical Threat Intelligence. with Bromium LAVA

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Endpoint Security for DeltaV Systems

Vulnerability Management

The Sophos Security Heartbeat:

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The SIEM Evaluator s Guide

Braindumps QA

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

How To Buy Nitro Security

SANS Top 20 Critical Controls for Effective Cyber Defense

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Defending Against Cyber Attacks with SessionLevel Network Security

The Emergence of Security Business Intelligence: Risk

Palo Alto Networks. October 6

Cyber Situational Awareness for Enterprise Security

Cisco Advanced Malware Protection for Endpoints

Total Protection for Compliance: Unified IT Policy Auditing

Carbon Black and Palo Alto Networks

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

Introducing IBM s Advanced Threat Protection Platform

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

APPLICATION PROGRAMMING INTERFACE

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Under the Hood of the IBM Threat Protection System

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

A Modern Framework for Network Security in the Federal Government

Asset Discovery with Symantec Control Compliance Suite

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Network Security and Vulnerability Assessment Solutions

CALNET 3 Category 7 Network Based Management Security. Table of Contents

SourceFireNext-Generation IPS

Top 10 Reasons Enterprises are Moving Security to the Cloud

CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

Policy Management: The Avenda Approach To An Essential Network Service

IBM Security QRadar Vulnerability Manager

CLOUD GUARD UNIFIED ENTERPRISE

Extreme Networks Security Analytics G2 Vulnerability Manager

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Unified Threat Management, Managed Security, and the Cloud Services Model

Symantec Endpoint Protection

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

IBM Internet Security Systems

Uncover security risks on your enterprise network

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Protecting the Infrastructure: Symantec Web Gateway

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

McAfee Server Security

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

Securing Virtual Applications and Servers

Using SIEM for Real- Time Threat Detection

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Detect & Investigate Threats. OVERVIEW

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Bridging the gap between COTS tool alerting and raw data analysis

Symantec Messaging Gateway 10.6

Breach Found. Did It Hurt?

Boosting enterprise security with integrated log management

Symantec Advanced Threat Protection: Network

Transcription:

White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible

Overview This paper discusses prevalent market approaches to designing and architecting security products and their pitfalls. Most notably, as the security landscape evolves with new kinds of threats, new classes of products emerge to help organizations deal with them effectively. However most of these products are architected as standalone solutions giving rise to a bolted-on security implementation in most organizations. In addition to being expensive to implement and maintain, bolted-on security implementations result in inferior security outcomes and are frequently the subject of IT organizations ire. Lately, vendors have started to offer integrated solutions. This is most evident in the areas of Next Generation Firewall and UTM products where Firewall, IPS and potentially other security products coexist and provide a unified interface to the security team. This approach however fails when discerning customers want to take a best of breed approach towards building their security infrastructure. Cyphort advanced threats defense platform takes a significantly different approach that ties it closely with an organization s overall security fabric, so that it functions in unison with customers existing security portfolio and processes while allowing organizations to completely leverage the functionality of related products. 2 2014 Cyphort, Inc. All Rights Reserved.

What is a bolted-on architecture? Bolted-on architecture is a consequence and not a design goal. It arises from the fact that organizations have to purchase, implement and maintain multiple security solutions, each with it s own set of features and management interfaces. There is very little if any shared intelligence and coordination between disparate solutions. This approach results in a security architecture that has several disadvantages and results in an inferior security posture for an organization. The pitfalls of a bolted-on security architecture There are many issues related to bolt-on security architectures, many of which are obvious and some of which are less obvious and related to the effectiveness of a security posture. The following provides details on some of these pitfalls: Inability to leverage synergy between solutions While cost and management are frequently cited as major pain points for operating multiple solutions, it is the inability to utilize the technologies in disparate products in a meaningful way that is the biggest pitfall, and prevents organizations from unlocking the true value of their security investment. An example would be endpoint-based solutions that can protect from known malware and network-based solutions that detect unknown malware. Each have unique values, but combined would provide significantly more value to a customer. Network based solution can find zero-day threats and provide intelligence to the endpoint solution to identify and mitigate it in the future. Management overhead and costs Cost and overhead of operating multiple security products using their own management interfaces and paradigms is a major pain point for IT organizations. Reduced visibility Most security products claim to provide single pane of glass view through their individual dashboards. However, this is done within the context of a specific product. How it matches up with the dashboards of other solutions is left to the security practitioners. Redundancy Security products frequently introduce redundant capabilities that are at best underutilized, and in the worst case compromise the reliability and security of an organization. As an example having multiple security products capable of blocking suspect Internet traffic can introduce additional points of failure thus reducing reliability. As another example, two separate security solutions that have discovered the same suspect activity through different means will effectively double the alert load for the incidence response teams resulting in over commitment to dealing with this particular threat, while potentially ignoring others thus reducing overall security effectiveness. 3 2014 Cyphort, Inc. All Rights Reserved.

A new approach to building security The issues discussed in the previous section leads us to discover a new architecture that will work in unison with an organizations overall security portfolio. In order to achieve this a solution must be designed with the following principals in mind - Modular Monolithic security solution may pack a lot of features but they are prone to be underleveraged by the customers if individual functions cannot be accessed and matched up with other complementary technologies. One example would be to have threat detection solution that can export mitigation information so that existing enforcement solutions can provide protection based on the intelligence provided by the detection solution. Open interfaces The solution must be able to integrate with other solutions. This requires that the solution be built with a fundamental API layer. The intent would be to deliver API access to most of the functionality and adhere to standards based data exchange formats. Platform choices One requirement for a seamless solution is that it should be deployable in a variety of infrastructure scenarios. This includes deployment as a hardware appliance, virtual appliance or standard software images. This will ensure that security controls can be applied uniformly across the entire infrastructure. Cyphort open platform architecture 4 2014 Cyphort, Inc. All Rights Reserved.

Cyphort Advanced Threat Defense Platform Cyphort Advanced Threats Defense Platform has been designed ground-up to become part of our customers security architecture. Cyphort platform is designed around four modules namely - Collector(s): This module collects network objects and metadata from network traffic using a SPAN or virtual TAP port where the traffic is to be inspected. These objects and metadata are combined and sent to the analysis module (known as the Cyphort Core) for detailed inspection and analysis. Core: The Cyphort Core is the central brain of Cyphort platform. The Core module inspects, analyzes and correlates the data and objects sent from the Collector(s) to determine if it presents a threat, and produces the relevant risk score for your organization. Manager: As the name suggests this is the management module for administering the solution, generating reports etc. This module co-resides with the Core, and is accessed via a Web browser. Mitigation: Similar to the manager module, remediation also co-resides with the Core. This is the module that generates data from inspecting objects and receiving CnC signals from the collectors. This data can be pushed to existing network infrastructure controls for continuous protection across all users. The mitigation data includes P addresses for Firewall rules, URLs and Domains for Secure Web Gateways (SWG), and SNORT signatures for IPS solutions to block ongoing attacks A unique set of Indicators can be generated from each object evaluated in the analysis phase that can be used to evaluate if the intended target of the attack was indeed compromised. This is known as an Infection Verification Pack (IVP), used for endpoint verification All modules function together using APIs that are available to our customers. Customers can replace some of these modules with their own custom modules or use the APIs to integrate with their existing infrastructure. Cyphort platform provide complete flexibility of deployment and can be deployed as a hardware appliance, software or as a virtual machine to protect across the organization. 5 2014 Cyphort, Inc. All Rights Reserved.

Cyphort APIs classification and use cases Cyphort Platform APIs can be divided into three categories 1. Input APIs These APIs pertain to sending potential malware carrying objects to the Cyphort core for inspection and analysis. Cyphort s own Collector module uses these APIs to send network objects and metadata to the Cyphort Core. One possible use case is if an organization has its own file carving capability, they can use the API to submit files directly to the Core for analysis. Here is a case study detailing this use case http://www.cyphort.com/wp-content/uploads/2014/03/cyphort_casestudy_onlinestorage1-web.pdf 2. Output APIs These APIs provide detection and mitigation information as the Core and collectors identify active threats. Some of the use cases for these APIs include Integration with existing security monitoring and alerting solutions so that he security teams can be notified of malicious events using a single mechanism Integration with Firewalls, Secure Web Gateways and IPS systems to automatically send mitigation information (IP addresses, URLs, Domains, SNORT signatures) to these devices to block malware communication. Integration with IT workflow and ticketing systems so tickets can be populated with the priority information and mitigation information and assigned to the appropriate personnel Integration of the infection verification functionality with the IT workflow systems so that the IVP binary can be sent to the endpoint for infection verification and results reported back and integrated with the remediation workflow Integration with existing antivirus solution management console so that malicious object MD5 can be added to the existing AV solution for blocking across the enterprise devices. About Cyphort: Founded in 2011 by a team of security experts, Cyphort advanced threat defense goes beyond malware detection to reveal the true intent of the attack and the risk to your organization with prioritized and expedited remediation. Our software-based approach combines best-inclass malware detection with knowledge of threat capabilities and your organizational context to cut through the avalanche of security data to get at the threats that matter and respond with velocity, in hours not days. 3. Management APIs These APIs provide access to management, monitoring and reporting functions in the platform. This allows our customers to completely bypass Cyphort management interface and integrate the platform directly with their own management platform. Here is a case study where Cyphort customer is using their existing management solution to manage Cyphort. http://www.cyphort.com/wp-content/uploads/2014/02/cyphort_casestudy_lgcloudenterprise1.pdf Conclusion Cyphort s Advanced Threats Defense Platform provides ideal security architecture for organizations that are using a diverse set of products for security. Cyphort s open and modular architecture combined with RESTful APIs provides an ideal solution that can add powerful threat detection and mitigation while leveraging existing security and management systems. CYPHORT, Inc. 5451 Great America Parkway Suite 225 Santa Clara, CA 95054 P: (408) 841-4665 F: (408) 540-1299 Sales/Customer Support 1-855-862-5927 (tel) 1-855-8-MALWARE (tel) 1.408.540.1299 (fax) Email: support@cyphort.com Copyright 2014 Cyphort, Inc. All rights reserved. 6 2014 Cyphort, Inc. All Rights Reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information