How To Protect Your Network From A Threat From A Rogue Host Or A Rogue Server From A Hacker (For A Fee)

Similar documents
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Adaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland

Sourcefire Next-Generation IPS

SourceFireNext-Generation IPS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Next-Generation IPS

How To Manage Sourcefire From A Command Console

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

How To Buy Nitro Security

Решения HP по информационной безопасности

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

The Need for Intelligent Network Security: Adapting IPS for today s Threats

Requirements When Considering a Next- Generation Firewall

McAfee Network Security Platform

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

IBM Security IBM Corporation IBM Corporation

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

Achieve Deeper Network Security and Application Control

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Achieve Deeper Network Security

Security strategies to stay off the Børsen front page

Introducing IBM s Advanced Threat Protection Platform

Secure Cloud-Ready Data Centers Juniper Networks

On and off premises technologies Which is best for you?

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

FROM PRODUCT TO PLATFORM

Cisco Cloud Web Security

AirWatch Solution Overview

Next Generation Enterprise Network Security Platform

Next-Generation Firewalls: Critical to SMB Network Security

I D C A N A L Y S T C O N N E C T I O N

QRadar SIEM and Zscaler Nanolog Streaming Service

How To Sell Security Products To A Network Security Company

Changing the Enterprise Security Landscape

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

QRadar SIEM and FireEye MPS Integration

Enterprise Buyer Guide

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

DATA CENTER IPS COMPARATIVE ANALYSIS

Symantec Advanced Threat Protection: Network

WEBSENSE TRITON SOLUTIONS

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Simplify and Automate IT

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Sun and Oracle: Joining Forces in Identity Management

NGFWs will be most effective when working in conjunction with other layers of security controls.

McAfee Next Generation Firewall

How To Improve Your Network Security

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink.

IBM Advanced Threat Protection Solution

Skybox Security Survey: Next-Generation Firewall Management

Simple, scalable, secure Complete BYOD solution Michael Lloyd HP- Enterprise Group

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

IBM QRadar Security Intelligence April 2013

<Insert Picture Here> Oracle Identity And Access Management

Secure Cloud Computing

COUNTERSNIPE

Endpoint Security for DeltaV Systems

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

The SIEM Evaluator s Guide

End-user Security Analytics Strengthens Protection with ArcSight

Enterprise Security Solutions

Belgacom Security Convention. Tuesday 15 October 2013, Aula Magna, Louvain-la-Neuve

Cisco Web Security: Protection, Control, and Value

Networking for Caribbean Development

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Q1 Labs Corporate Overview

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Cisco ASA 5500 as a Superior Firewall Solution

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

On-Premises DDoS Mitigation for the Enterprise

Simplify and Automate IT

IBM Security QRadar SIEM Product Overview

Defending Against Cyber Attacks with SessionLevel Network Security

Vulnerability Management

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Braindumps QA

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Top 10 Reasons Enterprises are Moving Security to the Cloud

Security Information & Event Management (SIEM)

Next-Generation Network Security: A Buyers Guide

Modular Network Security. Tyler Carter, McAfee Network Security

Customer Service Description Next Generation Network Firewall

McAfee Security Architectures for the Public Sector

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

C a r l G o e t h a l s T e r r e m a r k E u r o p e. C a r l. g o e t h a l t e r r e m a r k. c o m

SSL Inspection Step-by-Step Guide. June 6, 2016

IBM Security Intelligence Strategy

Transcription:

Next-Generation Intrusion Detection & Prevention Manuel Minzoni, Brand Manager ITWAY VAD

Today s Reality Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure. Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., The Future of Information Security is Context Aware and Adaptive, May 14, 2010 Dynamic Threats Organized attackers Sophisticated threats Multiple attack vectors Static Defenses Ineffective defenses Black box limits flexibility Set-and-forget doesn t work 5

Company Overview & Performance

Sourcefire Worldwide Locations Education & Professional Services Livonia, MI EMEA HQ Wokingham, UK Americas Sales Vienna, VA Worldwide HQ Columbia, MD Southern Europe Sales Paris, France Central Europe Sales Frankfurt, Germany Japan Sales Tokyo, Japan Asia Pacific HQ Singapore South American Sales Sao Paulo, Brazil ANZ Sales Sydney, Australia 8

9 Firemen Principles

About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. 10 Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE

Powered by Snort Global standard for Intrusion Detection and Prevention World s largest threat response community Interoperable with other security products Owned and controlled by Sourcefire, Inc. www.snort.org 11

Backed by the VRT 150+ Private & Public Threat Feeds Snort & ClamAV Community Insight Advanced Microsoft & Industry Disclosure 20,000 Malware Samples per Day Sourcefire Vulnerability Research Team (VRT) Research & Analysis Best-in-Class Threat Protection 12

Competitor Landscape

Gartner 2010 IPS Magic Quadrant FACT: Sourcefire has been a leader in Gartner s IPS Magic Quadrant since 2006. The Magic Quadrant is copyrighted 6 December 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's 14 analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Sourcefire Insights Versus McAfee [McAfee] isn t considered widely by enterprises and channel partners as a strong network network security provider. - Gartner 2010 IPS MQ Report [ability to execute] Larger channel & support infrastructure 15 Key Sourcefire advantages: Open detection engine & rules Real-time impact assessment Automated IPS tuning Broad third-party integration Virtual IPS offerings [completeness of vision] Broader product portfolio

NSS Labs Group IPS Test Block Rate Comparison Source: Graphic used with permission by NSS Labs. Network Intrusion Prevention Systems Comparative Test Results, December 2009. 16

NSS Labs Group IPS Test Resistance to Evasion Juniper missed 60% of evasions TippingPoint missed 80% of evasions Cisco missed 100% of evasions Source: Graphic used with permission by NSS Labs. Network Intrusion Prevention Systems Comparative Test Results, December 2009. 17

Second-Annual NSS Labs IPS Group Test 18 About the Test Published December 2010 11 vendors evaluated 1,179 live exploits 75 anti-evasion test cases No cost to vendors to participate Sourcefire Test Results Recommend rating Best overall detection Best vulnerability coverage Best vendor-stated vs. actual performance No evasions

Best Overall Detection Second Straight Year! 98% 97% 95% 94% 93% 91% 85% 83% 79% 63% 43% 19 Graphic by Sourcefire, Inc. Source data from NSS Labs Network IPS 2010 Comparative Test Results.

Best Vulnerability Coverage Second Straight Year! Sourcefire Vendor 2 Vendor 3 Vendor 4 Vendor 5 Vendor 4 Vendor 6 Vendor 7 Vendor 8 Vendor 9 Vendor 10 6 Vendor 10 Vendor 11 20

Best Vendor-Stated vs. Actual Performance Second Straight Year! 180% 160% 140% 161% Sourcefire s 2G IPS achieved 3.2G for 161% of vendor-stated performance 120% 100% 80% 60% 40% 20% 0% 115% 113% 100% 81% 49% 40% 39% 100% Performance Baseline Most IPS products achieved well below vendor-stated performance claims 35% 20% 17% 3% 3% 21 Graphic by Sourcefire, Inc. Computations derived from NSS Labs Network IPS 2010 Comparative Test Results.

Anti-Evasion Testing Sourcefire Vendor 2 Vendor 3 Vendor 4 Vendor 5 Vendor 6 Vendor 7 Vendor 8 Vendor 9 Vendor 10 Vendor 11 22

IPS Solutions

Unique Solutions for Unique Markets Sourcefire IPS Portfolio Network Generalists Simplicity Security Specialists Feature Rich IPSx IPS NGIPS 24

Sourcefire IPS Solutions Portfolio 25 IPSx IPS NGIPS IPS Detection & Blocking Snort Rules & SEUs Reports, Alerts & Dashboard Policy Management Advanced Policy Mgmt. Snort Rule Editing Custom Workflows & Tables Impact Assessment Automated Tuning Host Profiles & Network Map Network Behavior Analysis Application Monitoring User Identity Tracking

Target Markets IPSx IPS NGIPS Target User Typical Deployments Key Benefits Network Admin IT Generalist Security Specialist Perimeter All All Ease of deployment Simplified mgmt. Satisfy compliance Open architecture Advanced policy mgmt. Detailed events Custom workflows Security Specialist All IPS benefits, plus: Context aware Impact assessment Automated tuning Network visibility App monitoring User identity tracking Purchase Motivations Value oriented Set and forget Regulatory compliance Best-of-breed security Granular, flexible policy Event details / analysis IPS motivations, plus: Automating key tasks Network visibility Rapid response 26

Solution Ingredients DC750x + = IPSx Sensors IPSx Solution Defense Center + = 3D Sensors IPS Solution Network Application Behavior Identity + = 3D Sensors NGIPS Solution 27 Defense Center Awareness Bundle

Appliances / 3D8000 Series

Introducing Sourcefire 3D8000 Series Speed Meets Flexibility 29

3D8000 Series Performance 3D8140 3D8250 3D8260 Model Throughput 10 Gbps 20 Gbps 40 Gbps IPS Throughput 6 Gbps 10 Gbps 20 Gbps 30

3D8000 Series Product Line 31 All 3D8000 Series chassis support lights out management, solid state drives, redundant power, and an LCD interface.

Hardware Platform Sets New Standard for Security Appliances Modular Choose number and type of ports Lower Entry Prices Expandable Add ports as needed Scalable Add processing power as needed 32

SSL Appliance

SSL Blind Spots Network and security appliances are blind to the contents of SSL-encrypted communications 34

Deployment Mode: Inbound SSL Inspection Common Control/Management Decrypted (Inspected) Non-SSL SSL The Security Stack IPS/IDS/DLP/Foren sics/siem Transparent SSL Proxy Web Browser (SSL Client) Internet/WAN Web Servers (SSL Servers) Session 1 Session 2 35

Deployment Mode: Outbound SSL Inspection The Security Stack IPS/IDS/DLP/Foren sics/siem Common Control/Management Decrypted (Inspected) Non-SSL SSL Transparent SSL Proxy Web Browser (SSL Client) Internet/WAN Web Servers (SSL Servers) SSL Proxy Session 1 Session 2 SSL Server 36

SSL Appliance Features and Benefits Feature Inbound inspection Outbound inspection Transparent proxy SSL policy enforcement Fast path capability Benefit Greater protection for internal servers from SSLbased threats Prevents enterprise data leakage Minimizes disruption to network configuration; Compatible with ALL security devices Detects invalid or unauthorized certificates; selectively inspects SSL traffic Lower latency of sensitive traffic via cut-through 37

How It Works

Intelligent Correlation to the Target 3D SENSOR WINDOWS SERVER Attack Blocked Windows server vulnerable 3D SENSOR 3D SENSOR Attack Is Correlated to Targets LINUX SERVER Linux server not vulnerable Blocked Event Logged DEFENSE CENTER 3D SENSOR Latest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. Highpriority event generated for Windows Server target. 44

Intelligent Anomaly Detection 3D SENSOR Abnormal Behavior Logged & Alerts Triggered 3D SENSOR DEFENSE CENTER New rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate. 45 3D SENSOR Abnormal Behavior Detected Hosts Compromised 3D SENSOR New Asset Detected IT Remediates Hosts

Intelligent Application Violation 3D SENSOR 3D SENSOR Compliance Event Logged & User Identified DEFENSE CENTER 3D SENSOR 3D SENSOR IT & HR Contact User Security team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR. 46 P2P App Triggers Whitelist Violation

Sourcefire Products & Services

Next-Generation IPS Defense Center Management Console Intrusion Prevention Awareness Technologies Networks Apps Behavior Users SSL Inspection Virtualization 49

Virtual Appliances for VMware & Xen Sourcefire Virtual 3D Sensor Identical IPS Sensor functionality Available throughputs: 5, 45, 100, 250 & 500 Mbps Sourcefire Virtual Defense Center Management Console Identical Defense Center functionality, except no Master Defense Center (MDC) mode Manages both physical and virtual IPS 3D Sensors 50

What is RNA? Sourcefire s Secret Sauce Passive network intelligence Fuels powerful IPS automation: Impact Flags Automated IPS Tuning Compliance Rules & White Lists Network Behavior Analysis Detects hundreds of operating systems and applications 51

Real-Time User Awareness (RUA) RUA gives personality to security and compliance events! Clicking on a username reveals full name, telephone number, email, and department Resolve security events more quickly when time is of the essence Integrated into all Sourcefire 3D Sensors Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two. Tamara Fisher, AutoTrader.com 52

Sample Sourcefire Detection Applications Hundreds of Apps, OS s & Devices! Operating Systems Network Infrastructure Consumer 53

Sourcefire Appliance Product Lines Sourcefire Defense Center Virtual Appliances DC500 Sourcefire 3D Sensor 3D500 5 Mbps 54 3D1000 45 Mbps 3D2000 100 Mbps DC1000 DC3000 3D2500 500 Mbps 3D2100 250 Mbps 3D3500 1 Gbps 3D4500 2 Gbps 3D6500 4 Gbps 3D9900 10 Gbps Sourcefire SSL Appliance

3D System 4.10 Highlights 56 Expanded Application & User Awareness Detect Facebook, Blackberry, Hotmail & more Nmap update detects 2,500+ operating systems Encrypted RUA communications Enhanced Deployment & Operation Inline IPS test mode Support for auth. SMTP gateways & web proxies Improved Third-Party Integration Direct database access for third-party reporting Support for SNMP polling Support for new Crossbeam products Improved Performance & Usability Improved GUI performance Track reviewed events by user Simpler installation of customer SSL certificates Refer to What s New in 3D System 4.10 document for more information

57 Customizable Dashboard

Comprehensive Ecosystem Network Infrastructure SIEM / Log Management Configuration Management Incident Management 58 Vulnerability Management Systems Management

Sourcefire Services I can t say enough about the guys from Support. The phone gets picked up the moment I call. They stick with an issue diligently and make sure I get what I need. No other company has given me that level of service. Robert Wagner Senior Security Architect Customer Support 24x7 phone, email, and web support Advanced hardware replacement Training & Certification Public and on-site training Sourcefire & Snort certifications Professional Services Assistance with installation and optimization Knowledge transfer and best practices 59

Why Sourcefire? Powered by Snort Driven by Awareness Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the Old Way! Try the Next Generation in Intrusion Detection & Prevention. 60

61 Questions & Next Steps