EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Similar documents
Protection Against Advanced Persistent Threats

SourceFireNext-Generation IPS

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Why Use Big Data for a Security Service?

Cisco Advanced Malware Protection

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Requirements When Considering a Next- Generation Firewall

Integrating MSS, SEP and NGFW to catch targeted APTs

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Braindumps QA

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Modular Network Security. Tyler Carter, McAfee Network Security

The Hillstone and Trend Micro Joint Solution

The Need for Intelligent Network Security: Adapting IPS for today s Threats

Intelligent Cybersecurity for the Real World

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

McAfee Network Security Platform

Cisco Advanced Malware Protection Sandboxing Capabilities

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Cisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi

Evolution Of Cyber Threats & Defense Approaches

IBM Endpoint Manager Product Introduction and Overview

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Content Security: Protect Your Network with Five Must-Haves

BEFORE. DURING. AFTER. CISCO'S INTEGRATED SECURITY STRATEGY NIALL MOYNIHAN CISCO EMEAR

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Unified Security, ATP and more

Cisco ASA und FirePOWER Services

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Deploying Next Generation Firewall with ASA and Firepower services

RSA Security Analytics

End-user Security Analytics Strengthens Protection with ArcSight

Sourcefire Next-Generation IPS

Next Generation Firewalls and Sandboxing

24/7 Visibility into Advanced Malware on Networks and Endpoints

Towards Threat Wisdom

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Security Intelligence Services.

Hope is not a strategy. Jérôme Bei

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

FROM PRODUCT TO PLATFORM

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Concierge SIEM Reporting Overview

Fighting Advanced Threats

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Risk-based security buyer s guide:

Windows Server 2003 End of Support. What does it mean? What are my options?

IBM Advanced Threat Protection Solution

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

ENABLING FAST RESPONSES THREAT MONITORING

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

How To Build Security By Silo

SANS Top 20 Critical Controls for Effective Cyber Defense

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

AppGuard. Defeats Malware

Endpoint Threat Detection without the Pain

Devising a Server Protection Strategy with Trend Micro

Cisco RSA Announcement Update

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Defending Against Data Beaches: Internal Controls for Cybersecurity

Vulnerability Management

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Deep Discovery. Technical details

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

Breach Found. Did It Hurt?

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Addressing Advanced Web Threats. Addressing Advanced Web Threats: Protect Your Data and Brand

Devising a Server Protection Strategy with Trend Micro

Looking Ahead The Path to Moving Security into the Cloud

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

From the Bottom to the Top: The Evolution of Application Monitoring

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Delivering Control with Context Across the Extended Network

Cisco Cybersecurity Pocket Guide 2015

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

WildFire. Preparing for Modern Network Attacks

Defending Against Cyber Attacks with SessionLevel Network Security

Next-Generation Network Security: A Buyers Guide

Connected Threat Defense Strategy. Eva Chen, Co-Founder and CEO

Transcription:

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate

Industrialisation of Threat Factories Goal: Glory, mode: Noise Goal Profit, mode: Stealth VIRUSES MACRO VIRUSES WORMS HACKERS SPYWARE / ROOTKITS APTs MALWARE 1985 1995 2000 2005 2010 Attackers and defenders drive each other to innovate resulting in distinct threat cycles

BlackHole Exploit Kit 28% Internet Threats Recent Vulns, Iframe Injection

New Model of Security A T T A C K C O N T I N U U M BEFORE DURING AFTER See it, Control it Intelligent & Context Aware Retrospective Security Network Endpoint Mobile Virtual Point-in-Time Continuous

There is no Silver Bullet You need to address the full Attack Continuum Before Policy & Control Discover environment Implement policy and control Harden assets During Identification & Block Detect Prevent After Analysis & Remediation Determine scope of damage Contain the spread of attacks Remediate What is needed is a new Technique to protect your organization

Before the Threat: Discover Your Environment Before Policy & Control Threats Devices Applications Flow Vulnerabilities OS Users Files

Before the Threat: Implement Policy & Control Before Policy & Control Policy Enforcement: Application Control: Automated Tuning: URL Filtering:

During the Threat: Security Intelligence Contextual Decisions During Identification & Block

World Class Research Global Data Collection Openly Published During Identification & Block Content A focused list of the vulnerabilities you re most likely to be affected by *this week* Top in field malware detections last week Notable new attack methods, and how attacks work http://vrt-blog.snort.org

Intelligence by the numbers During Identification & Block 14,443,920 pieces of malware submitted for analysis >2,250,000 end points feeding real-time threat intelligence to FireCLOUD 98.9% Industry s best vulnerability coverage achieved in NSS Labs IPS group test 100% Same-day protection for Microsoft vulnerabilities for all customers

After the Threat: Leverage Context Browse all application traffic Look for risky applications After Analysis & Remediation Who is using them? What else have these users been up to? On what operating systems? What does their traffic look like over time?

After the Threat: Continuous Analysis & Remediation Network Detection Endpoint Remediation After Analysis & Remediation

After the Threat: Device Trajectory After Analysis & Remediation Root Cause Other Threats of Interest What it s Doing?

After the Threat: File Trajectory After Analysis & Remediation The point of entry The time of entry Systems Infected

After the Threat: Network File Trajectory After Analysis & Remediation The time of entry

Address the Entire Attack Continuum Before Policy & Control Discover Environment Implement Access Policy Generate Integrity Baseline Next Gen Firewall Application Control Vulnerability Management Asset Discovery During Identification & Block Detect Prevent Anti-Malware Intrusion Prevention Flow Analysis After Analysis & Remediation Determine Scope Contain Remediate Forensics Contextual Analysis 3 rd Party Tool Support

Addressing Threat Evolution Vendors Like Segmented Problems - viruses, intrusions, malware, worms, exploits, root kits, APTs, RATs what are all these things vendor language for threats Threat Continuum = Acronym Innovation Cycle? Obsession with Winning Detection Race With Bigger, Single Barrel Guns Assumptions About Detection Performance are Unrealistic

Detection Race Defining a Failed Technology Frames New Technology as Advancement Vendor Should Focus on What is Not Working Not On Infosec Arms Race Amazing How Quickly Countermeasures Are Redundant Failed Detections Are Expensive! Skills and Costs Massively Higher The Detection Race Hurts the Technology Buyer

Guns Need Bullets Sandboxing FW/VPN AV Block or Allow PKI IDS / IPS UTM It matches the pattern NAC No key, no access Application Control No false positives, no false negatives. Fix the Firewall Self Defending Network Detect the Unknown

Technique Vs Technology Technology Lifecycles are Short Modular Frameworks With Multiple Technologies Give Longer Technology Cycles Allow Technologies to Co-Exist Let s Look At 2 Emergent Technologies

Technology Example: Sandboxing Point In Time Analysis Enterprise On Prem Analysis Sleep Techniques Unknown Protocols Encryption Performance Detected Clean - Analysis Stops Continuous Analysis - Cloud You can t detect 100% Visibility and Control are Key Detected Clean Analysis Continues - Retrospective Alert

Technology Example: IOCs Generic Indicators of Compromise Attack Pathology May be Behavioural, Intrinsic Characteristic, Almost Anything Process Name, Communication Metadata, Registry Key, Encoding Can Be Shared Weak Signal In Isolation - Can Be Weighted Particularly Promising As An Analysis and Recognition Technology Post Compromise

Cloud Enables Technique Both These Technologies Are Promising Centralised Support and Huge Processing Capability Co- Ordinates Many New Technologies and Reinvigorates the Old

Detection Lattice Co-Ordinated Detection Technologies One-to-One Fuzzy Fingerprinting Signature-based, 1 st line of defense, Coarse ACL Sandbox Code Behavioural Analysis Machine Learning Analyzes 400+ attributes for unknown malware IP And File Reputation Massive Repository of File and IP Disposition Algorithms identify polymorphic malware IOC Indicators of Compromise Weighted Decisions Advanced Analytics Combines data from lattice with global trends Cloud Recall Engine Retrospective Analysis Cloud-based delivery, results in better protection plus lower storage & compute burden within the Enterprise

Continuous Capability Coherent & Co-Ordinated Collective Security Intelligence NETWORK ENDPOINT MOBILE VIRTUAL CONTINUOUS + POINT-IN-TIME NGFW NGIPS AV AMD

Breadth & Depth Address the Entire Attack Continuum Network Contextual Awareness Control Automation Endpoint BEFORE DURING AFTER See it, Control it Lightweight Connector Desktop Mobile Virtual Integrated Response Intelligent & Context Aware Network Malware Detection Endpoint Malware Detection Retrospective Security Retrospective Alerting Trajectory Trajectory Device Flow Correlation File Analysis Indications of Compromise Outbreak Control Forensics

Open Platform Open Detections, Open Data Model BEFORE DURING AFTER See it, Control it Intelligent & Context Aware Retrospective Security Vulnerability Management Custom Detection Full Packet Capture NAC Incident Response Network Access/Data Capture Visualization SIEM Sourcefire STP Program API Framework

More @VRT_Sourcefire http://vrt-blog.snort.org www.sourcefire.com go.sourcefire.com/sourcefirechalktalks VRT Service Blog

THANK YOU Dean Frye Sourcefire Session ID: Session Classification:

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information