Non-Geeks Guide to. Network Threat Prevention



Similar documents
On-Premises DDoS Mitigation for the Enterprise

Bridging the gap between COTS tool alerting and raw data analysis

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Next-Generation Firewalls: Critical to SMB Network Security

First Line of Defense to Protect Critical Infrastructure

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

Internet threats: steps to security for your small business

End-user Security Analytics Strengthens Protection with ArcSight

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Hillstone and Trend Micro Joint Solution

Cisco Advanced Malware Protection

Defending Against Cyber Attacks with SessionLevel Network Security

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

SourceFireNext-Generation IPS

The Attacker s Target: The Small Business

The SIEM Evaluator s Guide

Securing the Intelligent Network

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Breach Found. Did It Hurt?

Cybersecurity and internal audit. August 15, 2014

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

1. Thwart attacks on your network.

SANS Top 20 Critical Controls for Effective Cyber Defense

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Building a Business Case:

The Importance of Cybersecurity Monitoring for Utilities

Extreme Networks Security Analytics G2 Vulnerability Manager

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Carbon Black and Palo Alto Networks

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Cisco IPS Tuning Overview

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Requirements When Considering a Next- Generation Firewall

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

How To Protect Your Cloud From Attack

Achieve Deeper Network Security

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

10 Things Every Web Application Firewall Should Provide Share this ebook

Open Source Software for Cyber Operations:

Cisco Security Optimization Service

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Business Case for a DDoS Consolidated Solution

The New PCI Requirement: Application Firewall vs. Code Review

Critical Controls for Cyber Security.

Breaking the Cyber Attack Lifecycle

Symantec Cyber Security Services: DeepSight Intelligence

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Fighting Advanced Threats

Vulnerability Management

HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking

Networking for Caribbean Development

Zone Labs Integrity Smarter Enterprise Security

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Deploying Firewalls Throughout Your Organization

Information Security Services

How To Secure Your System From Cyber Attacks

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

The Advanced Cyber Attack Landscape

I D C A N A L Y S T C O N N E C T I O N

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

COUNTERSNIPE

How To Sell Security Products To A Network Security Company

IBM Security QRadar Vulnerability Manager

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

NETWORK SECURITY. 3 Key Elements

Content Security: Protect Your Network with Five Must-Haves

Managing Web Security in an Increasingly Challenging Threat Landscape

The Cisco ASA 5500 as a Superior Firewall Solution

OPC & Security Agenda

Out-of-Band Security Solution // Solutions Overview

Moving Beyond Proxies

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Complete Protection against Evolving DDoS Threats

Common Cyber Threats. Common cyber threats include:

A PROVEN THREAT A TRUSTED SOLUTION MCCANN CYBER SECURITY SOLUTIONS

THE ROLE OF IDS & ADS IN NETWORK SECURITY

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

Transcription:

Non-Geeks Guide to Network Threat Prevention 1

2 Table of Contents The Evolution of Network Security Network Security: A Constantly-Evolving Threat Why are networks at more risk than ever before? Evaluating Security Technology Vendors Why the Big Brand May Not be the Best Option Step 1: Find a Lean and Agile Vendor Step 2: Run a Proof of Concept Step 3: Breaking Down & Understanding Different Solutions Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS) Next-Generation Firewall (NGFW) Breach Detection Systems (BDS) Next-Generation Intrusion Prevention System (NGIPS) The Bricata Difference How does this benefit your organization? Stop Letting Threats Rule Your Network About Bricata About Patriot 3 3 3 4 4 5 6 7 7 8 8 8 8 9 9 10 10 10

3 The Evolution of Network Security It seems every week brings a new headline about a major data breach: 40 million credit card numbers compromised. 80 million customers and employees affected by a data breach. 8.8 to 18 million non-customers affected by latest corporate hack....and so on. While large organizations are experiencing an increasing number of attacks, these headline-worthy data breaches often overshadow the many cybercrimes affecting small organizations. Perhaps the most intriguing aspect of these breaches is the fact that they occur in organizations large enough to afford threat detection and prevention systems. Yet these companies neglect to act because they deem cybersecurity too expensive, unnecessary, or simply not worth the effort. Security solutions, especially for small businesses, are often not a priority initiative for decision-making executives. However, the fact remains that any business storing personal data is at risk for an expensive, potentially ruinous cyber attack. Many managers understand what can go wrong; networks can be compromised, data can be stolen and businesses can be the victim of yet another major cybercrime. However, most people outside of IT do not understand why these threats are so difficult to identify and neutralize. Network Security: A Constantly-Evolving Threat There is a commonly held belief among high-level cyber security professionals: You have been breached already. If you don t know it yet, it s because your security solution isn t good enough. Why are networks at more risk than ever before? There are several factors contributing to the changing nature of network security: Newly discovered vulnerabilities, including zero-day vulnerabilities, have not yet been addressed by large security vendors. The increasing number of bring-your-own-device policies that allow potentially infected devices to connect to a network.

4 The dissolution of the traditional network perimeter resulting from the advances in wireless technology. The increasing amount of sensitive customer data being stored on company servers, making even small organizations an appealing target for hackers. No one wants to talk about it, but due to the above reasons (and more), cyber security measures are no longer optional for small businesses they must be a top priority. In fact, a 2014 Ponemon study concluded that the average cost of a data breach was $3.5 million, up 15 percent from 2013. Equipped with the right defense systems, organizations can be better protected from cyber threats. Choosing the best security solution is a simple matter of knowing a few important facts, yet most executives are oblivious to what these facts are. The alarming truth is that protecting an organization from cyber threats, regardless of size, is not as costly or time-consuming as you might think. You have been breached already. If you don t know it yet, it s because your security solution isn t good enough. It used to be difficult to quantify the value of network security and threat detection, but recent hacks have provided hard numbers about the value of preventing threats. The 2014 Sony Pictures Entertainment hack, for example, cost the company a reported $15 million in third quarter of 2014 alone. Some experts estimate the attack could end up costing the studio as much as $100 million dollars. Numbers like that make the cost of cyber security much more affordable in comparison. Finding the right solution is important, but how can an organization review potential vendors and solutions in order to find the right one? Evaluating Security Technology Vendors Why the Big Brand May Not be the Best Option With an understanding of the significant security risks facing all businesses not just megacorporations like Sony or Target you may be wondering what you can do to mitigate the risk of a cyber attack. You know you need a security solution, but you are not sure which solution vendor can do the following: Analyze your organization s IT infrastructure, including your network Identify flaws and potential security vulnerabilities Create a solution that addresses these flaws and actively identifies vulnerabilities in the future

5 Cater to your individual requirements as opposed to including, and making you pay for, features you do not need If your organization has an existing security solution in place, your vendor will naturally be biased towards their own product. However, those solutions may not be the best fit for your company. Often, representatives responsible for evaluating and selecting solutions feel like they are stuck with a vendor or product set. Even worse is when the security solutions a company is stuck with do not deliver the threat detection and prevention needed. Another challenge of being stuck with a single vendor is that a brand s solutions are designed for vertical integration. This means one solution offered by a vendor is designed to integrate with the rest of that brand s offerings. In some cases, this means committing to a vendor s entire line of solutions, not just the specific implementation needed by your organization, even if it means some specific solutions are not as capable as others. Why purchase Microsoft Office Pro if you only need Word every now and again? IT managers should be focused on solutions that implement the latest, most effective technology, not being tied to a brand because that is just the way it has always been. This freedom empowers IT managers to pursue the solution that is the best fit for their company, not simply the one offered by their existing vendor. Instead of being burdened with a brand s entire line of security solutions, select a vendor who is able to develop and deploy solutions that respond to the evolving security landscape. Step 1: Find a Lean and Agile Vendor Cyber security is a constantly evolving field. Programmers, hackers and cyber-criminals find new vulnerabilities to exploit every day. If a security vendor cannot keep up with these rapid changes, your organization s sensitive data is at risk. Large security brands especially struggle to adapt to these changes. Why? Because there are more committees, procedures and bureaucratic processes involved in making a decision. Because there are hoops to jump through, it simply takes too long to respond to evolutionized threats. If large companies have such a hard time evolving their security solutions, how do they stay in business? A 2014 Ponemon study concluded that the average cost of a data breach was $3.5 million In most cases, a large security vendor has a hit piece of software which companies will rely on for the next five to seven years. Although the solution may be effective in the short term, updates and patches eventually make the software bloated and ineffective.

6 Instead of selecting security software based on what s popular (or what was popular a few years ago), a wiser course of action is to go with a lean organization. They can adapt to new threats much more quickly, without the burden of bureaucracy. In many cases, a smaller, agile organization may be able to quickly develop custom solutions for your organization s unique security needs. Step 2: Run a Proof of Concept The best way to determine if a company s solution is right for your organization is to run a proof of concept. This means having a prospective vendor install a solution s hardware and software, then letting it run for a predetermined length of time. Running a proof of concept has a number of distinct advantages for your organization: Why purchase Microsoft Office Pro if you only need Word every now and again? A/B testing: A proof of concept can run alongside existing solutions, making it easy to compare and see if the new solution will find security threats not detected by the existing solution. First-hand evidence: It lets you see exactly how it works for your company no speculation, no fancy case studies just tangible evidence. Risk-free setup: The upfront cost is minimal, and in some cases there is no cost for the prospective client. Prospective vendors provide the hardware, guidance and tech assistance for a proof of concept. A proof of concept generally lasts 30 days, but may extend longer. In most cases, the vendor sends representatives to install the hardware and set up the solution in your network, often at little or no out-of-pocket cost. In some scenarios the solution can be installed and configured simply by phone, reducing the likelihood of any upfront cost at all. Why would even small vendors be willing to run a proof of concept? Simple: because they are confident enough in their product to know that when their solution is compared to the existing security system, the potential customer will see the value of the new solution. IT managers responsible for acquisition should be mindful of the following things during a proof of concept: Do you like the interface? You will be using it frequently, so an easy-to-use interface is important. Does the test system pick up on potential threats you already know about? Does one system pick up more security threats than the other? Will the vendor be able to adapt to new security threats quickly?

7 Running a proof of concept gives you tangible substantiation of whether a new solution works or not. And since multiple solutions can run concurrently (as you ll learn about in the next chapter), there is no need to deactivate your current network security system. This means there is virtually no risk for you to run a proof of concept, only gain. Step 3: Breaking Down & Understanding Different Solutions Regardless of the vendor, not all next-generation security solutions are created equal. You have to pick the technologies that are most suitable for your unique business environment. By understanding the choices your organization has for system security, you will be better equipped to evaluate vendors. You will also see how multiple security solutions can be implemented concurrently in order to provide greater degrees of detection and protection. The following is a summary of the most common next-generation network security systems. The alarming truth is, that protecting an organization from cyber threats, regardless of size, from cyber threats is not as costly or time-consuming as you might think. Intrusion Detection Systems (IDS) An IDS is one of the most comprehensive security technologies available. In fact, many commonly used IDS deployments are so powerful that they could have detected and prevented many of the major security breaches that made national headlines. These systems work by analyzing incoming packets of data from a monitoring port and comparing the traffic to known threat signatures. There are approximately 13,000 publicly disclosed vulnerabilities in 2013 and more than 200,000 new and unique samples of malware a day. The system then sets off an alarm if abnormal activity is detected. IDS is different from traditional firewalls in that it can detect malicious traffic that firewalls miss, such as unauthorized logins, malware, network attacks against services, trojan horses, worms and more. Because an IDS provides deep visibility into network activity, it can be used to identify problems with an organization s security policy. Through its intrusion prevention efforts, IPS allows analysts to manage the threat and prevent future intrusions. The downsides of IDSs are their lack of scalability and tendency to report false positives. To counteract these shortcomings, many IT administrators will deploy multiple solutions concurrently so the results can be compared and analyzed.

8 Intrusion Prevention Systems (IPS) An IPS uses signatures, heuristics, and IP reputation to identify vulnerabilities. It sits inline with traffic flows on a network, then actively stops attempted attacks as they are sent. This is done by terminating the network connection and blocking access to the target from the identifying attribute (user, IP address, etc.). Next-Generation Firewall (NGFW) While different vendors will have different definitions of what constitutes a NGFW, it is generally known as a device that enforces network policy across all network data. Thus, instead of just applying policy to network header information, the NGFW allows a single device to act as both a traditional firewall and an IPS. Breach Detection Systems (BDS) A BDS uses multiple techniques to analyze and report malicious traffic. Because of this dynamism, many consider BDS to be a next-generation intrusion prevention system (NGIPS), when in fact, BDS is simply complementary to NGIPS. A BDS is primarily focused on malware. It analyzes suspicious code and identifies communication with malicious hosts. This enables the BDS to provide enhanced detection of malware, zero-day and targeted attacks that could bypass NGFW, IPS and IDS. Due to latency issues with BDS scanning, it normally operates out-of-band in detection mode. Next-Generation Intrusion Prevention System (NGIPS) NGIPS was designed as a response to the newest computing trends: remote workers, bring-your-own-device policies, increased use of web applications and wireless networks. These developments make it easier for malware-infected end-user devices to connect to a network and compromise network security. An NGIPS combats this by modeling entire protocols, noting precisely where and what safe data should be and comparing that to what is actually seen. Abnormalities are then reported as potential threats. By applying protocol modeling and threat modeling, and applying these to transports, an NGIPS provides deep content awareness in the context of user data and files to give administrators a clear look at where potential threats on a network lie. This allows networks to intelligently review data for potential threats much more effectively than standard pattern matching.

9 An NGIPS includes the following features: Intrusion prevention Application identification User and group identification Evasion resistance High stability Transparency The Bricata Difference With so many types of solutions to identify and respond to threats, knowing which combination of security systems can best protect your organization s network may be confusing. Rather than pick one over another, take a different approach to security and threat detection. Bricata s approach has no feature bloat the only systems and features you have are the ones you need. Rather than an all-in-one solution, our solution provides your IT department with a precise set of tools for specific threat detection. This delivers a much better way to detect and deal with security threats. How does Bricata offer this superior solution? By merging NGIPS and BDS together. Through capturing packet data and storing it, the Bricata solution provides analytics for what we call big data security. It is the power of big data fused with the latest in security technology. How does this benefit your organization? It provides smarter threat detection It identifies malicious code that doesn t meet traditional threat signatures It alerts IT managers to abnormal network activity in real time often at the first sign of a breach and allows for early response Your organization can find and neutralize threats before cyber attacks occur. We use multithreaded architecture to achieve unparalleled performance. We can perform advanced, deep level inspection for all seven layers of the stack, including: Next-generation IPS full packet capture Contextual awareness and analytics Event management

10 Log aggregation Log correlation Data protection and loss prevention Policy enforcement capabilities This delivers a high-speed, next-generation intrusion prevention solution at the lowest cost possible and all in one box. Stop Letting Threats Rule Your Network With the rapidly evolving techniques of cybercriminals and hackers, your network needs a next-generation solution that does more than identify existing (and outdated) threat signatures. Remember, You have been breached already. If you don t know it yet, it s because your security solution isn t good enough. About Bricata Bricata is pioneering the Next Generation of Intrusion Prevention Systems with innovative, high-throughput security and data protection solutions. Our ProAccel line enables enterprises of all sizes to safeguard their networks and ensure timely and actionable threat detection without inhibiting user productivity. ProAccel is the only NGIPS that includes full packet capture capabilities to provide complete contextual awareness of security incidents. Bricata products leverage advances in high-speed computing and couple multi-threaded software architecture to offer greater efficiencies that increase speed and detection performance up to 300 Gbps in a single appliance at roughly half the cost of traditional intrusion prevention solutions. These advancements enable Bricata s clients to minimize the time, risk and expense of maintaining an intrusion prevention infrastructure resulting in greater productivity and stronger compliance at a dramatically reduced cost. For more information, visit www.bricata.com. About Patriot Patriot Technologies is an IT consulting and contract manufacturing solutions provider. Our experienced staff works closely with clients the world over to solve real business issues with technology. Patriot offers complete solutions for cyber security, manufacturing & logistics, data centers, end-user computing. For nearly 20 years, government and commercial organizations have relied on Patriot to increase business agility, lower their total cost of ownership, and minimize risk through consolidation, optimization, and visibility. For more information, visit www.patriot-tech.com.

11 8000 Towers Crescent Dr., Suite 1350 Vienna, VA 22182 info@bricata.com 703.847.3650 5108 Pegasus Ct, Frederick MD 21704 301-695-7500

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information