A New Era of Cybersecurity Neil Mohammed, Sales Engineer Copyright 2015 Raytheon Company. All rights reserved.
R W Market Advantages Strong Financial Backing Accelerated Innovation Increased Breadth and Depth Full spectrum of security solutions that span the full life cycle of advanced external attacks Sophisticated insider theft controls Greater Integration Tighter security unified across networks, the cloud, endpoints and mobile devices Higher value through less hardware, fewer consoles, and lower training requirements
Learning from History Recent Failures General Dynamics Boeing Commercial and Federal are Different Separation must be at the Highest Level Product Synergy Must Make Sense
Types of Merges/Acquisitions Conglomerate Horizontal Vertical
ThreatScope Sandbox Technology Applies ACE analytics Infection process post-infection activity Track infected system activity System level events/behavior/changes Processes, registries, files, etc. Communication monitoring Connection type, method, etc.
ThreatScope Reporting
SureView Threat Protection Capabilities and Differentiators Detection framework encompasses static, behavioral, heuristic, signature-based, file context, metadata and machine learning methods Proprietary hypervisor technology thwarts attacker attempts to evade virtual machines Enhanced visibility with advanced endpoint capabilities Detection and Prevention modes of operation Extensible detection framework to quickly integrate proprietary and third-party solutions Threat Sandbox detects zero-day attacks across web, email, and endpoints 7
SureView Threat Protection Malware (Email) Infection Detection Use Case: Malware Detected from Email Attachment 1. Email platform receives email with attachment 2. Email platform queries SureView Threat Protection platform in real-time to determine whether or not email attachment contains malware 3. SureView Threat Protection platform runs file through multiple malware detection algorithms, including sandboxing and machine learning 4. If presence of malware is determined, SureView Threat Protection platform can block the email in realtime 5. Analyst receives malware alert in Web UI 8
Sandbox Roadmap
Beyond Feature/Function
1
Visibility is at the Crux of the Issue The digital revolution has obfuscated visibility Organizations cannot manage threats they cannot see 1
SureView Insider Threat Capabilities and Differentiators Comprehensive user activity monitoring across all channels at endpoint DVR-like playback forensics capabilities Proven scalability and performance based on Easy-to-author and flexible policy creation capabilities with deployment at some of the largest environments pre-packaged policy packs Built-in privacy protection Complete visibility into and context around end user activity and behavior Easy aggregation of external data and integration of third-party and custom analytics 13
SureView Insider Threat Management Controls Role-based Access Robust Operator Auditing Segregation of Collected Data Chain of Custody Features Non-technical Oversight Integration with 3 rd party enterprise tools such as epo and various SIEM s -ArcSight, Splunk, etc. Access based on role, business needs, and authorization 1
SureView Policy-Driven Auditing AUDITED ACTIVITY File write to removable media File contains sensitive data fingerprinted text SAP code names AUDIT RECORD Date/Time, Username, Workstation Offending Device Action: Capture File Action: <email> Security Staff Action: <forward> ArcSight Specify what to audit / what should be in the audit record Specify what not to collect Ex: Do not collect email to/from chaplain@unit.army.mil Leverage simple If/Then statements Enable Multiple Stakeholders US DoD Image 1
Return on Investment Forrester Research recently completed a study entitled, The Total Economic Impact of Raytheon s SureView. Source: The Total Economic Impact of Raytheon s SureView. Forrester, 2014 1
Intuitive User Experience Provides end-to-end visibility, context, and protection across enterprise 1 17
DLP Web Secure Network Segmentation Email User Behavior Forensics APT Protection Server Security
The Focus Copyright 2015 Raytheon Company. All rights reserved.
CUSTOMERS GOODS & SERVICES BUSINESS DATA $ MONEY IDEAS 2015 Websense, Inc. Proprietary and Confidential.
2013 2.25 million 2017 4.25 million CYBERSECURITY SKILLS GAP CONTINUES TO GROW Market indicators show the need for as many as 4.25 million security professionals by 2017, representing the potential for a 47% shortage in qualified personnel. 2013 (ISC)2 Global Information Workforce Study = 250,000 security professionals 2015 Websense, Inc.
Exploits DLP Botnets Application Controls Zero-day Forensics DATA THEFT PREVENTION Real-time Analytics APTs Sandboxing Spear-phishing Threat Intelligence 2015 Websense, Inc. Proprietary and Confidential.
DATA OUTBOUND ACTIVITY 2015 Websense, Inc. Proprietary and Confidential.
1 2 3 DEPLOY ADAPTIVE SECURITY For rapidly changing technology and threat landscapes. PROTECT EVERYWHERE For in the cloud data and applications as well as off-premise workers. RAISE THE SECURITY IQ For more skilled security professionals and more risk aware employees. 2015 Websense, Inc. Proprietary and Confidential.
Analytics takes Center Stage Understand and Prioritize Discover more about an entity that you know about (reactive/prevent) Investigate to understand patterns, find anomalies (proactive/detect)
WE ENABLE ORGANIZATIONS TO PREVENT DATA THEFT WHILE INNOVATING & GROWING IN THIS AGE OF DISRUPTIVE CHANGE. ENTER A NEW ERA OF CYBERSECURITY
Questions?
A Layered Approach for the New Normal
Real World Example. COMPANYA COMPANY B COMPANY C No Direct Attack Vector