REVOLUTIONIZING ADVANCED THREAT PROTECTION



Similar documents
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

Unified Security, ATP and more

Palo Alto Networks. October 6

Stop advanced targeted attacks, identify high risk users and control Insider Threats

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Analyzing HTTP/HTTPS Traffic Logs

Integrating MSS, SEP and NGFW to catch targeted APTs

Cisco Advanced Malware Protection for Endpoints

IBM QRadar Security Intelligence April 2013

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

The Hillstone and Trend Micro Joint Solution

ENABLING FAST RESPONSES THREAT MONITORING

SourceFireNext-Generation IPS

Modular Network Security. Tyler Carter, McAfee Network Security

Requirements When Considering a Next- Generation Firewall

Cisco Advanced Malware Protection for Endpoints

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Cisco Advanced Malware Protection

Content Security: Protect Your Network with Five Must-Haves

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

CyberArk Privileged Threat Analytics. Solution Brief

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Fighting Advanced Threats

IBM Security IBM Corporation IBM Corporation

Next-Generation Firewalls: Critical to SMB Network Security

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Threat Containment for Facebook

Secure Cloud-Ready Data Centers Juniper Networks

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

AppGuard. Defeats Malware

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Comprehensive real-time protection against Advanced Threats and data theft

WildFire. Preparing for Modern Network Attacks

DUBEX CUSTOMER MEETING

Advanced Threats: The New World Order

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Combating a new generation of cybercriminal with in-depth security monitoring

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Next Generation Enterprise Network Security Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age

FROM PRODUCT TO PLATFORM

End to End Security do Endpoint ao Datacenter

McAfee Network Security Platform

How To Sell Security Products To A Network Security Company

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE?

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Top 10 Reasons Enterprises are Moving Security to the Cloud

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

The webinar will begin shortly

APPLICATION PROGRAMMING INTERFACE

Defending Against Cyber Attacks with SessionLevel Network Security

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Symantec Endpoint Protection

Vulnerability Management

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Introducing IBM s Advanced Threat Protection Platform

AMPLIFYING SECURITY INTELLIGENCE

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM

The Cloud App Visibility Blindspot

24/7 Visibility into Advanced Malware on Networks and Endpoints

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

End-user Security Analytics Strengthens Protection with ArcSight

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Secure Web Gateways Buyer s Guide >

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

You ll learn about our roadmap across the Symantec and gateway security offerings.

Using SIEM for Real- Time Threat Detection

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Symantec Endpoint Security Management Solutions Presentation and Demo for:

Breaking the Cyber Attack Lifecycle

Securing Cloud-Based

The Sophos Security Heartbeat:

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

How To Create An Insight Analysis For Cyber Security

The Evolution of the Enterprise And Enterprise Security

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

TRITON APX. Websense TRITON APX

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

Protection Against Advanced Persistent Threats

Transcription:

REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1

WHY DO I STAND ON MY DESK? "...I stand upon my desk to remind myself that we must constantly look at things in a different way... 2

3

TODAY S DIGITAL ENTERPRISE IS DRIVING A NEW IT PARADIGM Cloud / Virtualization SaaS Big Data Analytics Mobility Enterprise Social Security 4

AND A WHOLE NEW SET OF IT CHALLENGES YESTERDAY S IT TODAY S IT Few apps with predictable behavior Millions of unknown and risky Apps Manageable data Big data explosion Infrastructure that s on-premise Cloud and hybrid infrastructure Traditional threat environment Advanced threat environment 5

EVOLVING LANDSCAPE OF MODERN THREATS IPs SIEM TODAY S ADVANCED THREAT LANDSCAPE URL Filtering DLP Integrity Availability Confidentiality Email Security Host Firewall VPN NAC 6

ADVANCED THREATS Copyright 2014 2013 Blue Coat Systems Inc. All Rights Reserved. 7

IMPROVED SOPHISTICATED THREATS Virtual machine Detection Line-by-line debugger detection Re-writes host file Multi-packed, one time, encrypted Smarter Faster Stronger Rootkits Fuzzing Reverse Engineering Code Auditing 8

THE INVISIBLE THREATS Threats we can t see 20-70% of Traffic is Encrypted Majority of APTs Operate Over SSL 9

10

POST-PREVENTION SECURITY GAP Threat Actors Nation States Cybercriminals Hactivists Insider-Threats Traditional Advanced Threats Known Novel Malware Threats Known Zero-Day Malware Known Threats Files Known Targeted IPs/URLs Attacks Modern TTPs NGFW IDS / IPS Host AV Web Gateway SIEM Email Gateway DLP Web Application Firewall Advanced Threat Protection Content Detection Analytics Context Visibility Analysis Intelligence SIGNATURE-BASED DEFENSE-IN-DEPTH TOOLS 11

TIME AND THE WINDOW OF OPPORTUNITY Initial Attack to Compromise Initial Compromise to Discovery Days 13% weeks 2% Seconds Hours 60% 11% Minutes 13% Years 4% Months 62% Hours 9% Days 11% Weeks 12% 84% 78% 12

PROOF OF THE PROBLEM: BREACH UNDETECTED FOR FIVE MONTHS 13

POST-PREVENTION SECURITY GAP Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by 2020. Gartner 2013 14

MAPPING THE ADAPTIVE PROTECTION PROCESS TO THE LIFECYCLE OF AN ATTACK Source: Gartner (February 2014) 15

MODERN COUNTER- MEASURES 16

REQUIRED TECHNOLOGIES FOR MODERN ADVANCED THREAT PROTECTION Complete Web Control Web Security, Content Analysis, Real-time Blocking Advanced Malware Detection White/Blacklists, Sandboxing, Feeds Visual Insight Context, Real-time Awareness, IOCs, Alerts Full Packet Capture Layer 2 7 Indexing & Classification Blocking and Enforcement Security & SSL Visibility Global Threat Data Integration Layer Detection & Threat Intelligence Big Data Security Analytics 17

INTELLIGENT DEFENSE IN DEPTH Block Known Web Block Known Threats Web Threats ProxySG ProxySG Allow Known Good Content Allow Known Analysis System Good Content with Analysis Application System with Application Whitelisting Whitelisting Block Known Bad Block Known Bad Downloads Downloads Content Analysis System Content Analysis System with Malware Scanning with Malware Scanning Analyze Analyze Unknown Unknown Threats Threats Malware Analysis Appliance Block all known sources/malnets and threats before they are on the network Free up resources to focus on advanced threat analysis Reduce threats for incident containment and resolution Discover new threats and then update you gateways 18

ADVANCED THREAT PROTECTION BLUE COAT LIFECYCLE DEFENSE ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 3 Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK 1Ongoing Operations Detect & Protect Block All Known Threats 2Incident Containment Analyze & Mitigate Novel Threat Interpretation 19

ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 1 2 3 Ongoing Incident Incident Operations Containment Resolution ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 3 Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK 1Ongoing Operations Detect & Protect Block All Known Threats 2Incident Containment Analyze & Mitigate Novel Threat Interpretation 20

STAGE 1: 1 2 Ongoing Incident DETECT & PROTECT 3 Incident Operations Containment Resolution Block All Known Threats Accurate Web Filtering and Categorization Identify and Block Malnets Robust Application and Policy Controls Proactive Threat Prevention across all users, networks and devices 21

STAGE 1: 1 2 Ongoing Incident DETECT & PROTECT 3 Incident Operations Containment Resolution Policy Based SSL Visibility Granular Policy Management Feed Multiple Security Systems Industry-leading Performance Full visibility into encrypted traffic and threats 22

ENHANCES EXISTING CUSTOMER SECURITY SOLUTIONS Forensics / Compliance / IDS Soon Inline IPS, XPS, Malware Copy Network In Network Out Decrypt once - Feed many! 23

STAGE 1: 1 2 Ongoing Incident DETECT & PROTECT 3 Incident Operations Containment Resolution Advanced AV/Malware Inspection Increased Malware Analysis and Blocking Higher Detection Accuracy Sandboxing Optimization Block known threats and analyze the unknown for Advanced Threat Protection at the perimeter 24

ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 1 2 3 Ongoing Incident Incident Operations Containment Resolution ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 3 Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK 1Ongoing Operations Detect & Protect Block All Known Threats 2Incident Containment Analyze & Mitigate Novel Threat Interpretation 25

STAGE 2: ANALYZE & MITIGATE 1 2 Ongoing Incident Operations Containment 3 Incident Resolution Contain and Analyze The Unknown PC Emulator Virtual Machine 01010 10101 00101 10010 Dual-Detection Hybrid Analysis of Suspicious Samples Closely Replicates Customer s Gold Configurations Automated Risk Scoring and Rich Analysis Quickly analyze and prioritize advanced and zero-day threats for remediation and continuous security improvement 26

ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 1 Ongoing Operations 2 3 Incident Incident Containment Resolution ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE 3 Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK 1Ongoing Operations Detect & Protect Block All Known Threats 2Incident Containment Analyze & Mitigate Novel Threat Interpretation 27

STAGE 3: INVESTIGATE & REMEDIATE 1 2 3 Ongoing Incident Incident Operations Containment Resolution Security Analytics Full Security Visibility of All Network Traffic Forensic Details Before, During and After an Alert Reduce Time-to- Resolution and Breach Impact The Security Camera for Your Network 28

SECURITY CAMERA FOR YOUR NETWORK 1 2 3 Ongoing Incident Incident Operations Containment Resolution Know what happened before, during and after an alert, with complete, clear supporting evidence Multiple sources for real-time integrity & reputation of URL, IP address, file hash or email address Forensic Details Before, During and After an Alert Trace back and discover Tactics, Techniques & Procedures and identify Indicators of Compromise Integrated workflows with leading network security tools to add context and improve effectiveness 29

ADVANCED THREAT PROTECTION FILE ANALYSIS Internet SSL Visibility Appliance Application Whitelisting ProxySG ICAP / S-ICAP CONTENT ANALYSIS SYSTEM Application Whitelisting Encrypted & Unencrypted Traffic Malware Signature Databases Blue Coat Malware Analysis Appliance Security Analytics Platform Global Intelligence Network MALICIOUS UPDATE & ALERT NOT MALICIOUS Non-Blue Coat Sandbox Threat Data Sent To WebPulse and Security Analytics Platform : - File HASH, URL, Time Stamp, File Name 30

ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE ProxySG & SG-VA Malware Analysis Security Resolution & Policy Reporter Web SW Security Service Intelligence SSL Center Visibility Enforcement Center Center Reporter Service WebFilter Advanced Content Threat Analysis, Protection DLP Content Analysis Appliance FW/IDS on X-Series Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication GLOBAL INTELLIGENCE NETWORK Ongoing Operations Detect & Protect Block All Known Threats Known threats blocked at gateway Increased system performance through fewer malware scans Fewer threats to contain and resolve Incident Containment Analyze & Mitigate Novel Threat Interpretation More robust threat analysis with fewer false positives 31

GLOBAL INTELLIGENCE NETWORK +75 Million users +1 Billion daily categorized web requests +3.3 Million threats blocked daily +84 categories 55 languages Central cloud database Dynamic Real- Time Rating Malware detection Anti-virus AV scanning Sandboxing (coming soon) Malware experts 3 rd party feeds Quality checks Effec%ve Advanced Threat Protec%on Real-time Cloud-based Zero-day Response Performance and Scalablity Communitybased Blocks 3.3 million threats per day 32

PEACE-OF-MIND FOR THE C-SUITE EXECUTIVE DASHBOARD CRM ADVANCED THREAT PROTECTION P&L ERP 33

MORE ON ADVANCED THREAT PROTECTION BLUE COAT EXCLUSIV E GET YOUR COPY! bluecoat.com/atplifecycle 34

35

Thank You! Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund LinkedIn: http://www.linkedin.com/in/grantasplund/ 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information