Leading The World Into Connected Security
Building Security By Silo Technology Acquisition Process Has Delivered Security Chaos Endpoint Protection Firewall Gateway Security Network IPS Compliance Data Protection Mobility Analytics 2
Building Security By Silo Creating a False Sense of Security Lessons Learned Well funded organizations do not equal well defended organizations Maintaining compliance will not result in protection Massive alerting in a sea of noise cannot receive action Defenses operating in silos are setup to fail TCO CapEx + OpEx Security Posture Layered Tools Point Products Parity TIME Advancement 3
Optimizing Security Infrastructure Delivering Operationally Effective Security TCO CapEx + OpEx Connected Architecture Security Posture Layered Tools Point Products Parity TIME Advancement 4
History of Defining Architecture Inventor of the world s most widely used computing architecture Defining countless standards used in everyday lives ranging from USB, WiFi, to IoT Top 10 Most Influential Brands in the World Delivering a Next Generation Security Architecture Defining innovative industry approaches for collaborative and adaptive security Introducing security integrations which are sustainable and broadly reaching Developing capabilities for new security paradigms in areas such as Software Defined Datacenter, Cloud, and IoT Largest Dedicated Security Provider Broadest security product coverage in the industry Complete portfolio focused upon security Leadership position in 6 of 8 Gartner Security Magic Quadrants 5
Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Reduced endpoint agent footprint to a single agent Increased hardware lifespan by reducing host footprint/load 02 03 04 05 06 07 08 09 10 11 12 13 2001 2014 6
Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Single Console Consolidated endpoint console management to a single interface via epo Significantly reduced administrative burden 02 03 04 05 06 07 08 09 10 11 12 13 2001 2014 7
Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Network/ Vulnerability Management Single Console Network/Endpoint Integration Delivered endpoint contextual information within network alerting Created relevance and actionability within the network security environment 02 03 04 05 06 07 08 09 10 11 12 13 2001 2014 8
Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Network/ Vulnerability Management Endpoint/Vulnerability Management Hybrid Web Protection Shared cross-vector threat information across product-sets Single Console Network/Endpoint Integration Security Innovation Alliance Global Threat Intelligence Delivered actionable intelligence to provide adaptive protection 02 03 04 05 06 07 08 09 10 11 12 13 2001 2014 9
Innovating the Security Connected Concept Consistently Creating Operational Effectiveness Consolidated Agent Single Console Network/ Vulnerability Management Network/Endpoint Integration Security Innovation Alliance Endpoint/Vulnerability Management Hybrid Web Protection Host/ Network DLP Consolidation Delivers new architecture for products to share threat data Endpoint/ Web Gateway Integration Introduces realtime adaptive threat protection One Time Password/ Web Gateway Global Threat Integration Intelligence Enables an organization s security posture to instantly self-improve Threat Intelligence Exchange Advanced Threat Defense Click to Protect 02 03 04 05 06 07 08 09 10 11 12 13 2001 2014 10
The Security Connected Platform SECURITY RISK MANAGEMENT Enterprise Security Manager (SIEM) epolicy Orchestrator Threat Intelligence Exchange Vulnerability Manager Active Response NETWORK SECURITY Advanced Malware Defense Network Security Platform (IPS) Firewall Enterprise Next Generation Firewall Security Risk Management Security Management Threat Intelligence Analytics Context and Orchestration CONTENT SECURITY Email Gateway Web Gateway Data Loss Prevention ENDPOINT SECURITY Endpoint Security Suites Data Center Security Suites Embedded Security Device Control Endpoint Encryption Hardware Enhanced Security 11
Enabling Complete a Protection Next Generation From Endpoint to Architecture Network SIEM ATD Web / Mail Gateway SIA Partners / 3 rd Parties NGFW DLP Active Response Threat Intelligence Exchange NSP. 12
Targeting Advanced Threats Advanced Threat Defense + Threat Intelligence Exchange + Active Response 13
Threat Landscape 362 13% 49% 81% 165% 317% 400,000,000+ New threats every minute, or more than 6 every second Growth of the Labs malware zoo between Q4 2014 and Q1 2015 Rise in mobile malware samples from Q4 2014 to Q1 2015 Jump in new suspect URLs found in Q1 2015 compared to Q4 2014 Increase in new ransomware in Q1 2015 Growth in Adobe Flash exploits in Q1 2015 Unique malware samples in the Labs Zoo as of Q1 2015 Source: Labs Threats Report: 1 st Quarter 2015 14
What Is Advanced Malware? Typically Criminal Theft Sabotage Espionage Stealthy Targeted Unknown Evades Legacy-based Defenses Discovered After the Fact Data loss Costly clean-up Long-term damage Key Challenges Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signaturebased mechanisms. Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) 15
Advanced Malware Market wisdom Sandboxing?????? Safe?? Not Real Time? Malware Resource Intensive Unknown Because No Signature Match Lacks Scalability Alert vs Actions Not effective against all malware Malware Identified Because of Behavior Analysis 16
Comprehensive Approach to Malware Next Generation Firewall Network Security Platform Web Gateway Email Gateway Threat Intelligence Exchange Enabled Endpoint Protect Advanced Threat Defense Active Response Active Response Enterprise Security Manager (SIEM) Correct Detect Enterprise Security Manager (SIEM) epo epo Threat Intelligence Exchange/ Data Exchange Layer Threat Intelligence Exchange/ Data Exchange Layer 17
Dynamic and Static Code Analysis Run Time DLLs Network Operations File Operations Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Process Operations Delayed Execution Dynamic Analysis Analyze Analyze Static Code Analysis 18
Static Code Analysis Advanced Threat Defense unpacks and reverse engineers the file to expose the actual code for analysis Compares code to known malicious code, identifying this relatively unknown file as part of the Trojan.Win32.simda malware family Static code analysis finds 96% similarity to known malware family 19
Advanced Targeted Attacks The Reality Increased threat complexity complicates detection and analysis Fragmented visibility abets attackers Slow response increases DISCOVERY damage $8769/Incident $3,840,988/Year COMPROMISE 1.2 Incidents/Day 11% Days 9% Hours COMPROMISE TO DISCOVERY 4% 12% Years Months 19% Hours DISCOVERY TO CONTAINMENT 2% Minutes 23% Months 14% Weeks ATTACK 64% Weeks 42% Days $8,769 / Incident $3,840,988 / Year 1.2 incidents / Day 20
Adaptive Threat Prevention in Real-Time From Encounter to Containment in Milliseconds
BPM Asset Data Exchange Layer Identity An innovative, real-time, bi-directional communications fabric providing with product integration simplicity. Risk Threat Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security. Activity Data Location THE SECURITY CONNECTED FRAMEWORK ADAPTIVE SECURITY ARCHITECTURE
Apply the Power of Knowledge ORGANIZATIONAL INTELLIGENCE? Other Data Sources Future Administrator Organizational Knowledge 3 rd Party Feeds (VirusTotal) Web Gateway Endpoint Client Threat Intelligence Exchange Global Threat Intelligence NGFW Email Gateway NSP ATD Personalized Threat Intelligence Assemble, override, augment and tune the intelligence source information Optimizing Security for Your Organization 23
Threat Intelligence Exchange (TIE) VirusScan SIEM Advanced Threat Defense VirusTotal SiteAdvisor epo Visibility Detection Response Security Connected Add collective threat intelligence to endpoint and network operations and incident response workflows and reduce noise through custom preferences. Protect against emerging threats in just milliseconds based on local, global, and organizational knowledge. Pinpoint first contact, prevalence, reputation, execution, and overall risk of threats, and adapt as you protect. Transform security infrastructure into an efficient, self learning, collaborative system that integrates, automates, and simplifies security. 24
Threat Intelligence Exchange Instant protection across the enterprise Global Threat Intelligence TIE Server ATD Gateways block access based on endpoint convictions NGFW NSP Web Gateway Email Gateway 3 rd Party Feeds Proactively and efficiently protect your organization as soon as a threat is revealed epo ESM Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products VSE Threat Intelligence Module VSE Threat Intelligence Module Data Exchange Layer 25
Threat Intelligence Exchange Adapt and Immunize From Encounter to Containment in Milliseconds NGFW NSP Web Gateway Email Gateway Global Threat Intelligence TIE Server ATD 3 rd Party Feeds YES NO Data Exchange Layer epo ESM TIE Endpoint Module TIE Endpoint Module Endpoints are protected based on gateway convictions
Adaptive Threat Prevention and Detection NGFW Network & Gateway NIPS Web Gateway Email Gateway network and endpoints adapt Sandbox IOC 1 IOC 2 IOC 3 IOC 4 payload is analyzed SIEM new IOC intelligence pinpoints historic breaches DXL Ecosystem DXL Ecosystem Endpoints previously breached systems are isolated and remediated 27
Traditional Incident Response Pre-breach Post-breach Minimal Threat Reduction Number of events Protect Detect Correct Prolonged Dwell Time Time 28
Security Connected and Active Response Pre-breach Post-breach Minimal Threat Reduction Number of events Protect Detect Correct Minimized Dwell Time Prolonged Dwell Time Time 29
Growth of Endpoint Threat Detection & Response The need for more advanced EDR is growing fast Most security teams cannot detect and react fast enough to targeted attacks with the tools they have. Existing security tools do not have sufficient security monitoring, detection and response capabilities. Organizations investing in EDR tools are purposefully moving from an incident response mentality to one of continuous monitoring in search of incidents that they know are constantly occurring. - Gartner Security budgets for rapid detection and response 10 % 60 % by 2014 by 2020 Gartner, Market Guide for Endpoint Detection and Response Solutions, May 13, 2014. 30
Active Response Persistently monitor critical events and state changes at endpoints Use continuous collectors to find and visualize all files executable and dormant Set traps, triggering automatic or customized responses. Manage the entire solution from a single console Adaptable Continuous Automated
Use Case Proactively Search for Undetonated Files Network & Gateway Admin NGFW TIE Web Gateway Email Gateway Active Response epo Endpoints 32
The Next Dimension of Security: Managed Services Specialization
Managed Security Services Market It s here and the game has changed Customer Managed Managed Security TAM Today $33B TAM 2017 $40B TAM Today $13B TAM 2017 $19B When you materially improve an offering, and create new features, functions, experiences, price points, and even enable new use cases, you can materially expand the market in the process. The past can be a poor guide for the future if the future offering is materially different than the past * *Bill Gurley, 2014, Benchmark Capital
Are you ready to win big? Top 5 reasons your customers are buying MSS: 1. Compliance requirements are more demanding. 2. Increasing complexity and focused targeting of attacks. 3. MSS help customers maximize their ROI. 4. Shortage of in-house deep security expertise. 5. Remove upfront or CAPEX expenditure. MSS Market Maturity Gross Margins of leading MSP s Number of MSP s that dominate adoption
How Intel Security can help you win Tailored and specific MSP partnership; Mission: an ecosystem that helps you build a sustainable and profitable MSS business Managed Services Specialization MSP specific Commercials MSP specific Support MSP specific Tools, Resource MSP specific Products and P.S. Pay up front or Pay-as-you-Go Scaled pricing More volume = lower prices Consolidated provisioning and Management consoles Multi-Tennant solutions Elevated Support levels and response times Scaling and Pricing Tools MSP Reference Architectures and How-To guides MSP domain experts in each region Aligned and Compensated sales teams MSP specific Professional Services Security Connected broadest and most connected portfolio MSP relevant product development
Ready to meet the demand and transform your business? www.mcafee.com/msp Join the Managed Services Specialization 1. Contact your regional channel account manager to map our your MSP success 2. Review the Intel Security Managed Services collateral from our Partner Portal 3. Work with an activated Distributor to place your Managed Services orders General Questions: MSP_Inquiry@.com
38