Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

Similar documents
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Data Center Security in a World Without Perimeters

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

PCI DSS Reporting WHITEPAPER

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Unified Threat Management, Managed Security, and the Cloud Services Model

SANS Top 20 Critical Controls for Effective Cyber Defense

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Injazat s Managed Services Portfolio

IBM Security IBM Corporation IBM Corporation

Network Intrusion Prevention Systems Justification and ROI

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Critical Security Controls

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

IBM Internet Security Systems

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Endpoint Security: Moving Beyond AV

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

Networking for Caribbean Development

24/7 Visibility into Advanced Malware on Networks and Endpoints

Cisco & Big Data Security

Building A Secure Microsoft Exchange Continuity Appliance

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

IT Security Strategy and Priorities. Stefan Lager CTO Services

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

THE TOP 4 CONTROLS.

Extreme Networks Security Analytics G2 Vulnerability Manager

How To Protect Your Network From Attack From A Network Security Threat

Payment Card Industry Data Security Standard

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

AppGuard. Defeats Malware

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Chapter 9 Firewalls and Intrusion Prevention Systems

The Value of Vulnerability Management*

End-user Security Analytics Strengthens Protection with ArcSight

Managed Security Services for Data

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Avoiding the Top 5 Vulnerability Management Mistakes

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Bio-inspired cyber security for your enterprise

AVeS Cloud Security powered by SYMANTEC TM

The Four-Step Guide to Understanding Cyber Risk

Internet Security Systems

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Integrated Protection for Systems. João Batista Territory Manager

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Virus Protection Across The Enterprise

McAfee Server Security

Defending Against Cyber Attacks with SessionLevel Network Security

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Attacks from the Inside

PCI DSS Top 10 Reports March 2011

Integrated Threat & Security Management.

Network Control Meets Endpoint Security

Cisco RSA Announcement Update

Uncover security risks on your enterprise network

Endpoint Threat Detection without the Pain

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Tenzing Security Services and Best Practices

Cisco Advanced Services for Network Security

Advanced Persistent Threats

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

ESET Security Solutions for Your Business

Information Technology Solutions

Top 10 Reasons Enterprises are Moving Security to the Cloud

The Importance of Cybersecurity Monitoring for Utilities

Cisco Advanced Malware Protection for Endpoints

Vulnerability Management

Endpoint Security More secure. Less complex. Less costs... More control.

DHS ICSJWG Fall Conference Maintaining Necessary Information Paths Over Unidirectional Gateways

ALERT LOGIC FOR HIPAA COMPLIANCE

Q1 Labs Corporate Overview

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Netzwerkvirtualisierung? Aber mit Sicherheit!

Introducing IBM s Advanced Threat Protection Platform

Current IBAT Endorsed Services

Cisco Remote Management Services for Security

Rational AppScan & Ounce Products

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

1. Thwart attacks on your network.

Virtual Patching: a Proven Cost Savings Strategy

Securing Your Business with DNS Servers That Protect Themselves

Protecting the Infrastructure: Symantec Web Gateway

Carbon Black and Palo Alto Networks

Analyzing HTTP/HTTPS Traffic Logs

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Response to Questions CML Managed Information Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Transcription:

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems Presenter: Matt Harkrider Founder, Alert Logic

Who We Are: Corporate Fact Sheet Founded: 2002 Sample Customers: HQ: Houston, TX Privately held Customers: 200 + Service renewal rate: 99% Focus: Network Intrusion Defense Key differentiator: On-Demand delivery model

False Sense of Security According to the recent FBI/CSI survey: Firewall, IPS, Gateway AV - 97% The Perimeter The Core Network The Gap 56% Servers & Desktops Anti-Virus 96% Even though 97% utilize firewalls 96% have Anti-Virus Breaches continue 56% reported breach Avg loss = $200,000

Third Layer of Security is Required Gartner s Top Predictions for IT Organizations and Users, 2007 and Beyond "By the end of 2007, we believe that three out of four organizations will be infected with financially motivated, targeted malware that has evaded their traditional perimeter and host defenses and remains installed and undetected on their endpoints antivirus and firewalls are insufficient for comprehensive maliciouscode detection and prevention. Legacy antivirus mechanisms must be supplemented with more-advanced styles of intrusion prevention in network- and host-based security. addressing targeted threats should not require that organizations purchase dozens of new security point solutions. Rather, security platforms should evolve to deliver more types of security protection for little or no additional cost.

The 3 Secrets

3 Secrets 2. Proactive vulnerability scanning 3. Network threat monitoring 4. Don t do it yourself

Vulnerabilities

Dangerous Trends Time to vulnerability window has collapsed Attack vectors change faster than any organization can respond Too much emphasis placed on perimeter security

Vulnerability to threat timeline Exploit code released Widespread exploitation (worms, targeted attacks) Advisory Release Vulnerability is discovered Vulnerability to threat window is rapidly collapsing

Historical Evidence MS05-039 Aug 9, 2005 MS04-011 Apr 22 2004 Sasser ZOTOB Sasser Aug 14 2005 5 days May 2 2004 20 days MS03-026 Jul 16 2003 MS Blaster Aug 11 2003 26 days MS02-039 Jul 24 2002 SQL Slammer Jan 25 2003 185 days MS00-078 Oct 17 2000 Nimda Sep 18 2001 365 days

New Vectors Emerge Quickly Malware spreads through new vectors with ease Security does not react fast enough to sudden shifts in direction

Network Threat Monitoring

Attacker Trends Attackers are better at flying under the radar Fewer flashy, public attacks - more stealth intrusions Botnets emerging as a valuable commodity Threats are free to propagate throughout the network Corporate security staffs not properly equipped to keep up with latest threats

Network Dangers Firewall Penetrating Worms Enterprise Unauthorized Access Email or File Server Workstation Web Server Internet Switch Firewall Workstation Financial App Server Customer DB Server Laptop Botnets Threats From Roaming Laptops

What Can You Do With Bots? Command command.list bot.dns bot.execute bot.open bot.command irc.server irc.join irc.privmsg http.execute ftp.execute ddos.udpflood ddos.synflood ddos.phaticmp redirect.http redirect.socks pctrl.list pctrl.kill Description List of all the available commands Resolves an IP/hostname Runs an.exe file on a remote computer Opens a file on a remote computer Runs a command with system() Connects to an IRC server Enters a specific channel Sends a private message to a user Downloads and executes a file through HTTP Downloads and executes a file through FTP Starts a UDP flood Starts a Syn flood Starts a PHATicmp flood Starts a HTTP proxy Starts a SOCKS4 proxy List of processes Kills the process

Threats Free to Propagate Lack of visibility into network traffic No control mechanisms to stop threats once they begin to spread Insider threats attempting unauthorized access

Losing the Arms Race Most businesses ill equipped to effectively fight the bad guys Network security solutions complicated and difficult to deploy too many moving parts

Why You Shouldn t Do It Yourself

How We Compare Do it Yourself Appliance/Software Hardware cost Software cost Maintenance costs Care and feeding Lengthy deployment Labor intensive Requires in-house expertise Network Security Options Spectrum Alert Logic On Demand Protection Rapid deployment Zero maintenance No software or hardware costs Complete control and visibility Superior accuracy Outsource To MSSP Hardware cost Software cost No visibility Loss of control

Layered On-Demand (SaaS) Model Optional SOC Services 3 Moving Parts Are Hosted in Our Datacenter 2 Network Appliance(s) 1

Three Products in One 1 2 3 Intrusion Protection Leverages 8,000+ signatures Passive monitoring with optional blocking, containment, & quarantine defensive actions SSL embedded threat detection Incident resolution management Vulnerability Management PCI certified scanning (available in Q1 07) Automated scanning with 12,000+ vulnerabilities Network discovery and asset weighting On-Demand external and internal scanning (external available Q1 07) Exposure remediation resolution management Compliance Reporting Compliance posture security Incident identification Compliance posture vulnerability identification Pre-built PCI, SOX, GLBA, and HIPAA reporting

Threat Manager in Action

Feature/Benefit Summary 3-in-1 Solution Fully integrated solution eliminates the difficult task of correlating data from multiple sources to get a comprehensive picture of the security posture of your network. 24x7 Monitoring Alert Logic is always keeping an eye on your network, even when you can t. This ensures threats are addressed in the timeliest fashion to secure your network before damage can occur, freeing your staff to perform other high-priority tasks. Co-Managed w/ Full Visibility Alert Logic s On-Demand model means that we do it all for you. But you maintain full visibility and control over network security using the same GUI as the Alert Logic 24x7 monitoring team. Blocking and Containment We can terminate communication to/from a threatened asset at the firewall and either contain or quarantine at the switch, thereby eliminating threats before they harm your network. Extensive compliance reports Comprehensive reporting includes detailed and executive-level reports, providing easy communication of network security posture and helping to satisfy compliance requirements. No Maintenance Required Alert Logic manages all upgrades, updates, and maintenance of the application, freeing your staff from this expensive and time consuming task. Simple one-day installation Alert Logic s On-Demand solution eliminates the implementation burden associated with do-ityourself solutions. This ensures a successful one-day installation and frees your staff from the expensive and time-consuming task of setting up hardware, loading software, network rollout, QA, and testing.

What should you do? Stop thinking of network threats as a nuisance Stop focusing exclusively on the perimeter Inside of firewalls networks are wide open today Businesses continuously spend 80% of their budget to fix 20% of their problem Automate incident investigation and response Defense today is shrouded in uncertainty and reliant on manual decisions Few businesses have situational awareness that allows them to identify complex threat scenarios Network security has to become automated to be effective

In Summary Security issues are much more prevalent but rarely get the appropriate attention Perimeter security is limited in it s ability to prevent Network Threats Attackers and their exploits may take multiple vectors to achieve their goals Additional layers of defense should reduce burden on you, not be a burden

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information