Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Similar documents
How To Protect Your Network From A Threat From A Rogue Host Or A Rogue Server From A Hacker (For A Fee)

Adaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland

SourceFireNext-Generation IPS

Sourcefire Next-Generation IPS

The Need for Intelligent Network Security: Adapting IPS for today s Threats

How To Manage Sourcefire From A Command Console

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Next-Generation IPS

McAfee Network Security Platform

SOURCEFIRE RNA (REAL-TIME NETWORK AWARENESS)

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Continuous Network Monitoring

Cisco Advanced Malware Protection for Endpoints

The SIEM Evaluator s Guide

End-user Security Analytics Strengthens Protection with ArcSight

Requirements When Considering a Next- Generation Firewall

I D C A N A L Y S T C O N N E C T I O N

Critical Security Controls

Cisco Advanced Malware Protection for Endpoints

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Cisco Advanced Malware Protection

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Symantec Advanced Threat Protection: Network

Secure Cloud-Ready Data Centers Juniper Networks

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

On-Premises DDoS Mitigation for the Enterprise

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Advanced Threats: The New World Order

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Defending Against Cyber Attacks with SessionLevel Network Security

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security IBM Corporation IBM Corporation

The Importance of Cybersecurity Monitoring for Utilities

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Braindumps QA

Introducing IBM s Advanced Threat Protection Platform

Extreme Networks Security Analytics G2 Vulnerability Manager

The Sophos Security Heartbeat:

RSA Security Anatomy of an Attack Lessons learned

Cisco IPS Tuning Overview

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

RAVEN, Network Security and Health for the Enterprise

Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2

IBM Security QRadar SIEM Product Overview

COUNTERSNIPE

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Defending Against Data Beaches: Internal Controls for Cybersecurity

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

MANAGED SECURITY SERVICES (MSS)

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Deploying Next Generation Firewall with ASA and Firepower services

Enterprise Security Solutions

High End Information Security Services

Hillstone Intelligent Next Generation Firewall

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Protection Against Advanced Persistent Threats

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

SOURCEFIRE PRODUCT OVERVIEW. Sourcefire 3D System. Security for the real world. Discover. Determine. Defend.

QRadar SIEM and FireEye MPS Integration

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Unified Security, ATP and more

disect Systems Logging Snort alerts to Syslog and Splunk PRAVEEN DARSHANAM

Vulnerability Management

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

IBM Security X-Force Threat Intelligence

IDS : Intrusion Detection System the Survey of Information Security

Cloud Based Secure Web Gateway

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

How To Manage Security On A Networked Computer System

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

QRadar SIEM and Zscaler Nanolog Streaming Service

Speed Up Incident Response with Actionable Forensic Analytics

Incident Response. Six Best Practices for Managing Cyber Breaches.

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Carbon Black and Palo Alto Networks

Cisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015

Security Information & Event Management (SIEM)

Securing OS Legacy Systems Alexander Rau

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Concierge SIEM Reporting Overview

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Enabling Security Operations with RSA envision. August, 2009

FISMA / NIST REVISION 3 COMPLIANCE

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Transcription:

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Your Security Challenges

Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats are unknown Well-financed attackers New threats emerge daily Advanced Persistence Threat Not knowing what s on your network is going to continue to be the biggest problem for most security practitioners. Marcus Ranum CSO Magazine! Dynamic networks 䕬 New and changing devices, operating systems, services, protocols, and ports 䕬 New vulnerabilities 䕬 New and changing users! Static defenses simply aren t good enough 3 䕬 To be truly effective, the IPS must adapt to dynamically changing threats and networks

Today s Reality Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure. Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., The Future of Information Security is Context Aware and Adaptive, May 14, 2010 Dynamic Threats! Organized attackers! Sophisticated threats! Multiple attack vectors Static Defenses! Ineffective defenses! Black box limits flexibility! Set-and-forget doesn t work 4

About Sourcefire

About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. 6! Founded in 2001 by Snort Creator, Martin Roesch, CTO! Headquarters: Columbia, MD! Focus on enterprise and government customers! Global Security Alliance ecosystem! NASDAQ: FIRE

Powered by Snort Global standard for Intrusion Detection and Prevention World s largest threat response community Interoperable with other security products Owned and controlled by Sourcefire, Inc. www.snort.org 7

Backed by the VRT 150+ Private & Public Threat Feeds Snort & ClamAV Community Insight Advanced Microsoft & Industry Disclosure 20,000 Malware Samples per Day Sourcefire Vulnerability Research Team (VRT) Research & Analysis Best-in-Class Threat Protection 8

A New Approach

Traditional IPS vs. Next-Generation IPS Traditional IPS Next-Generation IPS Closed & Blind Architecture Open & Customizable None or Limited Awareness Visibility & Intelligence 10 Human Intensive Automation Self Tuning & Precision

Next-Gen IPS Open Architecture! Powerful Engine & Rules Adaptable Custom fit to network Comprehensive coverage! Open Community Information sharing Shared protection! Protection Against Advanced Persistent Threats (APT) 11

Next-Gen IPS The Power of Awareness Network Know what s there, what s vulnerable, and what s under attack Application Identify change and enforce policy on hundreds of applications Behavior Detect anomalies in configuration, connections and data flow Identity Know who is doing what, with what, and where 12

Next-Gen IPS Highly Automated Operation! Correlate Attacks to Targets! Intelligent Event Reduction! Intelligent Tuning! Operational Efficiency! Custom Fit Security Real Time, All the Time! 13

How It Works

Security Events Must Have Context 15 Does this traffic threaten my business?

Intrusion Events Prioritization Impact Assessment Intrusion event Vulnerable (exploit targets known vulnerability) Possibly vulnerable (exploit targets OS and/or service) Not vulnerable (no service present) Not present (no host present) 16

Intelligent Correlation to the Target 3D SENSOR WINDOWS SERVER Attack Blocked Windows server vulnerable 3D SENSOR 3D SENSOR Attack Is Correlated to Targets LINUX SERVER Linux server not vulnerable Blocked Event Logged DEFENSE CENTER 3D SENSOR Latest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. Highpriority event generated for Windows Server target. 17

Automated IPS Tuning! How often does your network change?! How often do you tune your IPS?! Key Adaptive IPS capabilities include: RNA Recommended Rules Adaptive Traffic Profiles Non-Standard Port Handling Tuning g 18

Intelligent Anomaly Detection 3D SENSOR Abnormal Behavior Logged & Alerts Triggered 3D SENSOR DEFENSE CENTER 3D SENSOR 3D SENSOR New rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate. 19 Abnormal Behavior Detected Hosts Compromised New Asset Detected

Intelligent Application Violation 3D SENSOR 3D SENSOR Compliance Event Logged & User Identified DEFENSE CENTER 3D SENSOR 3D SENSOR IT & HR Contact User Security team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR. 20 P2P App Triggers Whitelist Violation

21 Sourcefire NG-IPS Conceptual Diagram

Traditional IPS vs. Next-Generation IPS Key Attributes Traditional IPS Next-Gen IPS Inline IPS & Passive IDS Modes!! Default Detection Policy!! Reports, Alerts & Dashboards!! Custom Rules! Vulnerability-based Protection! Automated Impact Assessment! Automated Tuning! Application Policy Management! Network Behavior Analysis! User Policy Management! Virtual IPS & Management Console! 22

Network Infrastructure Comprehensive Ecosystem SIEM / Log Management Configuration Management Incident Management 23 Vulnerability Management Systems Management

What Makes Sourcefire Different?! Sourcefire 3D System is powered by intelligence! Sourcefire provides full network visibility: Attacks Network targets Potential compromised targets Users attackers and victims Real-time, all-the-time, Sourcefire never sleeps! Stop Doing Things the Old Way! Try the Next Generation in Intrusion Detection & Prevention. 24

25 Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information