Enhancing Your Network Security



Similar documents
Security Policies Tekenen? Florian Buijs

Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security

Securing Your Business with DNS Servers That Protect Themselves

Infoblox Inc. All Rights Reserved. Securing the critical service - DNS

Securing Your Business with DNS Servers That Protect Themselves

STARTER KIT. Infoblox DNS Firewall for FireEye

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Security and Compliance

Infoblox vnios Software for CISCO AXP

24/7 Visibility into Advanced Malware on Networks and Endpoints

End-user Security Analytics Strengthens Protection with ArcSight

WHITEPAPER. Designing a Secure DNS Architecture

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

THE TOP 4 CONTROLS.

Detect Malware and APTs with DNS Firewall Virtual Evaluation

SANS Top 20 Critical Controls for Effective Cyber Defense

Cloud Based Secure Web Gateway

Security strategies to stay off the Børsen front page

McAfee Server Security

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

5 Steps to Advanced Threat Protection

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

NetSupport Manager v11

Endpoint protection for physical and virtual desktops

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Endpoint Security Management

Reducing the cost and complexity of endpoint management

Information Technology Solutions

IBM Tivoli Endpoint Manager for Lifecycle Management

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Parallels Virtuozzo Containers 4.7 for Linux Readme

Automate your IT Security Services

Endpoint protection for physical and virtual desktops

How To Manage Your Information Systems At Aerosoft.Com

Virtualization Journey Stages

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Technical Note. ForeScout CounterACT: Virtual Firewall

Security Intelligence Services.

How To Buy Nitro Security

The Hillstone and Trend Micro Joint Solution

TECHNICAL WHITE PAPER. Infoblox and the Relationship between DNS and Active Directory

VESZPROG ANTI-MALWARE TEST BATTERY

Redefining SIEM to Real Time Security Intelligence

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

McAfee Network Security Platform

Concierge SIEM Reporting Overview

Εmerging Ways to Protect your Network

Protection Against Advanced Persistent Threats

Speed Up Incident Response with Actionable Forensic Analytics

Sygate Secure Enterprise and Alcatel

Marble & MobileIron Mobile App Risk Mitigation

Protecting the un-protectable Addressing Virtualisation Security Challenges

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Emerging Security Technological Threats

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

BeyondInsight Version 5.6 New and Updated Features

Modular Network Security. Tyler Carter, McAfee Network Security

Campus. Impact. UC Riversidee Security Tools. Security Tools. of systems

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

SENTINEL MANAGEMENT & MONITORING

Presented by Evan Sylvester, CISSP

McAfee - Overview. Anthony Albisser

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Symantec Client Management Suite 8.0

IBM Endpoint Manager Product Introduction and Overview

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

How To Protect Your Network From Attack From A Network Security Threat

SourceFireNext-Generation IPS

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Configuration Audit & Control

Threat Intel Fail. The eroding threat intelligence landscape in the age of Internet of Things (IoT)

Security Information Management (SIM)

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

Windows Server 2003 End of Support. What does it mean? What are my options?

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Symantec IT Management Suite 7.5 powered by Altiris

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Transcription:

Enhancing Your Network Security Rainer Singer SE Manager Central Europe October 2013

Infoblox Overview & Business Update Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries $250 ($MM) Total Revenue (Fiscal Year Ending July 31) $225.0 Leader in technology for network control Market leadership Gartner Strong Positive rating $200 $150 $132,8 $169,2 40%+ Market Share (DDI) 6,700+ customers, 55,000+ systems shipped $100 $56,0 $61,7 $102,2 35 patents, 29 pending $50 $35,0 IPO April 2012: NYSE BLOX $0 FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013

NETWORK INFRASTRUCTURE CONTROL PLANE APPS & END-POINTS Infoblox : Technology for Network Control END POINTS VIRTUAL MACHINES PRIVATE CLOUD APPLICATIONS Infrastructure Security Infoblox Grid TM w/ Real-time Network Database Historical / Real-time Reporting & Control FIREWALLS SWITCHES ROUTERS WEB PROXY LOAD BALANCERS

New threat vectors Global impact Company level Partial network Individual computer 1 st Gen Boot viruses 2 nd Gen Worms Trojans, Flood attacks Limited target hacking DOS 3 rd Gen DOS, DDOS blended attacks (Worm + Trojan) Advanced persistent threat Botnets 4 th Gen Infrastructure hacking Organized DDOS Designer malware & APTs Botnets for rent 1980s 1990s 2000s Today 4

Infoblox s role in 4 th generation security Challenges Trends 1 Unprotected DNS infrastructure introduces security risks DDOS protection Purpose-built secure hardware Common criteria certified Rate limiting Best practices 2 Identification and response to malware takes too long APT mitigation DDI DHCP Fingerprinting DNS Firewall Reporting Server 3 Risk & Inefficiency due to Firewall and ACL change IT agility Security Device Controller

Protect DNS Infoblox DNS Firewall 6

Anatomy of an Attack

Infoblox DNS Firewall Protects Against SEA Redirection Attack 1 1 Timeline of Attack and Infoblox Response 3:00 PM EST Syrian Electronic Army hacks registrar Melbourne IT, replaces NY Times and Twitter name servers with their own. Attempted connections now redirect users to SEA servers Infoblox DDI with DNS Firewall 3 2 6:00 6:30 PM EST Upon confirmation of attack, Infoblox Malware Data Feed is updated with malicious name server IP addresses all Infoblox DNS Firewall customers now have malicious SEA IP addresses in their RPZ 3 6:30 PM EST All access attempts to malicious IP s are now automatically blocked by DNS Firewall. Customers protected. Infoblox Malware Data Feed Updated 2 4 Syslog 4 DNS Firewall logs all attempted connections with malicious destinations complete with device IP and MAC and device fingerprint for future remediation

Getting Around Traditional Defenses Fast Flux Rapid Change of IP Addresses Requires DNS Query Security researchers discovered Fast Flux usage in November 2006 Multiple nodes within network registering / de-registering IP addresses as part of the DNS A (address) record list for a single DNS name. TTL = 5 minutes (300 sec) DNS Queries used to find C&C or BotNet Server(s).

DHCP Fingerprint provides identification of.. Mobile iphone / ipad / ipod Android (ex. Samsung, HTC, Sony) Desktop Server Windows (95, ME, 98, XP, Vista, 7, 8) Mac (8,9, X) OS/2 WARP Windows (NT, 2000, 2003, 2008, 2012) Linux (Red Hat, Ubuntu, Debian, SuSE) Solaris BSD Gaming Consoles Xbox Playstation Wii Routers/Switches / Access Points Aerohive Aruba Apple Cisco HP / 3Com Netgear Ruckus Printers VOIP Canon Dell HP Ricoh Alcatel Cisco Nortel Polycom ShoreTel Siemens 10

ACL & Firewall Policy Management Infoblox Security Device Controller 11

Is this the reaction when Firewall is mentioned?!

Networks change often Change is the challenge Risky error prone & disrupts existing services 74% rule changes resulted in an outage or decreased network performance 2013 State of Network security May 2013 62% firewall-rule change management processes put them at risk to be breached - Dark Reading Feb 2013 Expensive time consuming, inefficient, requires expert resources Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws. Gartner Firewall Report Nov. 2012 95% of engineers have trouble with firewall audits because the manual processes are time consuming. - TechTarget Networking July 2012

Network Security Management: Today 14

The Pain of Legacy Processes Legacy Approach Firewall Change Needed Search For Devices Figure Out Impacted Devices Determine Correct Config Compare Change to Standards/ Compliance Request Change/ Implement Manually Reconfirm Correctness and Compliance Hours/ Days 1 2 3 Manual 4 5 6 Network Provisioning Time Hours/Days Manual processes cannot keep up SLA are lengthening to weeks or a even a month Require dedicated, senior network architects Routine, repetitive, error-prone Multiple vendor expertise needed 15

Security Device Controller IT TICKETING SYSTEM APPROVED CHANGE Security Device Controller 2 Sr. Security Analyst 3 CHANGE REQUEST 4 1 Routers, Switches, & Firewalls 1. Request for access to Business application review/approved 2. Helpdesk reviews request, models access change, creates & submits for review 3. Security Analysts reviews proposed change. Change accepted/implemented 4. Router, switches & firewalls are configured to allow users access to application 16

Five Pillars of Security Device Controller Automated Discovery Multi-vendor Provisioning Embedded Expertise Customized Alerting Powerful Search

Security Device Controller Enabling Admins to keep up with dynamic IT without compromise Legacy Approach Firewall Change Needed Search For Devices Figure Out Impacted Devices Determine Correct Config Compare Change to Standards/ Compliance Request Change/ Implement Manually Reconfirm Correctness and Compliance Days/ Weeks Infoblox Approach 1 2 3 Manual 4 5 6 Firewall Change Needed 1 2 3 4 5 6 Hours/ Days Automated 18

Summary DNS is the hole in your network infrastructure that being exploited by Malware. Has been exploited since November 2006 Infoblox DNS Firewall blocks Malware from exploiting DNS. DNS Firewall with DHCP fingerprinting & IP Address management help pinpoint devices for remediation quickly. ACL & Firewall policy management is error prone and not keeping up with Business needs for constant change. Costs (Risk, business agility) are becoming greater each day. Infoblox Security Device Controller reduces risk via visibility, modeling, auto-writing/provisioning of changes with roll-back to un-do mistakes Security Device Controller enables agility by enabling HelpDesk personnel to verify change need, modeling of change and approval of change by Sr. Security personnel before implementation.

20 2013 Infoblox Inc. All Rights Reserved. Thank You!