SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
|
|
- Bruce Cook
- 5 years ago
- Views:
Transcription
1 SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
2 BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can be stored on premise, in public clouds, or at the endpoints and needs to be protected and available 24x7 regardless of where it resides. At the same time this data is a high-value target for today s organized crime. The total global impact of cybercrime has risen to USD 3 trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined. So how can you keep your data and business protected without losing the agility required to compete in your quickly evolving marketspace?
3 CHALLENGES Antivirus/anti-spyware databases are 90-99% effective at detecting well-known, widely circulating threats. However, they are only 20-50% effective at detecting new or low-volume threats. KNOWN VS UNKNOWN THREATS Historically the technical battle between cybercrime and protection has been very reactive. First a threat needs to present itself, then the industry can mitigate this threat by writing different types of signatures to detect and block it. Some examples: A malicious file is found and an antivirus signature is written to match the exact fingerprint of the file to be able to detect and block it. Forensics of an infected endpoint provides a set of IOCs (Indicators of Compromise). These can be shared across endpoints/customers/industries to find other infected endpoints. A botnet is discovered. The IP addresses and/ or URLs of the command and control servers (C&C) are identified and shared to help block C&C connections and identify infected endpoints. This type of functionality is important to help us detect and protect against well-known threats. But, since there is no such thing as 100% protection, how can we protect better against the unknown? Some examples: A critical SCADA system may not require a lot of interaction with the outside world, so by isolating it from a network point of view, the risk of infection or attack could be massively reduced. The software running on a Point-of-Sales terminal should probably not change that often, so by locking down what applications that are allowed to run, the risk is massively reduced. The above examples do however not work very well on normal end-users laptops, since endusers often require a lot of interaction with the outside world, hence also a flexibility to update and add software they need in order to be able to do their job. To address the above challenges, the security industry has come up with a selection of different approaches to manage the risks with related to end-user needs and behavior. They all have their advantages and disadvantages. The next section provides an overview of some important types of endpoint security features and their respective key benefits. There are a number of alternative technical approaches to better protect against unknown threats. Which one chooses to use depends on the balance between the need for security on one hand and the demands on availability and agility on the other hand. IT IS ALL ABOUT BALANCE 3
4 ENDPOINT SECURITY CATEGORIES In the best of worlds all the endpoint security needed would be available in one product, or even better, just integrated into the operating system. This is however unfortunately not the case. There are many different types of features needed and different vendors excel in different areas. The following are some of the more common and important areas. 01. PERIPHERAL DEVICE SECURITY Somewhat simplified, peripheral devices can be viewed as basically all the things you connect to your USB port. This includes USB memory sticks, keyboards, external harddrives, etc. One popular way of getting into companies is the so called candy drop, i.e. to spread infected USB sticks in the public areas of a company, hoping that someone will pick it up and connect it to their laptop. You could argue that no-one would be so unaware that they click on a file from an unknown USB key. However, too many people do, and for those that do not, the cybercrime industry actually thought of that too. The USB standard is written so that the device will tell the laptop what type of device it is. This means that by just stating that it is a keyboard the USB key can actually just execute its own code once connected to the laptop (even though autorun is disabled). To mitigate this threat there are Device Control features available that will help you control what users plug into their laptops. This helps increase security, but the big challenge lies in providing an effective work environment and managing real-world situations, such as when the CEO calls and has an issue with downloading pictures from his smartphone. 02. COMPLIANCE Many of the different security standards (PCI, CIS, NIST, etc) recommend or require that as soon as a system is put in a known and trusted state, all subsequent changes are detected and logged. To enable this, there are File Integrity Monitoring features that monitor all changes, log them and compare them to different best practices and compliance frameworks. This helps detect suspicious or unauthorized deviations and changes. 03. SECURE ACCESS Information is worthless if it is not available to those who need it. In order to provide secure access to company information, organizations need to control who has access to what. It is also important to ensure that information can not be eavesdropped or modified during transit, and that access is not provided to an infected endpoint that could steal information and infect other devices. Secure access can be divided into two different categories: Remote access (often referred to as VPN or SSL-VPN) Local Access (often referred to as NAC (Network Access Control) Secure Access functionality can be part of the OS, included in an endpoint security product, or added as a stand-alone software that specializes in only providing this functionality. 4
5 04. DATA SECURITY Disk encryption This is used to prevent data from being accessed if your device is stolen or lost. The drawback is that once you start your machine the disk is decrypted so a malware on your laptop will have access to unencrypted data as soon as the laptop is started. File encryption This is used to protect very sensitive files. The files are only decrypted when they are accessed, so a malware will not have access to unencrypted data. Please note that advanced malware can record your keystrokes to get hold of decryption passwords and decrypt the files. Data Loss Prevention This is a feature that is designed to detect potential data breach and data exfiltration by detecting, monitoring and blocking sensitive data. Large-scale implementations of DLP aimed at achieving full value from the solutions, typically means that your data needs to be classified by your company in order to get the proper level of protection. HOW DO YOU KEEP YOUR DATA AND BUSINESS PROTECTED WITHOUT LOSING AGILITY TO COMPETE IN YOUR MARKETSPACE? 5
6 05. EXPLOIT PROTECTION A common way to infect an endpoint is to send a PDF or office document that is infected with malicious code. When the end-user opens the document it executes the code that exploits a vulnerability in the application opening the document. To protect against such application and memory based exploits there are a couple of different features available: HostIPS (HIPS): There is no standard terminology for different HIPS techniques, but it typically includes some type of signature-based detection to find exploits towards known vulnerabilities. Exploit Mitigation/Traps: Inject code that will detect when code tries to do malicious activity. Memory Protection: Protect against memory exploits, process injections and escalations. 06. MALWARE PROTECTION Traditionally, the main task for antivirus products has been to detect malicious programs. This has historically been done by creating signatures for every new malware that is detected, push this to all the endpoints that can then detect the malware. Since there are several hundreds of thousands of new malware created every day, this approach is no longer optimal. In addition, this also requires that someone else has already found the malware so that a signature can be written for it. This means that you can only protect against the known and not the unknown. Below are some of the different options available for protecting against malware: Malware Signatures Traditional Antivirus The main benefit of signature-based detection is that the malware is known, meaning that there is often additional information available about the malware and what it tries to do. A drawback with signatures is that they are reactive and provide very limited protection against zero-day malware and targeted attacks. Threat Intelligence Adding a feed of IPs or URLs of known malicious domains or botnets to the analysis, means that connection to these sites can be blocked to prevent download of malware or callbacks to such domains. This is generally a very good complement for detection, but it is still reactive since someone needs to detect these domains and they seldom have a long lifespan. IN THE BEST OF WORLDS ALL THE ENDPOINT SECURITY NEEDED WOULD BE AVAILABLE IN ONE PRODUCT, OR EVEN BETTER, JUST INTEGRATED INTO THE OPERATING SYTEM. THIS IS HOWEVER UNFORTUNATELY NOT THE CASE. 6
7 Application Control By only allowing specified applications to run (white listing), a malicious process cannot start. Application control is a good solution for devices in the Internet of Things space that do not update or add software often. It is more cumbersome to manage for normal end-user laptops that are more dynamic and heterogeneous in nature. Sandboxing/Emulation This concept means sending unknown files to a controlled environment where they are executed. Once executed the behavior is monitored to look for malicious activity. This can help detect zero-day malware based on the execution behavior and also create threat intelligence that can help detect other infected endpoints. Sandboxing typically means a delay in delivery of the file to the target, while the suspicious file is executed and analyzed.this means that it is a common and good feature for mail and web gateways, but maybe not optimal for all endpoint deployments. For endpoints there are some things to consider: Location: Are you running the sandbox platform locally or in the cloud? Scalability: If locally, how many devices do you need to support all of your endpoints? Remote users: How will remote users send files to the sandboxes? Delay: There will be a delay while waiting for the file to finish running in the sandbox. Is this acceptable to the end-user? Patient Zero effect : If, for delay reasons, you are allowing the file to be locally executed while the analysis is still being performed, this first laptop (Patient Zero) will be infected before you can stop future attacks. How do you manage this patient zero effect? Evasion: How good is the sandbox technology at detecting different evasion techniques? Endpoint Isolation This concept leverages different virtualization techniques, e.g. micro-virtualization, to execute files locally on the laptop in a separate sandbox. This prevents the malicious file from reaching the operating system. Once the session is over, the virtual environment is discarded. The main benefit is that no files need to be sent away for scanning in sandboxes and that nothing should leave the local sandbox. A drawback is that this concept usually has a performance impact on the endpoint and that the isolation vendor needs to certify all OSs and applications that are supported. For environments running standard OS and applications and that can enforce that no other applications can be run outside of the isolation environment, this can be a good approach to ensure that execution of malicious code is only done in the virtual environment. 7
8 Machine learning Machine learning is today a common tool to solve complex problems in an effective way. Things like voice recognition, consumer profiling and insurance companies are using different type of machine learning to learn patterns and quickly categorize new events in a correct way. For malware detection machine learning means identifying millions of different characteristics of a file, then run millions of good and bad files into a large advanced system for machine learning to understand the differences in these characteristics between good and bad files. This means that a malware can be detected regardless of how many times it is rewritten to change its fingerprint, since the characteristics will be the same and be identified as bad. The verification will be done by a mathematical model that, will examine a file prior to execution and provide a sub-second verdict based on advanced algorithms. This model has a very small impact on system performance and is not depending on any external signatures or sandboxes to detect and block zero-day malicious files from executing. This approach works well in all different types of environments and could complement or replace traditional signature-based antivirus in most cases. 07. DETECTION & RESPONSE There is no such thing as 100% protection, so how should you respond when you detect breached endpoints and do you have the tools to respond to this breach. When an infected endpoint is found inside the company there are a lot of questions that you would like to be able to answer: Is any other endpoint infected? When was this endpoint infected? How was it infected? What type of information is at risk? Has any data been stolen? Who did it and why? To help customers with incident response there is a specific set of tools referred to as Endpoint Detection & Response tools. They provide very advanced functionality for helping to quickly understand the impact of the breach and will help respond against it. 8
9 TOP 5 TIPS FOR SECURING YOUR WINDOWS ENDPOINT! Do not allow execution of unsigned programs from a users profile directory. Reason: A common location for malware to install itself to. (Require exceptions) Disable support for executing Javascript, Java and Visual Basic scripts outside of the web browser. Reason: A common attach vector. (Could require changes of administration via scripts) Upgrade PowerShell to version 4, enable logging and disable execution of unsign scripts. Reason: Built-in security functions and much more detailed logging. Do not allow or limit the usage of local administrative privileges. Reason: Should an attacker infect a user with local administrative privileges, it would give the attacker the same privileged access. Enforce separation of duties between daily work and system access. Strong authentication, preferable a secure vault with functionality to mask the password. Reason: The first thing an attacker would like to get is access to privileged accounts. Implementing privileged account security will limit the impact of the breach and also enable detection of it. 9
10 PROTECT YOUR DATA, IN USE, AT REST AND IN TRANSIT!
11 SUMMARY Today s protection of endpoints can and should include many different protective measures, to ensure protection against different types of threats. Different vendors have solutions for one or several of the threat types. However, the core functionality of endpoint protection, to protect against malicious code, is an area where the bad guys have outrun the security vendors by far over the last years. Only recently have new technologies emerged, that try to attack the problem with new methods and tools. These new technologies include machine-based learning (algorithm-based detection), virtualization techniques, etc. These new types of protection methods are so called disruptive innovations in the endpoint market. They have moved away from the traditional signature-based detection to try to find more effective methods. As an organization looks at securing its endpoints, it is important to identify and prioritize the different needs and requirements on endpoint protection. Different solutions are good for different types of deployments, and the organization may very well end up with needing more than one endpoint protection agent to protect themselves. Use-cases covered Current Endpoint Protection Old market suppply curve Old market demand curve Next Generation Endpoint Protection New market suppply curve New market demand curve Use-cases covered Protections against unknown threats Time The picture illustrates how existing, traditional signature-based endpoint protection products often include many of the modules described above. However, they are not really solving the market demand of protecting against unknown threats. The newer, innovative endpoint protection vendors are focused on addressing this, but they may not yet have all the modules customers are looking for. As the innovative vendors develop their products and capabilities, it is however very likely that we will see a big shift in the endpoint protection market. If you would like to discuss which endpoint solution that will best address your specific needs, please contact your local SecureLink sales representative. 11
12
Protecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationMEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: COMPUTERS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE UP Despite pouring
More informationA Guide to Closing All Potential VDI Security Gaps
Brought to you by A Guide to Closing All Potential VDI Security Gaps IT and security leaders are embracing virtual desktop infrastructure (VDI) as a way to improve security for an increasingly diverse
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing
WHITE PAPER Endpoint Security and the Case For Automated Sandboxing A World of Constant Threat We live in a world of constant threat. Every hour of every day in every country around the globe hackers are
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTrend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central
Trend Micro Apex One as a Service / Apex One Best Practice Guide for Malware Protection 1 Best Practice Guide Apex One as a Service / Apex Central Information in this document is subject to change without
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationCeedo Client Family Products Security
ABOUT THIS DOCUMENT Ceedo Client Family Products Security NOTE: This document DOES NOT apply to Ceedo Desktop family of products. ABOUT THIS DOCUMENT The purpose of this document is to define how a company
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationNext Generation Endpoint Security Confused?
SESSION ID: CEM-W06 Next Generation Endpoint Security Confused? Greg Day VP & Chief Security Officer, EMEA Palo Alto Networks @GreDaySecurity Brief Intro Questions we will answer Do I need a new (NG) endpoint
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise Endpoint Containment & Isolation with CDR Bridging BUFFERZONE defends endpoints against a wide range of known and unknown threats with a patented containment
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationINTRODUCING SOPHOS INTERCEPT X
INTRODUCING SOPHOS INTERCEPT X Matt Cooke Senior Product Marketing Manager November 2016 A Leader in Endpoint Security Sophos delivers the most enterprise-friendly SaaS endpoint security suite. Sophos
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I
DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks
More informationIntegrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation
Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation Configuration Example March 2018 2018 Juniper Networks, Inc. Juniper Networks, Inc. 1133
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationWHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System
AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes
More informationStreaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV
Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers
More informationConsumerization. Copyright 2014 Trend Micro Inc. IT Work Load
Complete User Protection Consumerization IT Work Load 2 Then... File/Folder & Removable Media Email & Messaging Web Access Employees IT Admin 3 Now! File/Folder & Removable Media Email & Messaging Web
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationBarracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper
Barracuda Advanced Threat Protection Bringing a New Layer of Security for Email White Paper Evolving Needs for Protection Against Advanced Threats IT security threats are constantly evolving and improving,
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationTrend Micro and IBM Security QRadar SIEM
Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationWHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs
ENSURING SECURITY WITH OPEN APIs Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs The security features that banks must build into their financial solutions
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationSymantec Endpoint Protection 14
Symantec Endpoint Protection Cloud Security Made Simple Symantec Endpoint Protection 14 Data Data Sheet: Sheet: Endpoint Endpoint Security Security Overview Last year, we saw 431 million new malware variants,
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection Protecting Endpoints and Servers Nick Levay, Chief Security Officer, Bit9 @rattle1337 2014 Bit9. All Rights Reserved About Me Chief Security Officer, Bit9
More informationApplication Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9
Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9 About Me Chief Security Officer @ Bit9 Former Director of Technical Operations and Information Security @ Center for
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationTHE RISE OF GLOBAL THREAT INTELLIGENCE
THE RISE OF GLOBAL THREAT INTELLIGENCE 1 THE RISE OF GLOBAL THREAT INTELLIGENCE IN THE DIGITAL BUSINESS WORLD In developing the Global Threat Intelligence Report (GTIR), the NTT Group security team used
More informationPrevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,
Prevx 3.0 v3.0.1.65 Product Overview - Core Functionality April, 2009 includes overviews of MyPrevx, Prevx 3.0 Enterprise, and Prevx 3.0 Banking and Ecommerce editions Copyright Prevx Limited 2007,2008,2009
More informationDefend what you create. Why Dr.Web
Defend what you create Why Dr.Web 1. Company Russian anti-virus software developer Doctor Web has been in operation since 1992. Our customers The Russian government has trusted Doctor Web anti-virus products
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationCyber Security. Our part of the journey
Cyber Security Our part of the journey The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward The Privileged How to make enemies quickly Ask before acting
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More information