Sandboxing and the SOC
|
|
- Alberta Freeman
- 5 years ago
- Views:
Transcription
1 Sandboxing and the SOC Place McAfee Advanced Threat Defense at the center of your investigation workflow As you strive to further enable your security operations center (SOC), you want your analysts and threat hunters to do their best detective work to pinpoint true positives so that triage and remediation efforts are properly prioritized and acted on. While threat hunting is a human-centric activity that relies on clues, intuitive hunches, and knowledge of adversaries tactics, techniques, and procedures (TTPs), automation can greatly improve the efficacy of SOC team members focused on this activity. When analysts and threat hunters have multiple tools at their disposal tools that are coordinated by integration, threat sharing, and automation they ll be more successful. Our study, Disrupting the Disruptors, Art or Science?, 1 reveals that, for the majority of investigations 61% to 80% across SOCs of all maturity levels an advanced sandbox solution like McAfee Advanced Threat Defense is essential. Why We Analyze Malware As we evaluate advanced technologies that help us improve our threat-hunting capabilities, let s not lose sight of why we analyze malware in the first place: Determine the nature of an unknown file is it benign or malicious? Get a better understanding of what a malicious file is actually doing Assess the impact of a malware infection Enhance detection by looking for indicators of compromise (IoCs) Make more informed choices and communicate this information to management Connect With Us 1 Sandboxing and the SOC
2 Why an Advanced Sandbox Is Integral to a Successful SOC Sandboxing is a foundational tool for SOC analysts and threat hunters across every level of maturity. In more mature organizations, sandboxing is complemented by a mix of other tools, including security information and event management (SIEM) solutions. McAfee Advanced Threat Defense provides not only static and dynamic malware analysis but also other capabilities that place it at the core of a comprehensive threat hunting and intelligence-sharing ecosystem. Providing more than basic behavioral analysis with file execution or sandboxing, McAfee Advanced Threat Defense also features in-depth static code analysis and McAfee Network Security Platform McAfee Web Gateway McAfee Threat Intelligence Exchange additional detection capabilities powered by machine learning. Automation is enabled by tight integration with solutions in the McAfee product portfolio, along with partner products; support for open standards; and a REST application programming interface (API). Serving as the nexus of the threat-hunting workflow, McAfee Advanced Threat Defense can collect and analyze samples from multiple sources, including manual submission, and provide indicators of compromise (IoC) information to any technology that is capable of ingesting it and using it in an actionable and intelligent manner for remediation. Technologies that make use of the IoCs range from perimeter intrusion prevention systems to threat intelligence platforms (TIPS) and security automation and orchestration platforms. STIX If McAfee Advanced Threat Defense deems the file to be malicious, its reputation is then automatically broadcast via McAfee Threat Intelligence Exchange to all the endpoints connected to DXL. This automatic distribution of threat reputation information helps us block zero-day threats before they can harm our environment. Senior Manager, Security Engineering, Large Software Company Any third-party secure gateway McAfee Advanced Threat Defense Share McAfee Advanced Threat Defense IoCs with any product that consumes TAXII McAfee Enterprise Security Manager DXL Bro IDS Sensor Figure 1. A collaborative security ecosystem with McAfee Advance Threat Defense at the core increases the efficacy, efficiency, and accuracy of SOC investigations. 2 Sandboxing and the SOC
3 Collect, Ingest, and Analyze Let s take a deeper look at how McAfee Advanced Threat Defense enables automation and supports SOC investigation processes. The first step in the process involves collecting and ingesting threat data. Suspicious samples can be manually uploaded by SOC analysts or automatically delivered through tight integration between McAfee Advanced Threat Defense and security devices from the network edge through the endpoint. McAfee Advanced Threat Defense then uses a variety of analysis techniques to uncover malware from lowerintensity methods like file reputation and signatures to more sophisticated methods like dynamic analysis to analyze malware behavior and in-depth static code analysis to help classify samples. McAfee Advanced Threat Defense also uses machine learning to help uncover patterns in code to identify emerging threats, analyze behavioral patterns to identify maliciousness, and assess code to determine similarity to other malware families. Interoperability with McAfee products McAfee Advanced Threat Defense integrates with multiple products from the McAfee security portfolio currently McAfee Network Security Platform, McAfee Web Gateway, and McAfee Threat Intelligence Exchange. McAfee Threat Intelligence Exchange integrations with McAfee Application Control, McAfee Endpoint Security solutions, McAfee Server Security Suite, and McAfee Security for Microsoft Exchange further extend interoperability. Ingesting malware samples from these vectors, McAfee Advanced Threat Defense then applies its sandboxing analysis capabilities to arrive at usable threat data. Interoperability with non-mcafee technologies: gateways and Bro sensors In addition to integrating with McAfee technologies, McAfee Advanced Threat Defense is also compatible with third-party security tools such as gateways. SMTP traffic can be forwarded into any secure gateway, such as Cisco ESA and Proofpoint, and those gateways, in turn, can forward an attachment to McAfee Advanced Threat Defense for analysis. On the network side, McAfee Advanced Threat Defense is interoperable with open source Bro Network Security Monitor (bro.org). While Bro is an intrusion detection system (IDS) and not a replacement for a robust intrusion prevention system (IPS), like McAfee Network Security Platform, Bro sensors are often used by SOCs and deployed as a temporary IDS to a suspected network segment to monitor and capture traffic. Bro carves files from network traffic and places them in a file directory. McAfee Advanced Threat Defense integrates with this directory and can read those files. Bro uses scripts that can automatically extract a file from network traffic in milliseconds and, through the use of a Python script and the McAfee Advanced Threat Defense REST daemon, Bro sends it to McAfee Advanced Threat McAfee Advanced Threat Defense offers numerous advanced capabilities that can support investigations, including: Comprehensive OS support that covers the most widely used operating systems for endpoint, servers, and mobile devices Detailed reports that provide critical information for investigation assembly output, network packet captures (pcaps), graphical function call diagrams, and memory dumps User interactive mode, which enables analysts and threat hunters to interact directly with malware samples Deeper sample analysis by forcing additional execution paths that remain dormant in typical sandbox environments Sample submission to multiple virtual environments to speed investigation by determining which environment variables are needed for file execution Extensive unpacking capabilities, which reduce investigation time from days to minutes 3 Sandboxing and the SOC
4 Defense for analysis. By using more network sensors to get a second look at potentially malicious traffic, your investigators can gain greater confidence that they are getting a true positive. It also provides your SOC team with a better understanding of threat behavior and a deeper analysis of what s happening on your network. Features that Support Deeper, More Accurate Investigations X-Mode or interactive mode Hunters and analysts alike can leverage McAfee Advanced Threat Defense X-Mode, or Interactive Mode, to find useful clues about threats that piggyback on legitimate applications. This is particularly applicable to large organizations, which are often the targets of advanced persistent threats (APTs). As a result of reconnaissance missions, bad actors gain insights into whitelisted applications used by the targeted organization on a daily basis. From there, they create threats wrapped into the code of a known whitelisted application and embed malicious payloads, like keyloggers. The user can t see the threat. However, on the back end, if your analyst or threat hunter interacts with the malicious code in the McAfee Advance Threat Defense sandbox which is constantly on the lookout for anomalous or malicious activity it will identify malicious activity. Once a suspicious file is uploaded, the analyst can interact with the sample and gain a better understanding of the user experience since they actually see what the user would see. For example, within an isolated sandbox, your analyst can click through features of the whitelisted application and execute various operations, like running an embedded macro. Your analysts and threat hunters now have free reign to do deeper manual investigation without worrying about lateral propagation to other assets in your network and causing harm. X-mode is especially helpful when it comes to extremely evasive malware that requires human interaction in order to execute. For example, let s say a bad actor sends an with a password-protected spreadsheet attachment along with the password. If the user opens the spreadsheet and enters the password, the hidden malware is triggered, and it infects the system. In X-mode, analysts can interact with the malware within the sandbox, such as entering a password to unlock the sample and trigger the malware so that they can better understand how such evasive threats work and the associated user experience. X-mode is also a great tool for training junior analysts. Customize for your unique operating system Threats targeted at a specific organization based on user activity, authorized applications, and the predominant operating system in use have become an overriding point of focus for many enterprises. If a malware author knows the specific version of Microsoft Windows OS that an enterprise uses, for example, they can leverage that information to optimize the malware and make it as damaging as possible, but less obvious than malware running on a completely different operating system. They can also tailor the malware according to various OS versions in order to infiltrate as many systems as possible. 4 Sandboxing and the SOC
5 Another mechanism to help analysts and threat hunters track down and thwart these APTs is the ability to customize the analysis environment in McAfee Advanced Threat Defense. You can analyze potential threats in an environment with a specific OS version or specific applications. Malware samples can then be safely detonated inside the customized analysis VMs. This is a great boon for your threat-hunting efforts, as it mirrors your own environment and helps your team extract IoCs that will accelerate the remediation process and maximize its effectiveness. Share and Publish After rigorous analysis using a variety of methods, McAfee Advanced Threat Defense can share its IoCs and convictions. Outputs include critical investigation information, such as disassembly, function call diagrams, dropped file detail, processes, and registry changes. McAfee Advanced Threat Defense becomes the publisher sharing metadata and results with threat intelligence platforms, machine data analysis solutions, and SIEMs. Data Exchange Layer and Open Data Exchange Layer By leveraging the bi-directional communication fabric Data Exchange Layer (DXL), McAfee Advanced Threat Defense can publish its threat intelligence to McAfee Threat Intelligence Exchange, which instantly shares this information across your entire security ecosystem, enabling your solutions both McAfee products and compatible third-party products to work together to adapt their policies and more quickly address threats with appropriate protection and remediation. Open Data Exchange Layer (OpenDXL), the open source version of DXL, further extends the playing field by providing simple open source tools, expertise, and a supportive community. Any application, whether internally developed or vendor supplied, can tap into the real-time capabilities of the DXL communications fabric, and thereby take advantage of the rich store of threat intelligence made available by McAfee Advanced Threat Defense. STIX/OpenTAXII McAfee Advanced Threat Defense further demonstrates our ability to create, support, and expand a collaborative security ecosystem by embracing widely used standards that enable sharing of cyberthreat intelligence. It publishes the information in Open Source format, notably Structured Threat Information Expression (STIX)- formatted threat information via Trusted Automated exchange of Indicator Information (TAXII), a transport mechanism for sharing threat intelligence. As a STIX/TAXII publisher, McAfee Advanced Threat Defense allows solutions that are not directly integrated with it to easily consume IoCs with details like hashes, malicious IPs, and user IDs. Information of this kind allows SOC analysts and threat hunters to get a clearer understanding of the intent of a file or action. Support for STIX/TAXII open standards has real value in that the information generated by McAfee Advanced Threat Defense can be parsed and correlated through 5 Sandboxing and the SOC
6 virtually any SIEM solution that supports TAXII. Analysts and threat hunters can then get a more holistic understanding of what s happening in their environment, both historically and in real time. Detailed analysis reports Rich and thorough analysis reports from McAfee Advanced Threat Defense provide meaningful data that enables analysts and threat hunters to pivot into action quickly. These easy-to-understand reports provide value across the entire organization from the SOC to the C-suite. Mapping directly to the MITRE ATT&CK framework: The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) framework can help analysts gain a better understanding of adversaries and their work. By including the ATT&CK framework in McAfee Advanced Threat Defense, McAfee has made it easier for analysts to more quickly understand the techniques, tactics, and procedures (TTPs) of a given threat. Once they have this information, they can act faster to implement corresponding defenses or discovery methods. Some of the most significant and useful information presented in the McAfee Advanced Threat Defense report includes the following: Behavior classification: This high-level indicator of the classification of malware offers a great deal of value to analysts and threat hunters by providing immediate insights into the intent of files that have been analyzed. Figure 3. Detailed McAfee Advanced Threat Defense reports provide critical information for investigation including MITRE ATT&CK framework mapping. Figure 2. Sample of behavior classification and severity level reporting. Figure 4. A filtered view of the MITRE ATT&CK report focuses on identified techniques. 6 Sandboxing and the SOC
7 Detailed information and IoCs: McAfee Advanced Threat Defense produces in-depth threat intelligence for investigation, including disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps. Figure 6. The Timeline Activity report visualizes execution steps of the analyzed threat. Figure 5. Assembly code, graph analysis, and IoCs. 7 Sandboxing and the SOC
8 Conclusion McAfee Advanced Threat Defense offers numerous advanced capabilities that can support security operations teams, analyst investigations, and threat hunting, including: Comprehensive OS support that covers the most widely used operating systems for endpoint, servers, and mobile devices Detailed reports that provide critical information for investigation from assembly output, network packet captures (pcaps), graphical function call diagrams, and memory dumps User interactive mode, which enables analysts and threat hunters to interact directly with malware samples Deeper sample analysis by forcing additional execution paths that remain dormant in typical sandbox environments Sample submission to multiple virtual environments to speed investigation by determining which environment variables are needed for file execution Extensive unpacking capabilities, which reduce investigation time from days to minutes To learn more about what Advanced Threat Defense can do for your team, visit McAfee technologies features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure Mission College Blvd. Santa Clara, CA McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation. Copyright 2019 McAfee, LLC _0119 JANUARY Sandboxing and the SOC
McAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationDefend Against the Unknown
Defend Against the Unknown Stay ahead of new threats with McAfee Endpoint Threat Defense solutions Targeted exploits. Ransomware. Explosive growth in zero-day malware. Organizations are locked in an ongoing
More informationIntegrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries
Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationSeven Steps to Ease the Pain of Managing a SOC
Seven Steps to Ease the Pain of Managing a SOC 1 Seven Steps to Ease the Pain of Managing a SOC Seven Steps to Ease the Pain of Managing a SOC If the complex, stressful, and time-consuming nature of running
More informationMcAfee Endpoint Security
McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationServices solutions for Managed Service Providers (MSPs)
McAfee Advanced Threat Defense Services solutions for Managed Service Providers (MSPs) Differentiate your services and protect customers against zero-day attacks with the industry s most comprehensive
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationGlobal Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality
Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality McAfee provides a trusted partnership for this agencies security infrastructure MAUSER Group Customer Profile Global
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationMCAFEE INTEGRATED THREAT DEFENSE SOLUTION
IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationFast Incident Investigation and Response with CylanceOPTICS
Fast Incident Investigation and Response with CylanceOPTICS Feature Focus Incident Investigation and Response Identifying a potential security issue in any environment is important, however, to protect
More informationHow Vectra Cognito enables the implementation of an adaptive security architecture
Compliance brief How Vectra Cognito enables the implementation of an adaptive security architecture Historically, enterprises have relied on prevention and policy-based controls for security, deploying
More informationCognito Detect is the most powerful way to find and stop cyberattackers in real time
Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationReducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security
Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security Healthcare provider manages threats with ease Atrius Health Customer Profile Large regional healthcare provider
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationPetroleum Refiner Overhauls Security Infrastructure
Petroleum Refiner Overhauls Security Infrastructure Small team strengthens security posture and responds faster to threats HollyFrontier Customer Profile Fortune 500 independent petroleum refiner and distributor
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationMcAfee Database Security Insights
McAfee Database Security Insights Managing the multitude of alerts, reports, and events and sometimes finding the proverbial needle in a haystack is challenging. Monitoring the activity on busy enterprise
More informationSOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD
RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD OVERVIEW Information security has been a major challenge for organizations since the dawn of the
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationMcAfee Skyhigh Security Cloud for Citrix ShareFile
McAfee Skyhigh Security Cloud for Citrix ShareFile McAfee Skyhigh Security Cloud for Citrix ShareFile helps organizations securely accelerate their business by providing industry-best Data Loss Prevention
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationDATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.
DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS. KEY ANALYSTS BENEFITS: Gain complete visibility across your network Alleviate pressures from security staff shortages with
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationMcAfee Skyhigh Security Cloud for Amazon Web Services
McAfee Skyhigh Security Cloud for Amazon Web Services McAfee Skyhigh Security Cloud for Amazon Web Services (AWS) is a comprehensive monitoring, auditing, and remediation solution for your AWS environment
More informationAn All-Source Approach to Threat Intelligence Using Recorded Future
nn Enterprise Strategy Group Getting to the bigger truth. Solution Showcase An All-Source Approach to Threat Intelligence Using Recorded Future Date: March 2018 Author: Jon Oltsik, Senior Principal Analyst
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,
More informationIntelligent, Collaborative Endpoint Security
Intelligent, Collaborative Endpoint Security Improves Detection and Protection and Slashes User Impact US Insurance Company Customer Profile A leading American insurer Industry Financial IT Environment
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationEndpoint Security for the Enterprise. Multilayered Defense for the Cloud Generation FAMILY BROCHURE
Endpoint Security for the Enterprise Multilayered Defense for the Cloud Generation FAMILY BROCHURE Symantec Endpoint Security Portfolio for the Cloud Generation Symantec Endpoint Protection 14 Symantec
More informationMcAfee Advanced Threat Defense Release Notes
Revision B McAfee Advanced Threat Defense 4.2.0 Release Notes Contents About this release New features and enhancements Resolved issues Installation information Known issues Find product documentation
More informationUnited Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security
United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security Global Venture chooses McAfee for Complex Security Landscape UAES Customer Profile Joint venture of the United
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationWhite Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection
White Paper New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection The latest version of the flagship McAfee Gateway Anti-Malware technology adapts to new threats and plans for future
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationThe McAfee MOVE Platform and Virtual Desktop Infrastructure
The McAfee MOVE Platform and Virtual Desktop Infrastructure Simplifying and accelerating security management for virtualized environments Table of Contents Wish List of Security Elements for Virtualized
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationExpand Virtualization. Maintain Security.
Expand Virtualization. Maintain Security. Key security decisions for virtualized infrastructures As enterprises make virtualization mission-critical for servers for servers and desktops, and desktops,
More informationSharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data
Sharing What Matters Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data Dan Gunter, Principal Threat Analyst Marc Seitz, Threat Analyst Dragos, Inc. August 2018 Today s Talk at
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationIsla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide
Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities
More informationTechnical Brief: Domain Risk Score Proactively uncover threats using DNS and data science
Technical Brief: Domain Risk Score Proactively uncover threats using DNS and data science 310 Million + Current Domain Names 11 Billion+ Historical Domain Profiles 5 Million+ New Domain Profiles Daily
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationWHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT
WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT THREE DECADES OF COMPUTER THREATS In 1986, the Brain boot sector virus caused the first widespread realization
More informationSecurity Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response
Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,
More informationTen Ways to Prepare for Incident Response
Ten Ways to Prepare for Incident Response 1 Ten Ways to Prepare for Incident Response Introduction As a senior consultant on the Foundstone Services incident response and forensic team, I regularly respond
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationUnmask Evasive Threats
Unmask Evasive Threats Intel Security Real Protect and Dynamic Application Containment Stop Zero-Day Malware in its Tracks Table of Contents Combating the Zero-Day Malware Threat....3 Unmask and Contain
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationGUIDE. Navigating the General Data Protection Regulation Mini Guide
GUIDE Navigating the General Data Protection Regulation Mini Guide Introduction The General Data Protection Regulation (GDPR) will deliver a long overdue modernization and harmonization of privacy and
More informationIT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen
IT-Security Symposium 2018 24.10.2018 in Stuttgart Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen Comparex IT-Security-Symposium Are you managing from an elevated
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More information