DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
|
|
- Esmond Barnett
- 6 years ago
- Views:
Transcription
1 DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using the integrated SSL/ SSH decryption in Palo Alto Networks next-generation security appliances, physical and virtual. Business Benefits Protect government networks and data from threats hiding in encrypted traffic. Comply with government mandates to ensure encrypted traffic is decrypted and examined for threats, unauthorized access or other indicators of compromise. Operational Benefits Streamlined and more cost-effective approach to decryption and security. Resource improvements spanning time, personnel and expenditures. Reduced latency, particularly for time-sensitive applications and networks. Higher decryption throughput. Shorter decision loop for swifter prevention. Security Benefits Swifter prevention, with visibility to attempted attacks using encryption to hide. Reduced risk of successful attacks, including exfiltration of PII and other sensitive or classified data. Reduced risk of attackers using public key infrastructure to attack government networks. Prevent use of counterfeit, expired and invalid certificates to mount attacks. Business Problem According to the latest research, 25 to 35 percent of typical enterprise traffic is SSL-encrypted, and depending on the industry (e.g., financial services), that number may be as high as 70 percent. The figure tends to be higher on government networks due to regulations, resulting in multiple blind spots for security monitoring tools. As more internet traffic is encrypted using Secure Socket Layer or its successor, Transport Layer Security, more attackers including state-sponsored actors are using the technology to hide malware and escalate the likelihood of successful attacks. Secure Shell for encrypted tunneling can also be used to hide malware and botnet-based command-and-control traffic to exfiltrate data. For example, a recent successful phishing attack against the public system of a prominent western defense agency used SSL to encrypt malware downloaded by unsuspecting users who clicked on an infected web link. Even organizations with more mature security capabilities can be breached if they are not monitoring encrypted traffic for malware. Business Drivers The number, scale and sophistication of cyberattacks against governments has increased in recent years. Attackers continue to use SSL/SSH encryption to hide their operations and pursue target data. Since SSL requires a certificate authority and public key infrastructure to create and sign certificates as well as verify certificate validity, government agencies must also ensure attackers are not using the PKI to attack the government network. Given this, governments have started to consider or mandate the decryption of encrypted communications moving into and out of government networks. In the U.S., the National Institute of Standards and Technology has issued guidelines and regulations for U.S. government agencies, primarily in the form of Federal Information Processing Standards and Special Publications (800-series). FIPS mandates that encrypted internet traffic, inbound or outbound, be decrypted and examined for the presence of malware or other unsuitable content, unauthorized access, or other indications of a cyberattack. Other governments have issued top cyber intrusion mitigation strategies and use ISO standards to ensure the protection of their infrastructure. These have not yet included a recommendation for decryption, but may in the future given the growth of this attack technique. Governments must consider scrutinizing encrypted communications within their networks to address this attack technique. A comprehensive security strategy for federal and other government agencies requires in-depth analysis of encrypted traffic to detect and prevent hidden attacks and data leakage. Palo Alto Networks Decrypt SSL and SSH Traffic to Disrupt Attacker Communications and Theft Use Case 1
2 Traditional Approach Traditional approaches to decryption typically comprise a pair of dedicated decryption devices (e.g., an SSL decryption product or load balancer) with multiple security products deployed in-line. Depending on an organization s specific requirements, security products layered between the decryption mechanisms might include a firewall, intrusion prevention system, URL system, URL filtering, unified threat management or data loss prevention technology. Each of these security functions is traditionally executed individually once traffic passes through the initial decryption device in the stack. While this process can be effective in uncovering the identity of encrypted traffic, it poses several issues: Added Latency. With numerous security devices, latency increases. This is particularly problematic for applications on the government network that are sensitive to latency. For example, voice and video are prevalent, and demand low latency and predictable jitter. Increased Time to Resolution. Decryption of SSL traffic can be complex. With the traditional approach, if an organization needs to resolve a problem or security incident, it can be difficult to troubleshoot issues in the decryption flow and handling. Individual products are not integrated and do not cross-communicate. There are often separate subject matter experts for each product, and many logs to review to find the source of an issue and apply timely, appropriate security efforts to remediate effectively. Increased Personnel and Operational Costs. Even without decryption, stand-alone security products and capabilities require individual, dedicated subject matter experts. This adds to resource and operational expenditures, and can often result in a separation of minds and misalignment of security goals. Cumbersome and Costly SIEM. Each security device deployed in-line can add to Security Incident and Event Management expenses. The additional personnel and correlation requirements between divided resources can become costly and cumbersome over time. Palo Alto Networks Approach Palo Alto Networks Next-Generation Security Platform integrates SSL/SSH decryption with optional hardware security module support for enhanced performance and security of certificate and key management. Available application, content and user identification capabilities on the appliances, referred to as App-ID, Content-ID and User-ID technology respectively, enable security administrators to identify the applications, URL categories or content types, and individual users or groups accessing the network. These and other related features offer government administrators integrated, comprehensive SSL/SSH inspection with their security appliances. The virtual and physical appliances integrate security mechanisms up through Layer 7 to gain complete control over network activity at the firewall level. As displayed in Figure 1, administrators can apply decryption to determine the identity and intended activity of HTTPS traffic. Using SharePoint, policy can be applied to control what activity is allowed. For example, an administrator can allow access to SharePoint, but deny document sharing. With integrated SSL/SSH decryption, this can be done without having to go through multiple locations and devices to determine port/protocol, application, signature, etc., and then decrypt the communications. Certificate and key management features can be used to block expired certificates, terminate sessions with untrusted issuers or certificates signed by untrusted CAs, and block unsupported certificate versions and ciphers. Start IP/Port Initiator Receiver SYN SYN ACK ACK Connection Established Stateful Firewall Stops HERE Application Signatures Web Browser Report and Enforce Policy SharePoint Docs SharePoint Additional benefits include: Figure 1: Decrypting communications using Palo Alto Networks Complete safe enablement of traffic Next-Generation Security Platform and applications in the network, including encrypted communications. Streamlined and more effective approach to decryption and security. Resource improvements spanning time, personnel and expenditures. Reduced latency, particularly for time-sensitive applications and networks. Greater decryption throughput. Shorter decision loop for swifter prevention. Policy HTTPS Decryption (SSL or SSH) Policy Known Protocol Decoder Decode Signatures Identified Traffic (No Decoding) Unknown Protocol Decoder Apply Heuristics Policy Policy Palo Alto Networks Decrypt SSL and SSH Traffic to Disrupt Attacker Communications and Theft Use Case 2
3 The appliances use the previously mentioned identification technologies to analyze network traffic and enforce security policy. SSL/TLS and SSH decryption policies are integrated with these technologies and allow simple, effective policy enforcement. Source zone, IP address and User-ID, destination zone and address, as well as URL category (including any custom ones created), action (to decrypt or not), type (SSL Forward Proxy, SSL Inbound Inspection or SSH Proxy) and decryption profile are all c onfigurable options (see Figure 2). Source Name Zone Address User Zone Address URL Category 1 No Decryp L3-Trust 1 any any L3-Trust 1 any Financial- Services government health and medi shopping Destination Action Type Decryption Profile no-decrypt ssl-forward-proxy DecryptProfile-block 2 Decrypt Important L3-Trust 1 any any L3-Untrust 1 any alcohol- andtoba entertainment-an internet-portals decrypt ssl-forward-proxy DecryptProfile-block 3 ssh proxy L3-Trust 1 any any L3-Untrust 1 any any decrypt ssl-proxy DecryptProfile-block 4 inbound policy L3- Untrust 1 any any L3-Trust 1 any any decrypt ssl-inbound inspection PAN-SSL Decrypt DecryptProfile-block Figure 2: Example decryption policy on Palo Alto Networks Next-Generation Security Platform Security and network administrators can apply additional enforcement options to protect agency assets, including the ability to: Block expired certificates to stop user click through for those users who tend to click OK to everything. Block sessions with untrusted issuers or certificates signed by untrusted certificate authorities. It sometimes helps to be able to edit which root certificate administrators want the users to trust. Block or bypass unsupported certificate versions and ciphers. Most of the time, unsupported versions and ciphers are being used to circumvent the security and policy. Block or bypass if resources are not available. The types of decryption an administrator can choose, depending on objectives and network considerations, include SSL Forward Proxy, SSL Inbound Inspection and SSH Proxy. There are other considerations for how government agencies may approach decryption on their network to search for attacker communications. More information on these and other details for SSL and SSH decryption can be found in the following resources: Enforcing SSL and SSH Security for Federal Agencies PAN-OS 8.0 Administrator s Guide: Decrypt Traffic for Full Visibility and Threat Inspection LIVE Community: Safely inspecting SSL transactions Real-World Federal Government Customer Deployment In this real-world example, a large federal institution with more than 400,000 users throughout the continental U.S. needed to protect its network from malware and threats hiding in encrypted traffic. Already a long-time Palo Alto Networks customer, the institution saw a 40 percent increase in encrypted traffic. With the original specifications for the network, however, security was only able to secure 50 percent of all traffic coming out of the network perimeter, and they were seeing a significant spike in CPU utilization. Meanwhile, with significant investments in security practitioners, operations and products, the security team was faced with a vexing question: How does it feel that after all your security processes, procedures and money spent, you are only protecting about a quarter of your internet traffic? To offset disruption and continue to enforce maximum security and operational efficiency, the team discussed the institution s networking needs, accounting for the full level of SSL decryption required for their security. Ultimately, they chose to meet these needs with Palo Alto Networks PA-7000 Series appliances and on-board SSL decryption. With SSL decryption in operation, the customer can safely enable traffic and applications in their network, including the vast increase in encrypted communications. Palo Alto Networks Decrypt SSL and SSH Traffic to Disrupt Attacker Communications and Theft Use Case 3
4 PA-5260 PA-5260 USE CASE: Decrypt SSL and SSH Traffic to Disrupt Attacker Communications and Theft Implementation Overview Products deployed: Palo Alto Networks PA-7080 next-generation firewalls Subscriptions include: URL Filtering, Threat Prevention, WildFire cloud-based threat analysis service How customer implemented (high level): Deployed a pair of highly available Palo Alto Networks firewalls at each trusted perimeter gateway. Each gateway, or TIC, averages 450,000 sustained sessions with more than 5 Gbps of throughput. Based on App-ID deployment, the customer became able to accurately, confidently identify encrypted traffic traversing the network, ultimately deciding to implement SSL decryption as a result. Security methodically enables SSL decryption on a subset of URL Filtering categories in PAN-DB while monitoring device performance impact and user impact. Simultaneously, they are monitoring both device performance and user impact. Although deployment is in the preliminary stages, the customer has gained insight into more than 100 million SSL sessions per day to which they were previously blind, applying advanced threat protection to mitigate risk. How customer s SSL decryption works (high level): Using policy-based decryption, PA-7080 appliances decrypt, inspect and control inbound as well as outbound SSL and SSH connections to: Prevent malware concealed as encrypted traffic. Prevent sensitive information from moving Ensure only whitelisted applications are running on the secure network. To account for security risks introduced by the end user community, SSL Forward Proxy capability (see Figure 3) is used to decrypt internet traffic sourced from internal users. Hardware security module integration with third-party solution to manage, process and store cryptographic keys required for SSL decryption. Future security capabilities to include Decryption Port Mirroring, as shown in Figure 4, on PA-7080 appliances for analysis of traffic on Box.com. Benefits of Using Palo Alto Networks for Decryption Business Benefits: Prevent undesired applications and malicious content from impacting government networks. Block unauthorized attempts to access vital government IT and computers. Maintain compliance with government mandates to ensure SSL/SSH traffic is decrypted and examined for malware, unauthorized access, or other indicators of a cyberattack. Internal User Request SSL connecion Firewall generates and sends certificate to the user Client verifies certificate from the firewall Server sends certificate to firewall Session Key 1 Session Key 2 Figure 3: Palo Alto Networks SSL Forward Proxy capability SSL/TLS DATA LEAKAGE PREVENTION SSL/TLS PLAINTEXT GOOGLE.COM Figure 4: Palo Alto Networks Decryption Port Mirroring External Server Palo Alto Networks Decrypt SSL and SSH Traffic to Disrupt Attacker Communications and Theft Use Case 4
5 Operational Benefits: Support government agency requirements to selectively decrypt and inspect potentially malicious traffic across primary use cases (e.g., SSL Forward Proxy, SSL Inbound Inspection, SSH Proxy). Flexibility in configurations. Hardware security module approach to key management also supported. Security Benefits: Identify, inspect and control inbound and outbound SSL communication; identify and control SSH tunneling traffic. Reduce the likelihood of successful state-sponsored attacks against governments, including preventing the exfiltration of PII and other sensitive or classified data. Detect and prevent threats, hidden attacks and data leakage. Ensure attackers are not using public key infrastructure to attack government networks and prevent attackers use of counterfeit, expired and invalid certificates to mount an attack. Conclusion As more internet traffic is encrypted using SSL or TLS, along with the continued availability of SSH for remote communications, increasing numbers of attackers including state-sponsored actors are using these technologies to hide their efforts and launch successful attacks. A comprehensive security strategy for government agencies requires in-depth analysis of encrypted traffic to detect and prevent hidden attacks and data leakage. Palo Alto Networks Next-Generation Security Platform provides the most effective approach, with integrated core security capabilities, including SSL/SSH decryption. With a comprehensive encryption inspection approach that supports different encryption options and multiple use cases for flexibility, the appliances can support government agencies decryption efforts. In addition, open APIs support integration to meet additional requirements. Remember to follow recommended best practices to meet your network considerations Great America Parkway Santa Clara, CA Main: Sales: Support: Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. decrypt-ssl-and-ssh- trafficto disrupt-attacker-communications-and-theft-uc
GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationAPP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform
APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your
More informationPalo Alto Networks PAN-OS
RSA Security Analytics Ready Implementation Guide Partner Information Last Modified: November 24 th, 2014 Product Information Partner Name Palo Alto Networks Web Site www.paloaltonetworks.com Product Name
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationProtecting Against Encrypted Threats
OVERVIEW Protecting Against Encrypted Threats Encrypting user and corporate data to maintain privacy has great merit, but there is a nefarious downside: attackers have realized encrypted traffic is also
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationFIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall
FIREWALL OVERVIEW Palo Alto Networks Next-Generation Firewall Fundamental shifts in application usage, user behavior, and complex, convoluted network infrastructure create a threat landscape that exposes
More informationPROTECT WORKLOADS IN THE HYBRID CLOUD
PROTECT WORKLOADS IN THE HYBRID CLOUD SPOTLIGHTS Industry Aviation Use Case Protect workloads in the hybrid cloud for the safety and integrity of mission-critical applications and sensitive data across
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationSEGMENTATION TO A TRADITIONAL DATA CENTER
APPLY NETWORK SEGMENTATION TO A TRADITIONAL DATA CENTER SUMMARY Industry Financial Services Use Case Apply network segmentation for effective protection of mission-critical applications and data in a traditional
More informationNext-Generation Firewall Overview
Next-Generation Firewall Overview Contact NextGig Systems, Inc. 805-277-2400 NextGigSystems.com Business and technology advancements have steadily eroded the protection that the traditional firewall provided.
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationKEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic
KEY FINDINGS INTERACTIVE GUIDE Uncovering Hidden Threats within Encrypted Traffic Introduction In a study commissioned by A10 Networks, Ponemon surveyed 1,023 IT and IT security practitioners in North
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationThe Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security
More informationVM-SERIES FOR VMWARE VM VM
SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationAligning Agency Cybersecurity Practices with the Cybersecurity Framework
POINT OF VIEW Aligning Agency Cybersecurity Practices with the Cybersecurity Framework Leveraging Gigamon to Align Cybersecurity Budgets with Desired Business Outcomes 2013-2017 Gigamon. All rights reserved.
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationForescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSun Mgt Bonus Lab 11: Auto-Tagging in PAN-OS 8.X
1 Overview Introduced first in PAN-OS 8.0, the Dynamic IP Address and Tag Registration feature makes a significant step forward in the automation of operational, administrative, and, most importantly,
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationManaging SSL/TLS Traffic Flows
Some protocols, such as HTTPS, use Secure Sockets Layer (SSL) or its follow-on version, Transport Layer Security (TLS), to encrypt traffic for secure transmissions. Because encrypted traffic cannot be
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationSSL INSIGHT SSL ENCRYPTION CHALLENGES SSL USE EXPOSES A BLIND SPOT IN CORPORATE DEFENSES SOLUTION BRIEF UNCOVER HIDDEN THREATS IN ENCRYPTED TRAFFIC
SOLUTION BRIEF UNCOVER HIDDEN THREATS IN ENCRYPTED TRAFFIC SSL ENCRYPTION CHALLENGES To prevent attacks, intrusions and malware, enterprises need to inspect incoming and outgoing traffic for threats. Unfortunately,
More informationA Comprehensive CyberSecurity Policy
A Comprehensive CyberSecurity Policy Review of ALL NGFW Capabilities Attack Surface Reduction From Complex to Comprehensive Before and After of a PANW customer 1 2 1 Enhanced Policy on the L7 layer Leverage
More informationOutwit Cyber Criminals with Comprehensive Malware and Exploit Protection.
Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new
More informationPREVENT CREDENTIAL THEFT IN HEALTHCARE
PREVENT CREDENTIAL THEFT IN HEALTHCARE SPOTLIGHTS Industry Healthcare Use Case Prevent credential theft Credential Phishing and Credential Abuse Theft and abuse of stolen passwords is one of the oldest
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationA Modern Framework for Network Security in Government
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Governments are Undergoing Change Governments around the world are undergoing change.
More informationTRAPS ADVANCED ENDPOINT PROTECTION
TRAPS ADVANCED ENDPOINT PROTECTION Technology Overview Palo Alto Networks White Paper Most organizations deploy a number of security products to protect their endpoints, including one or more traditional
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationCitrix SD-WAN for Optimal Office 365 Connectivity and Performance
Solution Brief Citrix SD-WAN for Optimal Office 365 Connectivity and Performance Evolving Needs for WAN Network Architecture Enterprise networks have historically been architected to provide users access
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationVM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES
SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive common Google services. Many business initiatives, such
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCisco Security: Advanced Threat Defense for Microsoft Office 365
Cisco Email Security: Advanced Threat Defense for Microsoft Office 365 Microsoft Office 365 has become the standard productivity platform in organizations large and small around the world. It is a cost-effective
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationRethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team
Rethinking Security CLOUDSEC2016 Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team Breaches Are The New Normal Only The Scale Surprises Us OPM will send notifications
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID is a patent-pending traffic classification technology that identifies more than
More informationCABLE MSO AND TELCO USE CASE HANDBOOK
CALE MSO AND TELCO USE CASE HANDOOK ackground Service providers, including cable multiple-system operators, or MSOs, telecom network operators and other broadband providers, manage and secure multiple
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationIsla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide
Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities
More informationDDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud
SSL Orchestrator DDoS Hybrid Defender All-in-one solution designed to deliver increased visibility into encrypted traffic Comprehensive DDoS protection, tightly-integrated on-premises and cloud Converts
More informationSecurity 2.0: Balancing Business Enablement and Information Security
Security 2.0: Balancing Business Enablement and Information Security 10 New Requirements for Your Business Brian Wrozek IT Security Director Texas Instruments Why Your Current Firewall is Obsolete More
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationUnderstanding the Dynamic Update Mechanism Tech Note
Understanding the Dynamic Update Mechanism Tech Note Revision 0.A 2016, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Introduction... 3 Types of Updates... 3 Upgrade Architectures... 3 Download
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationSubscriber Data Correlation
Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationPANORAMA. Key Security Features
PANORAMA Security deployments are complex and can overload IT teams with complex security rules and mountains of data from multiple sources. Panorama network security management empowers you with easy-to-implement,
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationWhite Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.
White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationTechnical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems
Technical Overview of in Windows 7 and Windows Server 2008 R2 Microsoft Windows Family of Operating Systems Published: January 2009 This document supports a preliminary release of a software product that
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationACTIONABLE SECURITY INTELLIGENCE
ACTIONABLE SECURITY INTELLIGENCE Palo Alto Networks ACC, Logging and Reporting Data is widely available. What is scarce is the ability to extract actionable intelligence from it. Palo Alto Networks next-generation
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationIMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES
IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES Introduction Almost all enterprises have rogue or misconfigured certificates that are unknown to operations teams without a discovery tool they
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationLessons from the Human Immune System Gavin Hill, Director Threat Intelligence
Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationSentryWire Next generation packet capture and network security.
Next generation packet capture and network security. 1 The data landscape 5 big cyber security trends for 2018 More data, more danger. Data proliferation brings many new opportunities but also many downsides:
More information