LA RELEVANCIA DEL ANALISIS POST- BRECHA

Transcription

1 LA RELEVANCIA DEL ANALISIS POST- BRECHA Hillstone Networks Diego Amauri Orjuela Santamaria Director General ART2SEC 1 www.

2 Data Breaches 2 $3.79M average cost of a data breach in % increase since 2013 $154 average cost per lost or stolen record 60% of attackers compromise the network within minutes 256 days is the average time to discover a breach 2 Ponemon & IBM, 2015; Verizon, 2016

3 Initial Breach Reconnaissance & Extend Foothold Data Exfiltration 3 Perimeter Security > Endpoint Security > Breach Detection... "The Last Line of Defense" mins hours days weeks months DAMAGE 66% of breaches remain undetected for months 87% of breaches are discovered by external parties 3

4 Data Breaches 4 4

5 Data Breaches 5 5

6 Adding Intelligence to Security 6 6

7 Abnormal Behavior Detection Behavior Learning & Modeling Abnormal behavior Analysis Threat & Risk Identification 7 Host/server behavior modeling by adaptive machine learning Layer 4-7, hundreds of behavior dimensions Real time Behavior Model and rules Identify abnormal dimensions by behavior partnering Quantitate risk severity and certainty by correlation analysis Threat forensics including suspicious and relevant PCAP Hillstone Intelligent Next-Generation Firewall 7

8 Advanced Threat Detection 8 Sample Parameter 1 Malware Behavior set 1 Sample Parameter 2 Malware Behavior set 2 Known malware Samples Machine Learning Sample Parameter 3 Clustering Modeling Malware Behavior set 3 Hillstone Intelligent Next-Generation Firewall Unknown Malware Malware Behavior Learning Unknown Malware Behavior Patterns Identify Malware Variants 8

9 Comprehensive Internal Network Risk and Threat Visibility Host/critical assets # by severity level (critical/high/medium/low) threat distribution by types (Malware/DoS/Scan/Phishing/S pam/other) and severity Total Threat # 9 Attackers geographic distribution by country Customized My Threat widget Top 10 attacks ranked in order of the # of performed attacks. 9

10 Real-time risk/threat monitoring for internal network critical assets and hosts 10 Threat information to a critical asset with risk certainty The critical assets distribution by severity Source of the threat to the selected critical assets Critical Assets defined by admin, including critical server, network device/storage, i-2850 support 32 critical assets and 10,000 risky hosts 10

11 Full life cycle threat visibility and insight through the cyber kill chain Name/IP/OS/Status/Zone of a selected critical asset/host, support 10+ OS including Linux, Mac, Widows, Android etc. Risk level and certainty of a selected critical asset/host 11 Map relevant threat events of a select critical asset to each step of the cyber kill chain 11

12 Complete application/traffic/connection monitoring 12 Statistical information of all the application/traffic/connection in and out of the server in a certain time period In Jan.7 th, the traffic in/out of the server is extremely higher than normal time, why? 12

13 Dedicated Internal Threat/Attack Monitoring 13 Host/address/application information related to the server from all internal IPs The application statistic to the server during the last 30 days 13

14 Rich Forensic Information for Threat Events 14 Threat analysis/kb/history information of a threat Name/Status and admin analysis option for a threat event View or download PCAP for forensic information Source/destination IP, period, profile, ID and URL of a detected threat 14

15 Kill Chain Mapping 15 Monetization Initial Exploit Delivery Command & Control Internal Reconnaissance Lateral Movement Exfiltration Map threat events into kill chain stages Show threat target IP Trace the threat over time through its lifecycle 15

16 Complete Threat/Risk Visibility 16 Network Risk Index Host Risk Correlation Analysis Host Host Host Threat Correlation Analysis Threat Threat Threat Threat Threat 16

17 Hillstone s Value Proposition 18 Shorten time between compromise and detection multiple detection and protection mechanisms and cloud ecosystem Comprehensive visibility Security correlation Analytics and Kill Chain Determine root cause of an attack Rich Forensic and Analysis Mitigate damage Policy Enforcement & Mitigation Templates 18

18 NSS Labs Recommended! Hillstone Networks NGFW Excellent Overall Value PRICE/PERFORMANCE 19 STATIC TEST RATE LIVE TEST RATE 19

19 Gracias Gracias 20