Agile Security Solutions

Similar documents
Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Protection - Before, During And After Attack

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Introduction to the Cisco Sourcefire NGIPS

Cisco Advanced Malware Protection for Networks

The Internet of Everything is changing Everything

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Cisco Advanced Malware Protection for Networks

Design and Deployment of SourceFire NGIPS and NGFWL

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco Advanced Malware Protection. May 2016

Cisco Security Exposed Through the Cyber Kill Chain

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Cisco ASA 5500-X NGFW

Network Visibility and Advanced Malware Protection. James Weathersby, Director Technical Marketing Gyorgy Acs, Consulting Security Engineer

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Advanced Malware Protection: A Buyer s Guide

Snort: The World s Most Widely Deployed IPS Technology

Cisco ASA with FirePOWER Services

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Sourcefire and ThreatGrid. A new perspective on network security

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Cisco Advanced Malware Protection for Endpoints

NGFW Requirements for SMBs and Distributed Enterprises

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

An Investment Checklist

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

The Internet of Everything is changing Everything

Cisco Advanced Malware Protection against WannaCry

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Proactive Approach to Cyber Security

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

CloudSOC and Security.cloud for Microsoft Office 365

We re ready. Are you?

McAfee Advanced Threat Defense

Stopping Advanced Persistent Threats In Cloud and DataCenters

SYMANTEC DATA CENTER SECURITY

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Security for the real World NG IPS Jean-Paul Kerouanton Sourcefire, Inc.

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cisco Advanced Malware Protection for Endpoints. Donald J Case BizCare, Inc. Saturday, May 19, 2018

THE ACCENTURE CYBER DEFENSE SOLUTION

Incident Response Agility: Leverage the Past and Present into the Future

Cisco Advanced Malware Protec3on

Cisco ASA with FirePOWER Services

align security instill confidence

Managed Endpoint Defense

Cisco FirePOWER 8000 Series Appliances

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Cisco ASA with FirePOWER Services

Next-Generation Network Security

Intelligent Cyber Security for Real World

ForeScout ControlFabric TM Architecture

Securing the Modern Data Center with Trend Micro Deep Security

Service Provider Security Architecture

Build a Software-Defined Network to Defend your Business

AMP for Endpoints & Threat Grid

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

Securing the Software-Defined Data Center

Fully Integrated, Threat-Focused Next-Generation Firewall

Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Cybersecurity Roadmap: Global Healthcare Security Architecture

The threat landscape is constantly

Deploying Intrusion Prevention Systems

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Lastline Breach Detection Platform

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

LA RELEVANCIA DEL ANALISIS POST- BRECHA

Trend Micro and IBM Security QRadar SIEM

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Threat Centric Network Security

ForeScout Extended Module for Carbon Black

McAfee Endpoint Threat Defense and Response Family

Unlocking the Power of the Cloud

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

NCIRC Security Tools NIAPC Submission Summary Juniper IDP 200

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Rethinking Security: The Need For A Security Delivery Platform

BUILDING A NEXT-GENERATION FIREWALL

SIEM: Five Requirements that Solve the Bigger Business Issues

Business Resiliency Through Superior Threat Defense

ForeScout Extended Module for Splunk

Cisco s Appliance-based Content Security: IronPort and Web Security

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.

Cisco AMP Solution. Rene Straube CSE, Cisco Germany January 2017

NetDefend Firewall UTM Services

Transcription:

Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM

Open Source SNORT 2

Consider these guys All were smart. All had security. All were seriously compromised. 3

The Industrialization of Hacking Goal: Glory, mode: Noise Goal Profit, mode: Stealth VIRUSES MACRO VIRUSES WORMS HACKERS SPYWARE / ROOTKITS APTs MALWARE 1985 1995 2000 2005 2010 Attackers and defenders drive each other to innovate resulting in distinct threat cycles Icons: attack vectors 4

So what are you trying to protect? SERVER INFRASTRUCTURE DESKTOPS USERS BYOD 5

Who are we fighting with? 6 6

Black Hole v2 7

Black Hole v2 8

Nuclear Pack 2.0 9

Note the advertising strip. 10

Agile Security process 11

Lockheed Martin s APT Kill Chain 12

One platform addresses entire attack continuum through software licenses BEFORE See it, Control it DURING Intelligent & Context Aware AFTER Retrospective Security NGFW NGIPS AMP APPLIANCES VIRTUAL 13

Sourcefire Agile Security Solutions Management Center APPLIANCES VIRTUAL NEXT- GENERATION FIREWALL NEXT- GENERATION INTRUSION PREVENTION ADVANCED MALWARE PROTECTION COLLECTIVE SECURITY INTELLIGENCE CONTEXTUAL AWARENESS HOSTS VIRTUAL MOBILE APPLIANCES VIRTUAL 14

FireSIGHT is built into all Sourcefire next-generation security solutions to provide the network intelligence and context you need to respond to changing conditions and threats. 15

FireSIGHT Saves Money and Improves Security IT Insight Spot rogue hosts, anomalies, policy violations, and more Impact Assessment Threat correlation reduces actionable events by up to 99% Automated Tuning Adjust IPS policies automatically based on network change User Identification Associate users with security and compliance events

FirePOWER supports a range of Sourcefire security solutions with unmatched performance, threat protection and energy efficiency. 17

FirePOWER Hardware Features LCD Display Quick and easy headless configuration Connectivity Choice Change and add connectivity inline with network requirements Configurable Bypass or Fail Closed Interfaces For IDS, IPS or Firewall deployments Device Stacking Scale monitoring capacity through stacking Lights Out Management Minimal operational impact SSD Solid State Drive for increased reliability Hardware Acceleration For best in class throughput, security, Rack size/mbps, and price/mbps 18

NGIPS / App Control / NGFW / AMP Fixed Connectivity Mixed / SFP Modular Connectivity Stackable FirePOWER Appliances IPS Throughput 40 Gbps 8290 All appliances include: Integrated lights-out management Sourcefire acceleration technology LCD display 30 Gbps 20 Gbps 10 Gbps 8270 8260 8250 6 Gbps 8140 SSL8200 SSL2000 SSL1500 4 Gbps 2 Gbps 1.5 Gbps 1.25 Gbps 1 Gbps 8130 8120 7125 7120 750 Mbps 7115 500 Mbps 250 Mbps 100 Mbps 50 Mbps 7110 7030 7020 7010 19

What is a Next-Generation IPS? Gartner Definition Support bump in the wire configuration without disrupting network traffic Act as a platform for network traffic inspection and intrusion detection and enforcement Standard first generation IPS capabilities Application awareness and full-stack visibility Context awareness Content awareness Agile engine Sourcefire defining_nextgeneration_netw_218641.pdf 20

Next Generation Firewall (NGFW) with Application Control 21

Reduce Risk Through Granular Application Control Control access for applications, users and devices Employees may view Facebook, but only Marketing may post to it No one may use peer-to-peer file sharing apps Over 2300 apps, devices, and more! 22

URL Filtering and reputation Block non-business-related sites by category Based on user and user group Provide URL reputation information 23

Advanced Malware Protection (AMP) 24

FireAMP Building Blocks Visibility and Control Lightweight Connector Watches for move/copy/execute Traps fingerprint & attributes Mobile Connector Watches for apps Traps fingerprint & attributes Advanced Malware Protection Network Defense Against Malware Identifies and Blocks Malicious Files Transaction Processing Analytics Intelligence Web-based Manager 25 25

Comprehensive AMP Features Feature Benefit Network Endpoint Malware Detection and Blocking Retrospective Detection File Trajectory Stop malware before it can compromise systems At the network and endpoints Turn back the clock against malware Continuous, persistent monitoring of files for retrospective malware detection/blocking Quickly understand the scope of the malware problem Malware tracking and visualization of malware and suspicious files across the network Device Trajectory Device Flow Correlation File Analysis Outbreak Control Indications of Compromise Deep analysis of root causes Visualization of system level activities for root cause determination Stop proliferation of malware and root causes at the endpoint Block malware communication and dropper activity at the endpoint Fast and safe file forensics Full file analysis to quickly understand malware and file behavior Quickly stop malware from spreading Control a suspicious file or malware outbreak across endpoints Spotlight systems at risk of active breach Prioritized list of compromised devices with links to inspect and remediate the problem 26

Visibility & Control with FireAMP Reporting Trajectories Analysis (Sandbox) Control (Compliance) 27 27

Spotlight: Reporting Applications Introducing Malware Threats Resident on First Scan Possible APT Customize by Group Schedule or On Demand 28 28

Spotlight: File Trajectory Malware Flight Recorder shows point of entry and extent of outbreak Discover the malware gateway to reduce the risk of re-infection Identify systems that have downloaded/executed a specific malware file 29 29

Spotlight: Device Trajectory Extremely powerful malware behavioral analysis and forensics tool. Analyze operating system behavior prior, during and post infection Trace each stage of infection and communication to other internal and external hosts 30 30

FireAMP Mobile Visibility: detect & analyze Android (2.1+) threats Cloud-based, real time Control: contain & remediate Blacklists Enterprise Ready Advanced Malware Protection Using Big Data Analytics 31 31

FireAMP Virtual Leverages VMware s EPSec API to integrate with vshield Deployed as virtual appliance on each host Managed via FireAMP s cloud portal Note: Because file activity is offloaded, File Trajectory will not display parent SHA 32 32

Retrospective Alerting What systems are affected? What is the point and method of entry? Continuous analysis Never forgets Network and devices Turns back the clock against malware 33

Collective Security Intelligence 34

Collective Security Intelligence Private & Public Threat Feeds IPS Rules Malware Protection Sourcefire Vulnerability Research Team Sandboxing Machine Learning Big Data Infrastructure Reputation Feeds Vulnerability Database Updates Sourcefire AEGIS Program Sandnets File Samples (>180,000 per day) FireAMP Community Honeypots Advanced Microsoft & Industry Disclosures SPARK Program Snort & ClamAV Open Source Communities

Protecting Your Network 2 SEU/SRU, 1 VDB updates per week 98.9% Vulnerability 2 > 10 CVE s coverage per NSS Labs IPS group test covered per day 4,310 new IPS rules 100% Same-day protection for Microsoft vulnerabilities >250,000 malware submissions per day 36

STP and a Threat Centric Ecosystem 37

Thank you very much for attention! 38

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback