Network Security. Multi-Layer Approach to Security. Protection, Detection, and Remediation. Clay Ostlund Business Development Manager

Similar documents
Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

ANATOMY OF AN ATTACK!

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

CloudSOC and Security.cloud for Microsoft Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Predicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Security for the Cloud Era

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Ransomware Defense The Ransomware Threat Is Real

Security Gap Analysis: Aggregrated Results

Cyber security tips and self-assessment for business

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

AT&T Endpoint Security

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Comprehensive Database Security

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Securing the SMB Cloud Generation

Endpoint Protection : Last line of defense?

THE ACCENTURE CYBER DEFENSE SOLUTION

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Securing Your Amazon Web Services Virtual Networks

Seqrite Endpoint Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Securing Your Microsoft Azure Virtual Networks

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

2017 Annual Meeting of Members and Board of Directors Meeting

IBM Security Network Protection Solutions

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Copyright 2011 Trend Micro Inc.

Securing Digital Transformation

Censornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH

Transforming Security from Defense in Depth to Comprehensive Security Assurance

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

align security instill confidence

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Synchronized Security

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Symantec Ransomware Protection

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Comprehensive datacenter protection

Comodo Certificate Manager

Securing Today s Mobile Workforce

Best Practices in Securing a Multicloud World

Cisco Security Enterprise License Agreement

CS 356 Operating System Security. Fall 2013

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Service Provider View of Cyber Security. July 2017

Gladiator Incident Alert

SYMANTEC DATA CENTER SECURITY

Changing face of endpoint security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

10 FOCUS AREAS FOR BREACH PREVENTION

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Transforming Security Part 2: From the Device to the Data Center

68 Insider Threat Red Flags

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Rethinking Security: The Need For A Security Delivery Platform

Cisco Firepower NGFW. Anticipate, block, and respond to threats

CipherCloud CASB+ Connector for ServiceNow

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

SECURING YOUR HOME NETWORK

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

BETTER Mobile Threat Defense (BMTD)

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Business Strategy Theatre

Securing Your Most Sensitive Data

Instantaneous protection and fast scans without the hassle of time-consuming patches and signature updates.

How Breaches Really Happen

Simple and Powerful Security for PCI DSS

Microsoft Security Management

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

hidden vulnerabilities

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Server Protection Buyers Guide

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

The Internet of Everything is changing Everything

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

AKAMAI CLOUD SECURITY SOLUTIONS

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

CYBERSECURITY RISK LOWERING CHECKLIST

ForeScout ControlFabric TM Architecture

NetDefend Firewall UTM Services

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

THE RISE OF GLOBAL THREAT INTELLIGENCE

Transcription:

Network Security Protection, Detection, and Remediation Multi-Layer Approach to Security Clay Ostlund Business Development Manager

What do these companies/organizations have in common?

Crime Syndicates New Mafia** (Hide in plain Site) Huge source of profits Nation States Chinese Russia Turkey North Korea Iran India WHY is Hacking on the rise? Hacktivist (Activism Hacking) Groups like Anonymous Groups that want to demonstrate their dissatisfaction with powerful organizations Businesses or Governments Easier than Ever to Create and Distribute Malware Malware toolkits non-developers can create and distribute malware

Malware Toolkits (Malware as a Service) 1. Sign up for the TOX Ransomware Service. The hosting Service is free. (You just have to register on the site.) 2. For Anonymity purposes - TOX uses TOR (Onion Router) and Bitcoin Over 1 per Week in 2015! 3. Once you register for the product, you can create your malware in three simple steps: 1. Enter your desired ransom amount Note the TOX Ransomware Service takes 20% of the ransom as commission 2. Enter your cause 3. Submit the captcha (To make sure you aren t a robot (comical), and download your executable malware 4. This process creates an executable of about 2MB that is disguised as a.scr (script) file which can be made to look like any document such as a PDF. The attacker distributes and installs the malware as they see fit. 5. The TOX site (on the TOR network) will track the number of installs and profit. 6. To withdraw funds, you need only supply a receiving Bitcoin address for the transfer (Malware as a Service - MaaS)

Targeting Small Businesses Small/Medium businesses often lack adequate security measures making them easy targets Small/Medium businesses don t have the resources to fight back so ransoms are paid at higher rates than larger enterprises Small/Medium businesses offer entry to bigger businesses The famous Target attack in 2013 was actually hacked through it s HVAC vendor Small/Medium business offer a much lower risk to attackers FBI/Secret Service can t investigate the sheer amount of attacks that happen, so they focus on the largest ones leaving small businesses to fend for themselves Malware Ratio in Email by Industry (Source: Symantec Internet Security Threat Report April 2016 Volume 21)

Common Attack Vectors Know your enemy and know yourself and you can fight a hundred battles without disaster. Sun Tzu (Attackers try to trick internet surfers into downloading malware) (Attackers try to decode a password or pin number through trial and error) (Attacker overloads a server with more requests than the server can process) (Attackers intercept data before it can be encrypted by SSL) (Attackers scan for open ports through which they exploit to gain access to your systems) (Attackers redirects users to bogus websites when they are trying to access a legitimate one) (Attackers leverage software/hardware bugs/flaws to gain access to your systems) (Phishing, Social Engineering, Compromised Devices, Advertisements, etc.) (Source Mcafee Labs, March 2016 Security Report)

Common Customer Scenario Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

Common Customer Scenario Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

What do these things have in common? Layers! The best strategy against today s threats is to employ a Defense-in-Depth Layers Strategy: Deploy multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Password Discovery Services Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Knowledge is the first line of defense, and when your people fail we must rely on a multi-layered security approach to protect you!

NINJIO COMPROMISED CREDENTIALS 63% of cyber attacks leverage stolen credentials The average employees use 27 apps at work Collaboration Social Media Content Sharing File Sharing Business Intelligence Other Breach one, breach them all.

Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Credentials Service Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

Security Policy Review & Remediation Assessment & Review: Policy Review: Document current Password Policy Document Screen Saver/Screen Lock Policy Security Review: Asset Detail Report Client Risk Report Share Permission Report External Vulnerability Report Remediation: Policy Remediation: Implement Strong Password Policy Implement Screen Saver/Screen Lock Policy Modify Service Account and other Never Expire accounts Security Remediation: Minimize risk by limiting shares, full admin accounts, and resource account permissions Mandate a patching policy & procedure Assess existing open ports and close all unnecessary external vulnerabilities Migrate unsecure remote resources to client VPN services

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Credentials Service Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

Zero-day Malware and Advanced Persistent Threat (APT) Prevention Predictive behavior recognition technology detects APTs and malware Dwell time alerting and reporting instantly reveals any endpoint infection Full visibility of any infection by endpoint with full reporting capabilities Always Protected and Up-To-Date No definition or signature file updates to manage Every endpoint protected individually (on and offline) All users instantly and collectively protected against new threats Fast and Easy to Deploy Never slows system performance Takes an average of 5 seconds to install and be fully operational World s smallest endpoint security agent (<750KB) Idle CPU usage of 0.10% 10.8% during scans Initial full system scan uses <15 MB of RAM Scheduled scans take an average of <30 seconds No conflict design so the agent can run alongside other security software No definition or signature Updates to Deploy or Manage Easy to Manage Low Operational Costs: No on premise hardware or software Full remote management of all endpoints Endpoint infection rollback and auto-remediation Highly automated management and customizable reporting Webroot leverages the Cloud to provide always up to date continuous real-time protection regardless of the users location. Anytime a file is modified, Webroot logs the change and validates if it is a known threat then takes action. Because all changes are logged, any changes that the WebRoot cloud later determines to be a threat (Zero Day attack) can be rolled back and mitigated Internet

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Credentials Service Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Mobile Workforce Cloud Applications Internet World Wide Web Email Office Workforce

Centralized Management Cloud Managed for Simplicity & Ease of Configuration Application Visibility and Control Always Up to Date Automatic Cloud Updates Security Features Stateful L2-L7 Identity-Based Firewall w/avc Intrusion Prevention (IPS) Advanced Malware Protection (AMP) Content Filtering (Category) Auto & Client VPN Meraki MX uses the AMP Threat Grid to capture and analyze file and traffic activity continuously For ports that are allowed > Traffic is sent to the IPS Engine for deeper inspection Stateful Firewall IPS Malware Protection Internet Which ports are Blocked vs Allowed

Meraki Security Center

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Credentials Service Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Mobile Workforce Backup Cloud Applications Internet World Wide Web Email Office Workforce Essentials Security Backup

Comprehensive Email Security Cloud Based Stop Email Threats before they get to your mail server Email SPAM Filtering Advanced Threat Detection Malware/Virus Filtering Link Protect Email Encryption Data Loss Prevention (DLP) Link Protect replaces all embedded links in emails with a link that hits the Barracuda Cloud to check for threats before the client is re-directed to the destination Advanced Threat Protection scans all attachments in real-time for ransomware, malware, virus, and targeted zero-day attacks before the messages are delivered to your mail service Internet Email Mail Server Message Encryption & Data Loss Prevention (DSP) Technology Internet Email Mail Server SPAM Filtering, Attachment Execution & Scanning, Link Protect

Cloud-Integrated All-in-One Backup Solution Backup locally to an onsite appliance Inline Deduplication for data storage savings Replication Offsite to Barracuda Secure Datacenters Unlimited Barracuda Cloud Storage SaaS Cloud-Cloud Hosted Application backup (Optional add-on) Backup Appliance Replicate to Barracuda s Secure Cloud Servers & Applications

Defense-in-Depth Layers Strategy Solution Purpose Security Layer Vector Security Awareness Training Compromised Credentials Service Education Compromised Account Scanning Authentication Services (Strong Password Requirements) Authorization Services (Access Control) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint) Stateful L7 Firewall, Intrusion Prevention & Detection (IPS/IDS) Advanced Malware Protection (AMP) Client VPN Services Application Visibility Controls Authentication Malware Protection (edge) Content Filter Email: SPAM Pretension & Advanced Threat Detection Email: Link Protection Email: Compliance, Data Loss Prevention (DLP), Encrypted Email Backup: Local and Cloud Backup SPAM, DLP, Encryption Malware Protection (edge) Backup Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (edge) Content Filter Cloud Services Security Policy Enforcement Cloud Access Security Broker (CASB) Authentication, Authorization Policy Enforcement Endpoint Malware & Virus Protection Advanced Persistent Threat & Zero Day Attack prevention Malware Protection (Endpoint)

Mobile Workforce Backup Cloud Applications Internet World Wide Web Email Office Workforce Essentials Security Backup

DNS-Layer Security Block threats before they reach your perimeter network Category Based Content Filtering Coverage ON or OFF the Enterprise network Protocol Independent Scale & Capacity #1 fastest and most reliable global DNS with 80M+ daily active users 100B+ daily Internet requests/connections 3M+ daily new domain names discovered Predictive Analysis Similar to Amazon learning from shopping patterns to suggest the next purchase, or Pandora learning from music listening patterns to play the next song, Umbrella learns from internet activity patterns to automatically identify attacker infrastructure being staged for the next threat. Device & Protocol Agnostic: Unlike agent based technologies, DNS layer protection extends to every device connected to the network even IoT devices

DNS-Layer Security Block threats before they reach your perimeter network Category Based Content Filtering Coverage ON or OFF the Enterprise network Protocol Independent Scale & Capacity #1 fastest and most reliable global DNS with 80M+ daily active users 100B+ daily Internet requests/connections 3M+ daily new domain names discovered Predictive Analysis Similar to Amazon learning from shopping patterns to suggest the next purchase, or Pandora learning from music listening patterns to play the next song, Umbrella learns from internet activity patterns to automatically identify attacker infrastructure being staged for the next threat. Device & Protocol Agnostic: Unlike agent based technologies, DNS layer protection extends to every device connected to the network even IoT devices Open DNS Cisco Umbrella Internet 1. User requests a Website www.google.com 2. Computer Asks it s DNS Server what IP Address to go to for the Web Address Requested 3. Cisco Umbrella (Open DNS) provides the DNS Name Resolution: 1. IF the Domain and resulting IP is known good, the connection is allowed 2. IF the Domain and resulting IP is known bad, the connection is blocked 3. IF the Domain and resulting IP is unknown to Cisco Umbrella, the response to the client is an IP Address for Cisco Umbrella vs the actual web server hosting the domain. All client traffic is sent through the Umbrella Platform which leverages Anti-Phishing, Advanced Malware Protection, File/Email Attachment Scanning and more

Anatomy of a Cyber Attack Reconnaissance and Infrastructure Setup Domain Registration, IP, ASN Intel., Public/Private Announcements Monitor Adaption Based on Results Patient Zero Hit Target Expansion Wide-Scale Adoption Defense Signature Built

Malware: Locky taddboxers.com (Flagged malicious: Sep 28, 2016)

Solution Staying Up to Date on patches is Critical Update Method Automatic Patching - Microsoft Update Policy Forced Update Schedule 100% Cloud Based Always up to date No User Action Required Automatic Firmware & Security Updates via the cloud No User Action Required Automatic Backup Schedule Marco Validated 100% Cloud Based (Email Protection) Always up to date No User Action Required 100% Cloud Based Always up to date No User Action Required Video Content is continually updated based on the threat landscape 100% Cloud Based Always up to date No User Action Required 100% Cloud Based Always up to date No User Action Required

Physical Security

Car accidents can still happen (Humans) but these tools keep injuries to a minimum

If you KNEW you were going to be compromised, would you DO security differently?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback