Security inside out. The top seven reasons to optimize your network security model with a security delivery platform. See what matters.

Similar documents
Top Five Reasons You Need an. Elemental Shift in Your Security

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Rethinking Security: The Need For A Security Delivery Platform

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

AKAMAI CLOUD SECURITY SOLUTIONS

The Gigamon Visibility Platform

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

The Cognito automated threat detection and response platform

Best Practices in Securing a Multicloud World

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

ForeScout ControlFabric TM Architecture

Breaches are inevitable!

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

with Advanced Protection

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

IBM Cloud Internet Services: Optimizing security to protect your web applications

CSP 2017 Network Virtualisation and Security Scott McKinnon

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

CloudSOC and Security.cloud for Microsoft Office 365

Artificial Intelligence Drives the next Generation of Internet Security

FOR FINANCIAL SERVICES ORGANIZATIONS

Cisco Start. IT solutions designed to propel your business

Securing Digital Transformation

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

WHITEPAPER. How to secure your Post-perimeter world

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Are we breached? Deloitte's Cyber Threat Hunting

SOC AUTOMATION OF THREAT INVESTIGATION

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

HOSTED SECURITY SERVICES

Total Threat Protection. Whitepaper

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Automated Threat Management - in Real Time. Vectra Networks

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

The threat landscape is constantly

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

8 Must Have. Features for Risk-Based Vulnerability Management and More

Strategies for a Successful Security and Digital Transformation

Intelligent and Secure Network

ANATOMY OF AN ATTACK!

ForeScout Extended Module for Splunk

Maximum Security with Minimum Impact : Going Beyond Next Gen

The security challenge in a mobile world

Securing Your Most Sensitive Data

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

THE CLOUD SECURITY CHALLENGE:

68 Insider Threat Red Flags

Teradata and Protegrity High-Value Protection for High-Value Data

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Why Most IoT Projects Fail And how to ensure success with OSIsoft and Cisco Kinetic

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

Software-Defined Secure Networks. Sergei Gotchev April 2016

The Oracle Trust Fabric Securing the Cloud Journey

align security instill confidence

6 KEY SECURITY REQUIREMENTS

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Managed Endpoint Defense

Security and Compliance for Office 365

Combating Cyber Risk in the Supply Chain

RSA NetWitness Suite Respond in Minutes, Not Months

Security in India: Enabling a New Connected Era

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

2018 Edition. Security and Compliance for Office 365

Software-Defined Secure Networks in Action

U.S. State of Cybercrime

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Cisco Cloud Application Centric Infrastructure

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

THE ACCENTURE CYBER DEFENSE SOLUTION

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

CA Host-Based Intrusion Prevention System r8

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Juniper Sky Advanced Threat Prevention

and indeed live most of our lives online. Whether we are enterprise users or endpoint consumers, our digital experiences are increasingly delivered

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

JUNIPER SKY ADVANCED THREAT PREVENTION

Changing face of endpoint security

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Endpoint Protection : Last line of defense?

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Build a Software-Defined Network to Defend your Business

Transcription:

Security inside out. The top seven reasons to optimize your network security model with a security delivery platform. See what matters.

This is not a USB drive. It is a delivery vehicle for uncontrolled data. Understand and control what s connecting to your network with a security delivery platform. See what matters. 2

A new vision of network security. Gain visibility into every previously hidden corner of your network, so you can simplify and automate. Volume Speed Threats Complexity Risk Cost Securing an IT network has become more daunting and complex than ever. With the emergence of big data, Internet of Things, and machine-to-machine communications, immense volumes of data speed faster and faster across physical, virtual, and cloud infrastructures, linking billions of devices. Add in a growing number and variety of critical threats, including those originating from inside your organization, from cyber-terrorism, from malware, and from ransomware... and the result is a domain of ever-increasing cost, complexity, and risk. 3

REASON 1: Legacy security models are no match for modern threats. Perimeter and endpoint-based approaches are incomplete. These outmoded models can t defeat zero-day attacks from outside. And they provide limited defense against inside threats. The simple trust model no longer applies. Gone are the days when every device was owned, controlled, and secured by IT. Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it does not. Trends like BYOD and BYOS may be good for productivity, but they re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor, or a business partner on site. * Legacy static security frameworks cannot adapt. Today s networks are anything but static. With near-universal mobility of users, devices, and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid. * Dtex Systems: Insider Threat Intelligence Report. January 2017. 4

REASON 2: The anatomy of today s threats is increasingly complex. Today s large-scale breaches are complex. Many of these advanced persistent threats take place over multiple stages and extended periods of time, ranging from weeks to months. Threat stages Stage 1 RECONNAISSANCE A threat actor observes activity habits of network users to create profiles and attack strategies. Stage 2 PHISHING & ZERO DAY ATTACK Attacker draws first blood, typically with a phishing or drive by malware download attack that creates a backdoor into the user s system. If you look at a typical kill chain, the activities conducted by a particular actor go through a sequence of steps that are very hard to detect. These steps do not always happen in immediate succession, and can span a long period of time. An attack can remain dormant until it is reactivated, especially once it has opened a backdoor. Many of these activities can happen without breaching the security perimeter either because they involve trusted users, devices, or applications, or because that perimeter is subject to the mobility of these users, devices, or applications. Stage 3 BACK DOOR Malware establishes a firewallpermeable communications channel, with a remote command/control center, then uses it to download more malware and instructions. Stage 5 DATA GATHERING The malware identifies critical data and prepares it for exfiltration. Stage 4 LATERAL MOVEMENT Malware probes and propagates to other internal systems and opens other backdoors in case the initial one is detected and closed. Stage 6 EXFILTRATE Targeted data is stolen, en masse, through the various backdoors. The threat actor may then request ransom, expose information, or sell it. 5

REASON 3: Consequences can be persistent: You may be vulnerable to continuous attacks. System infection can persist. When a breach is extensive, the targeted organization often remains compromised. Even after a threat is detected and the network cleansed, some systems can remain infected making them vulnerable to continuous attack. Defeating SaaS s evil twin: malware-as-a-service. Such compromised systems are made available through sites offering malware-as-a service, an expanding dark web industry that gives individuals and organizations an easy and inexpensive way to mount crippling attacks, such as DDoS, at will. 6

This is not a smartphone. It is a transmission device that shares information about everything you do. See what matters. 7

REASON 4: Intrusions take a long time to detect... and they have a long lease on life. Complex, nuanced attacks infiltrate and lurk within hidden areas of today s networks, often taking weeks to detect and even longer to contain. Meanwhile, the attacker can wreak havoc on an organization s business by continuing to exfiltrate data. In addition, businesses can face serious consequences, from breach notification and reporting mandates to fines and potential litigation. Worse yet can be the impact on trust: leery customers are likely to take their business elsewhere. 15 168 The median number of days from intrusion to detection for internally detected breaches.* The median number of days from intrusion to detection for breaches detected and reported by external parties.* * Trustwave Holdings, Inc. 2016 Trustwave Global Security Report. 2016. 8

REASON 5: SecOps pros face a perfect storm of challenges.* It s tough to be in cybersecurity operations these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to know what needs attention. SecOps pros face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes. Skilled resources are stretched thin, with too few people covering too many responsibilities. Simplifying and automating key security operations processes must be a priority, along with adopting the right security technology architecture. User devices and apps not static (BYOD, BYOS) Emergence of big data Encryption of enterprise traffic Appliance performance degrades due to SSL No visibility into lateral threat propagation Data center transition to 100G Machine-to-machine data Internet of things (IoT) A significant percentage of malware uses encryption Perimeter security enables breaches anywhere Minimal SecOps staff Inadequate security skills Insufficient automation Simple trust model dissolves with boundaries * Cisco: Global Cloud Index. Dec, 2016. ESG Research: Network Security Trends, Oct, 2016. 9

REASON 6: Security fundamentals have changed. How we address threats has not. Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service, and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, more devices connecting from more places, and more widespread use of encryption. The whack-a-mole approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover everything and slows time to detection and containment and increases cost and complexity. TIME-TO-DETECTION AND TIME- TO-CONTAINMENT ARE TOO SLOW FUNDAMENTALLY UNCHANGED SECURITY MODELS EVOLVING TRAFFIC PATTERNS AND MOBILITY RISING USE OF ENCRYPTION 10

REASON 7: Ad-hoc security deployments have unintended consequences. Proliferation of security tools. Too many network security appliances of diverse types, at more places in the network, increase complexity and costs. Inconsistent view of traffic. Security appliances tied in at specific network points are often blind to traffic from other parts of the network. They also miss mobile users and apps as they circulate to other parts of the infrastructure. Contention for access to traffic. Too many tools trying to access traffic from the same points in the network: only one actually gets through. Blindness to encrypted traffic. Many security appliances can t see encrypted traffic and malware increasingly uses encryption to take advantage of this deficiency. Extraordinary costs. Management costs and complexity are soaring due to the proliferation of security tools across the network. Too many false positives. More security appliances create more false positives for SecOps staff to wade through. 11

This is not a router. It is a connection to the rest of the world. See what matters. 12

How can you optimize security in a landscape with so many challenges? Given the challenges outlined here from legacy approaches to complex persistent threats or increased burdens on SecOps what is the best approach to improving your overall security posture? You need to automate, simplify, and boost efficiency of your security operations so that you gain better control while optimizing your existing investments in core security tools. Automate Simplify Boost Efficiency Command and control for workflow Visibility Change control Fewer tools Less cost Less management/ operational overhead Decrease SecOps load Identify framework gaps Auditing Testing 13

A security delivery platform transforms your approach to security. You can automate, simplify, and boost efficiency of your security operations with a security delivery platform. Only Gigamon delivers a security delivery platform that lets you manage, secure, and understand what s happening with data in motion across your entire network and allows you to optimize your existing investments in security tools that help keep your organization safe. Next-generation Firewall Advanced Persistent Threat Data Loss Prevention User Behavior Analytics Centralized Tools SIEM Email Threat Detection APIs On-prem Data Center Remote Sites GigaSECURE Security Delivery Platform Physical Virtual Cloud Powered by GigaSMART Cisco ACI Private Cloud GigaVUE visibility nodes Metadata engine Application session filtering SSL decryption Inline bypass Public Cloud 14

Adopt a Defender Lifecycle Model: Rethink network security with GigaSECURE. The industry s first and only bona fide security delivery platform. GigaSECURE connects to your physical and virtual network, supporting both inline and out-of-band tools across multiple network segments simultaneously. Security tools link directly into GigaSECURE at their customary interface speeds, and then receive a high-fidelity stream of relevant traffic from across the network infrastructure. GigaSECURE delivers visibility into the lateral movement of malware, speeds the detection of exfiltration activity, and can significantly reduce the overhead, complexity, and cost of securing your entire network physical, virtual, and cloud. The Gigamon Security Delivery Platform provides an essential visibility foundation that allows you to adopt a Defender Lifecycle Model and shift the advantage away from attackers back to you. Prevention Basic Hygiene: Firewall, Endpoint, Segmentation, etc. Inline Bypass SSL Decryption Defender Lifecycle Model Detection Building Context: Big Data and Machine Learning Metadata Engine Application Session Filtering SSL Decryption Automated Prediction Triangulating Intent: Artificial Intelligence and Cognitive Solutions Metadata Engine Application Session Filtering SSL Decryption Automated Containment Taking Action: Firewalls, IPS, Endpoints, Routers Inline Enforcement GigaSECURE Security Delivery Platform Physical Virtual Cloud 15

Leverage the power of the Gigamon ecosystem. No platform stands alone, and the Gigamon Security Delivery Platform is no exception. Together, Gigamon and its ecosystem partners address all of your visibility and security requirements, so you can focus on what matters to your business. 16

Visit: www.gigamon.com/campaigns/see-what-matters or contact us at 408.831.4000 2017 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at www.gigamon. com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 1056-02 06/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback