Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Similar documents
Security for the real World NG IPS Jean-Paul Kerouanton Sourcefire, Inc.

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Agile Security Solutions

align security instill confidence

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Snort: The World s Most Widely Deployed IPS Technology

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Symantec Security Monitoring Services

Business Strategy Theatre

SIEM: Five Requirements that Solve the Bigger Business Issues

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

BUILDING AND MAINTAINING SOC

locuz.com SOC Services

Popular SIEM vs aisiem

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

The Internet of Everything is changing Everything

THE ACCENTURE CYBER DEFENSE SOLUTION

Using Smart Cards to Protect Against Advanced Persistent Threat

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

The threat landscape is constantly

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Transforming Security from Defense in Depth to Comprehensive Security Assurance

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

CloudSOC and Security.cloud for Microsoft Office 365

Protection - Before, During And After Attack

Infoblox as Part of the Ecosystem

Securing Your Digital Transformation

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Reinvent Your 2013 Security Management Strategy

SIEM Solutions from McAfee

Business Context: Key for Successful Risk Management

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

FOR FINANCIAL SERVICES ORGANIZATIONS

IBM Rational Software

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Ransomware A case study of the impact, recovery and remediation events

Continuous protection to reduce risk and maintain production availability

Protect Your End-of-Life Windows Server 2003 Operating System

The Future of Threat Prevention

Nebraska CERT Conference

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Introducing Cyber Observer

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

AT&T Endpoint Security

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Proactive Approach to Cyber Security

Cybersecurity Roadmap: Global Healthcare Security Architecture

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

A Risk Management Platform

McAfee Public Cloud Server Security Suite

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Protect Your End-of-Life Windows Server 2003 Operating System

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

TECHNOLOGY BRIEF EXTENDING YOUR INVESTMENT IN SNORT

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Consolidation Committee Final Report

Protecting productivity with Industrial Security Services

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

Unlocking the Power of the Cloud

May the (IBM) X-Force Be With You

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

SYMANTEC DATA CENTER SECURITY

A Modern Framework for Network Security in Government

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

The Top 6 WAF Essentials to Achieve Application Security Efficacy

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Clearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds

Ransomware A case study of the impact, recovery and remediation events

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Automating the Top 20 CIS Critical Security Controls

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

CONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams

Enterprise & Cloud Security

RULES VERSUS MODELS IN YOUR SIEM

Build a Software-Defined Network to Defend your Business

ENDPOINT SECURITY STORMSHIELD PROTECTION FOR WORKSTATIONS. Protection for workstations, servers, and terminal devices

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

Combatting advanced threats with endpoint security intelligence

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES

Trend Micro and IBM Security QRadar SIEM

Transcription:

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc. 11-2010

About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. 2 Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE

Agenda Gartner Today s reality Our Challenges A New Approach Sourcefire NG Portfolio How it works Final thoughts Coming Up in 2011 Q/A 3

Today s Reality Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure. Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., The Future of Information Security is Context Aware and Adaptive, May 14, 2010 Dynamic Threats Organized attackers Sophisticated threats Multiple attack vectors Static Defenses Ineffective defenses Black box limits flexibility Set-and-forget doesn t work 4

Our Challenges Modern Threat Landscape: APTs (Advanced Persistent Threats) Increasing number of 0-days Harder to discover Reaction time is in essence Hybrid forms - transformation Point targets multiple vectors and sources Persistency W32.Stuxnet... 5

Our Challenges Resource and Cost constrains: Needed to deploy new systems to keep up How we can keep up with the needed expertise Now we can keep up with the daily management resource needs How we can keep up with the Incident Response time TCO How to justify this all emerging need and fit into our limited budgets? 6

A New Approach How about if you could have: Intelligent Integration and interoperability of your security systems Constantly and automatically updating view of your assets Automated correlation of the security events Appropriately automated counter measures Crucial detection of abnormal activity in your network I.e. Adaptive Security posture 7

Sourcefire Next-Gen Portfolio

Next-Generation IPS Defense Center Management Console Intrusion Prevention Awareness Technologies Networks SSL Inspection 9 Apps Behavior Virtualization Users

Sourcefire Ingredients + = Sourcefire IPS Solution Defense Center 3D Sensors Network Application Behavior User Defense Center Awareness Bundle + = Sourcefire Next-Gen IPS Solution 3D Sensors 10

Comprehensive Ecosystem Network Infrastructure SIEM / Log Management Configuration Management Incident Management 11 Vulnerability Management Systems Management

How It Works

Intelligent Correlation to the Target WINDOWS SERVER Attack Blocked Windows server vulnerable Attack Is Correlated to Targets LINUX SERVER Linux server not vulnerable Blocked Event Logged DEFENSE CENTER Latest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. Highpriority event generated for Windows Server target. 13

Intelligent Anomaly Detection Abnormal Behavior Logged & Alerts Triggered DEFENSE CENTER New rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate. 14 Abnormal Behavior Detected Hosts Compromised New Asset Detected IT Remediates Hosts

Intelligent Application Violation Compliance Event Logged & User Identified DEFENSE CENTER IT & HR Contact User Security team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR. 15 P2P App Triggers Whitelist Violation

Final thoughts Network security is tough and will remain so while hackers are intelligent and motivated Intrusion prevention can be easy, through the power of accurate detection coupled with intelligent automation Take the first step. Evaluate Sourcefire! FAIL is never more than a second away 16

Questions? Juha Launonen jlaunonen@sourcefire.com 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback