LA RELEVANCIA DEL ANALISIS POST- BRECHA Hillstone Networks Diego Amauri Orjuela Santamaria Director General ART2SEC 1 www.
Data Breaches 2 $3.79M average cost of a data breach in 2015 23% increase since 2013 $154 average cost per lost or stolen record 60% of attackers compromise the network within minutes 256 days is the average time to discover a breach 2 Ponemon & IBM, 2015; Verizon, 2016
Initial Breach Reconnaissance & Extend Foothold Data Exfiltration 3 Perimeter Security > Endpoint Security > Breach Detection... "The Last Line of Defense" mins hours days weeks months DAMAGE 66% of breaches remain undetected for months 87% of breaches are discovered by external parties 3
Data Breaches 4 4
Data Breaches 5 5
Adding Intelligence to Security 6 6
Abnormal Behavior Detection Behavior Learning & Modeling Abnormal behavior Analysis Threat & Risk Identification 7 Host/server behavior modeling by adaptive machine learning Layer 4-7, hundreds of behavior dimensions Real time Behavior Model and rules Identify abnormal dimensions by behavior partnering Quantitate risk severity and certainty by correlation analysis Threat forensics including suspicious and relevant PCAP Hillstone Intelligent Next-Generation Firewall 7
Advanced Threat Detection 8 Sample Parameter 1 Malware Behavior set 1 Sample Parameter 2 Malware Behavior set 2 Known malware Samples Machine Learning Sample Parameter 3 Clustering Modeling Malware Behavior set 3 Hillstone Intelligent Next-Generation Firewall Unknown Malware Malware Behavior Learning Unknown Malware Behavior Patterns Identify Malware Variants 8
Comprehensive Internal Network Risk and Threat Visibility Host/critical assets # by severity level (critical/high/medium/low) threat distribution by types (Malware/DoS/Scan/Phishing/S pam/other) and severity Total Threat # 9 Attackers geographic distribution by country Customized My Threat widget Top 10 attacks ranked in order of the # of performed attacks. 9
Real-time risk/threat monitoring for internal network critical assets and hosts 10 Threat information to a critical asset with risk certainty The critical assets distribution by severity Source of the threat to the selected critical assets Critical Assets defined by admin, including critical server, network device/storage, i-2850 support 32 critical assets and 10,000 risky hosts 10
Full life cycle threat visibility and insight through the cyber kill chain Name/IP/OS/Status/Zone of a selected critical asset/host, support 10+ OS including Linux, Mac, Widows, Android etc. Risk level and certainty of a selected critical asset/host 11 Map relevant threat events of a select critical asset to each step of the cyber kill chain 11
Complete application/traffic/connection monitoring 12 Statistical information of all the application/traffic/connection in and out of the server in a certain time period In Jan.7 th, the traffic in/out of the server is extremely higher than normal time, why? 12
Dedicated Internal Threat/Attack Monitoring 13 Host/address/application information related to the server from all internal IPs The application statistic to the server during the last 30 days 13
Rich Forensic Information for Threat Events 14 Threat analysis/kb/history information of a threat Name/Status and admin analysis option for a threat event View or download PCAP for forensic information Source/destination IP, period, profile, ID and URL of a detected threat 14
Kill Chain Mapping 15 Monetization Initial Exploit Delivery Command & Control Internal Reconnaissance Lateral Movement Exfiltration Map threat events into kill chain stages Show threat target IP Trace the threat over time through its lifecycle 15
Complete Threat/Risk Visibility 16 Network Risk Index Host Risk Correlation Analysis Host Host Host Threat Correlation Analysis Threat Threat Threat Threat Threat 16
Hillstone s Value Proposition 18 Shorten time between compromise and detection multiple detection and protection mechanisms and cloud ecosystem Comprehensive visibility Security correlation Analytics and Kill Chain Determine root cause of an attack Rich Forensic and Analysis Mitigate damage Policy Enforcement & Mitigation Templates 18
NSS Labs Recommended! Hillstone Networks NGFW Excellent Overall Value PRICE/PERFORMANCE 19 STATIC TEST RATE LIVE TEST RATE 19
Gracias Gracias 20