Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Similar documents
2013 InterWorks, Page 1

ForeScout Agentless Visibility and Control

ForeScout ControlFabric TM Architecture

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

ForeScout Extended Module for Carbon Black

NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL

Symantec Endpoint Protection Family Feature Comparison

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

ForeScout Extended Module for Splunk

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Stop Threats Before They Stop You

Deployment Guide. ForeScout CounterACT Deployment on Juniper Networks:Wired Post-Connect

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Datacenter Security: Protection Beyond OS LifeCycle

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Palo Alto Networks PCNSE7 Exam

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

ForeScout Extended Module for VMware AirWatch MDM

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Compare Security Analytics Solutions

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3

Deployment Guide. Best Practices for CounterACT Deployment: Guest Management

ForeScout Extended Module for MobileIron

Aerohive and IntelliGO End-to-End Security for devices on your network

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

HiveManager Local Cloud

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Infoblox as Part of the Ecosystem

Un SOC avanzato per una efficace risposta al cybercrime

ForeScout App for IBM QRadar

Intelligent Edge Protection

Deployment Guide. ForeScout CounterACT Deployment on Juniper Networks: Wired Pre-Connect

ForeScout CounterACT Features and Benefits with HITRUST

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

ForeScout Extended Module for MaaS360

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Designing and Building a Cybersecurity Program

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Seceon s Open Threat Management software

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Deployment Guide. Best Practices for CounterACT Deployment: Wired Pre-Connect

Detecting MAC Spoofing Using ForeScout CounterACT

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

White Paper. Comply to Connect with the ForeScout Platform

Cisco Secure Access Control

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Port Mirroring in CounterACT. CounterACT Technical Note

Dynamic Datacenter Security Solidex, November 2009

Identity Based Network Access

McAfee Network Security Platform 8.3

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Security+ SY0-501 Study Guide Table of Contents

TRAPS ADVANCED ENDPOINT PROTECTION

Addressing PCI DSS 3.2

McAfee Network Security Platform 9.1

An Independent Assessment of ForeScout CounterACT

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

McAfee Endpoint Threat Defense and Response Family

Wireless and Network Security Integration Solution Overview

Speed Up Incident Response with Actionable Forensic Analytics

Cisco Firepower NGFW. Anticipate, block, and respond to threats

ForeScout CounterACT. Automated Security Control Platform. Network Access Control Mobile Security Endpoint Compliance Threat Prevention

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

What Happened? IoT, OT and Convergence

Comodo Certificate Manager

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

McAfee Virtual Network Security Platform 8.4 Revision A

ForeScout Extended Module for Splunk

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

CYBERSECURITY RISK LOWERING CHECKLIST

Technical Evaluation Best Practices Guide

Security Configuration Assessment (SCA)

Secure Access - Update

IC32E - Pre-Instructional Survey

THE ACCENTURE CYBER DEFENSE SOLUTION

CIS Controls Measures and Metrics for Version 7

ARUBA 360 SECURE FABRIC

INTRODUCING SOPHOS INTERCEPT X

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Transcription:

Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Network Admission Control

See Managed Unmanaged Computing Devices Agentless Continuous DIRECTORIES PATCH SIEM Network Devices Applications Antivirus out-of-date Vulnerability Broken agent ATD VA EMM IoT Visible with OTHER Visible Not Visible

Control Policy-driven Automated Users Network Endpoints Existing IT

Orchestrate Share context Automate workflows IBM IBM ControlFabric Open APIs

IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices

IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices

IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices

IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 54 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices

IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 65 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices

Granular Controls Modest Strong Alert & Remediate Limit Access Move & Disable Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with systems and security management platforms. Send to WebService. Write to SQL/LDAP. Deploy a virtual firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls and routers to restrict access DNS hijack (captive portal) Automatically move device to a preconfigured guest network Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access, VPN block Block access with device authentication Turn off switch port (802.1X, SNMP) Wi-Fi port block Terminate unauthorized applications Disable peripheral device

Next Generation Security Platform

Next Generation Security Platform

Identification Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content

Single-Pass Parallel Processing (SP3) Architecture Single Pass Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning threats, URLs, confidential data One policy Parallel Processing Function-specific parallel processing hardware engines Separate data/control planes Up to 200Gbps, Low Latency

Wildfire

Traps Advanced Endpoint Protection Prevent Exploits Including zero-day exploits Prevent Malware Including advanced & unknown malware Collect Attempted-Attack Forensics For further analysis Scalable & Lightweight Must be user-friendly and cover complete enterprise Integrate with Network and Cloud Security For data exchange and crossed-organization protection

Security Reimagined

Multi-Vector Virtual Execution Engine PURPOSE-BUILT FOR SECURITY HARDENED HYPERVISOR SIGNATURE-LESS EXPLOIT BASED DETECTION, NOT JUST FILE FINDS KNOWN AND UNKNOWN THREATS MULTI-VECTOR PERFORMANCE EFFICACY

Analyze, Detonate and Correlate ANALYZE 2 MILLION OBJECTS PER HOUR DETONATE CORRELATE WITHIN VMs ACROSS VMs CROSS ENTERPRISE

FireEye Ecosystem

Put pieces together!

Forescout + PaloAlto

Forescout + FireEye

DEMO!

Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback