Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis
Network Admission Control
See Managed Unmanaged Computing Devices Agentless Continuous DIRECTORIES PATCH SIEM Network Devices Applications Antivirus out-of-date Vulnerability Broken agent ATD VA EMM IoT Visible with OTHER Visible Not Visible
Control Policy-driven Automated Users Network Endpoints Existing IT
Orchestrate Share context Automate workflows IBM IBM ControlFabric Open APIs
IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices
IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices
IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices
IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 54 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 5 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices
IT Security With ForeScout IBM IBM 1 See corporate, BYOD, IoT, rogue devices. FIREWALL SIEM ATD VA ENDPOINT PATCH EMM 2 Control network access based on user, device, policy Internet Directories Network 3 4 Find and fix vulnerabilities and security problems on managed endpoints Automate enrollment for guests and BYOD including mobile devices Network Infrastructure 65 Rapidly respond to incidents, without human intervention BYOD Devices Managed Devices IoT Devices Rogue Devices
Granular Controls Modest Strong Alert & Remediate Limit Access Move & Disable Open trouble ticket Send email notification SNMP Traps Syslog HTTP browser hijack Auditable end-user acknowledgement Self-remediation Integrate with systems and security management platforms. Send to WebService. Write to SQL/LDAP. Deploy a virtual firewall around an infected or non-compliant device Reassign the device into a VLAN with restricted access Update access lists (ACLs) on switches, firewalls and routers to restrict access DNS hijack (captive portal) Automatically move device to a preconfigured guest network Reassign device from production VLAN to quarantine VLAN Block access with 802.1X Alter login credentials to block access, VPN block Block access with device authentication Turn off switch port (802.1X, SNMP) Wi-Fi port block Terminate unauthorized applications Disable peripheral device
Next Generation Security Platform
Next Generation Security Platform
Identification Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content
Single-Pass Parallel Processing (SP3) Architecture Single Pass Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning threats, URLs, confidential data One policy Parallel Processing Function-specific parallel processing hardware engines Separate data/control planes Up to 200Gbps, Low Latency
Wildfire
Traps Advanced Endpoint Protection Prevent Exploits Including zero-day exploits Prevent Malware Including advanced & unknown malware Collect Attempted-Attack Forensics For further analysis Scalable & Lightweight Must be user-friendly and cover complete enterprise Integrate with Network and Cloud Security For data exchange and crossed-organization protection
Security Reimagined
Multi-Vector Virtual Execution Engine PURPOSE-BUILT FOR SECURITY HARDENED HYPERVISOR SIGNATURE-LESS EXPLOIT BASED DETECTION, NOT JUST FILE FINDS KNOWN AND UNKNOWN THREATS MULTI-VECTOR PERFORMANCE EFFICACY
Analyze, Detonate and Correlate ANALYZE 2 MILLION OBJECTS PER HOUR DETONATE CORRELATE WITHIN VMs ACROSS VMs CROSS ENTERPRISE
FireEye Ecosystem
Put pieces together!
Forescout + PaloAlto
Forescout + FireEye
DEMO!
Q&A