Identity-Based Cyber Defense. March 2017

Similar documents
Dynamic Network Segmentation

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Designing and Building a Cybersecurity Program

Transport Access Control

End-to-End Trust, Segmentation and Segregation in the IIoT

Verizon Software Defined Perimeter (SDP).

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

AT&T Endpoint Security

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

align security instill confidence

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Building Resilience in a Digital Enterprise

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

CompTIA Cybersecurity Analyst+

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Security+ SY0-501 Study Guide Table of Contents

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Securing IOT for Blockchainbased

2017 Annual Meeting of Members and Board of Directors Meeting

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

ANATOMY OF AN ATTACK!

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Why Firewalls? Firewall Characteristics

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Understanding Cisco Cybersecurity Fundamentals

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Chapter 9. Firewalls

Securing Your Most Sensitive Data

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Simple and Powerful Security for PCI DSS

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

SYMANTEC DATA CENTER SECURITY

Cisco Self Defending Network

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Smart Attacks require Smart Defence Moving Target Defence

Best Practices in Securing a Multicloud World

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Rethinking Security: The Need For A Security Delivery Platform

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

CYBERSECURITY RISK LOWERING CHECKLIST

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

ForeScout ControlFabric TM Architecture

COMPUTER NETWORK SECURITY

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

PrecisionAccess Trusted Access Control

Education Network Security

Simple and secure PCI DSS compliance

Assessing Your Incident Response Capabilities Do You Have What it Takes?

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Automating the Top 20 CIS Critical Security Controls

Cisco Advanced Malware Protection against WannaCry

The Top 6 WAF Essentials to Achieve Application Security Efficacy

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

BETTER Mobile Threat Defense (BMTD)

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CIS Controls Measures and Metrics for Version 7

SACM Information Model Based on TNC Standards. Lisa Lorenzin & Steve Venema

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Next Generation Enduser Protection

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Securing Your Microsoft Azure Virtual Networks

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Agile Security Solutions

CSE 565 Computer Security Fall 2018

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

A Risk Management Platform

Achieving End-to-End Security in the Internet of Things (IoT)

SECURING THE CONNECTED ENTERPRISE.

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

Using Visibility To Turn The Tables on Cybercriminals

Securing Your Amazon Web Services Virtual Networks

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Agenda: Insurance Academy Event

The threat landscape is constantly

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Reviewer s guide. PureMessage for Windows/Exchange Product tour

deep (i) the most advanced solution for managed security services

INTRODUCING SOPHOS INTERCEPT X

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

Firewalls (IDS and IPS) MIS 5214 Week 6

Transcription:

Identity-Based Cyber Defense March 2017

Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting and remediating NextGen Firewalls Encryption Multi-factor Authentication Advanced Malware Protection Monitoring and Analytics 2

Network Security is a Major Failure Point THE FUNDAMENTAL PROBLEM WE ADDRESS Servers and clouds are vulnerable to network-based scans and attacks Network connections do not require authentication Network designs that expose services and accept unsolicited connections introduce significant risk Security leaders can reduce risks by using techniques that isolate services from the internet

What if You Could Isolate and cloak your network and services from unauthorized users Stop known and unknown attacks from occurring Protect against insider and 3rd party threats while providing identity attribution 4

BlackRidge is like Authenticated Caller-ID for the Internet Authenticates identity before answering the phone Protects networks, servers and applications from unwanted or malicious calls (network connections) Provides reduced risk and addresses compliance regulations 5

How it Works: First Packet Authentication BlackRidge fixes the vulnerability in the Network Transport Layer that is exploited in 100% of cyber BlackRidge Transport Access Control (TAC) authenticates identity and enforces security policy on the first packet, before a network session is established Scans and attacks occur during TCP Session setup time TCP/IP Session Setup Data Transfer Packet Flows time Network Session Packet Flow BlackRidge First Packet Authentication stops scans and attacks at the earliest possible time. Current security products start after network sessions are established. 6

No Network Security Measures In Place Anyone, bad or good, can access any port on the system. Port 50000 Port 3306 Port 443 Port 80 Port 53 Port 22 Port 21 March 28, 2017

Traditional Network Security Measures With a firewall you can block traffic from rogue (bad) IP addresses. Port 50000 Port 3306 Port 443 Port 80 Port 53 Port 22 However, what happens when a port scan comes from a trusted IP address? Port 21 What does refusing a connection tell you?

BlackRidge Stops Network-based Attacks and Supports Network Compliance Even scans from a trusted IP cannot get through without valid identity. Port 50000 Port 3306 Port 443 Port 80 Port 53 Port 22 It appears as if the host is not even there! Port 21

Most Networks Are Flat Networks are set up to deliver connectivity. 192.168.1.15 192.168.1.16 192.168.1.17 192.168.1.100 Without segmented routing any user can access every resource. 192.168.1.101 192.168.1.102

Remove the Flatness with BlackRidge 192.168.1.15 BlackRidge policy only forwards traffic to a resource that the identity is authorized 192.168.1.16 192.168.1.17 192.168.1.100 192.168.1.101 An organization can keep its IP schema and physical deployment and still provide network segmentation. 192.168.1.102

Isolated, Protected and Compliant You Can t Attack What You Can t See Without BlackRidge: Servers Being Scanned by Zenmap With BlackRidge Installed: Servers Not Found by Zenmap 12 Open Ports Found No Open Ports Found Cloaked, Protected and Compliant!

Use Case: Segment and Protect Management Network Trusted Client Trusted Client Switch Trusted Ingress port TAC Gateway Internet TAC Gateway Trusted Egress port Management Network Installation and test: <8 hours Branch Gateways installation and configuration No operational overhead Set it and forget it Untrusted Clients With BlackRidge, not only are we able to stop intruders from using secured network segments, they will not be able to see the castle. No approach, no breach. The BlackRidge solution represents a new way to look at cybersecurity. Bill Thirsk, CIO at Marist College

Use Case: Cloak Assets and Networks = Average soldier carry greater than six vulnerable points of network connectivity ddd Enemy forces are able to detect troops and vehicles, leaving them vulnerable to cyber and physical attack = BlackRidge Installed for Cyber Defense ddd BlackRidge cloaks networks and servers, blocking network scanning and reconnaissance and stopping attacks (stops the kill chain) 14

Case Study: DOE NREL Cybersecurity Testbed Distributed Grid Management lab project for cybersecurity and resilience requirements of the grid Function of the testbed is to emulate and demonstrate, as realistically as possible, real world environment Penetration testing performed by a 3 rd party BlackRidge provided in-line blocking to protect the Enterprise Information System and the two Advanced Substation Platforms. A Layered Solution to Cybersecurity, by Erfan Ibrahim, PhD Center Director, Cyber-Physical Systems Security & Resilience National Renewable Energy Lab Golden CO. Erfan.Ibrahim@NREL.gov http://www.blackridge.us/images/site/page-content/doe_nrel_cyber_security_testbed_whitepaper.pdf 15

End-to-End Enterprise and Cloud Deployment Virtual/Physical Appliances to Software Endpoints Data Center (Private Cloud) Data Center Branch Office Remote Users Internet Legacy LANs, VLANs Provider Router Provider Router Customer Router Security Stack 10/40/100G TAC Gateway Resources Protected by Network Gateway Security Stack Customer Router Resources Protected by Server Endpoint or Virtual Appliance Switch 1G/10G TAC Gateway TAC Endpoints Fixed and mobile Internet of Things

Lab Demo: Honeypots & Analytics BlackRidge 3110 Branch Gateway Internet Trusted User Trusted User Unmanaged Switch Untrusted Users BlackRidge 3100 Enterprise Gateway Cloud/Web Analytics & Honeypot Mgmt Protected Resource Unprotected Resource Cisco RV325 Elasticsearch Logstash Kibana (ELK)

Summary: A New Level of Real-Time Protection for Networked Systems Addresses a gap in TCP network security to stop today s advance persistent threats and attacks, and supports compliance BlackRidge is tested and validated by system and network vendors, commercial banks, Department of Defense, and intelligence services BlackRidge products available today as a physical or virtual solution for mainframe, cloud or any open system

Cyber Kill Chain THE FUNDAMENTAL PROBLEM Sequence WE ADDRESS of an Attack

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback