Security for the real World NG IPS Jean-Paul Kerouanton Sourcefire, Inc.

Similar documents
Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Next Generation IPS and Advance Malware Protection. Mahmoud Rabi Consulting Systems Engineer - Security

Agile Security Solutions

Snort: The World s Most Widely Deployed IPS Technology

Design and Deployment of SourceFire NGIPS and NGFWL

TECHNOLOGY BRIEF EXTENDING YOUR INVESTMENT IN SNORT

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Changing face of endpoint security

Introduction to the Cisco Sourcefire NGIPS

The Internet of Everything is changing Everything

The Future of Threat Prevention

Stopping Advanced Persistent Threats In Cloud and DataCenters

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Industrial Defender ASM. for Automation Systems Management

The case for the next-generation ips

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Build a Software-Defined Network to Defend your Business

PrecisionAccess Trusted Access Control

NIP6000 Next-Generation Intrusion Prevention System

Proactive Approach to Cyber Security

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

NIST Special Publication

Sourcefire and ThreatGrid. A new perspective on network security

Integrated, Intelligence driven Cyber Threat Hunting

Securing Industrial Control Systems

SIEM: Five Requirements that Solve the Bigger Business Issues

PT Unified Application Security Enforcement. ptsecurity.com

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Reinvent Your 2013 Security Management Strategy

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cisco Advanced Malware Protection. May 2016

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

IBM Security Network Protection Solutions

ANATOMY OF AN ATTACK!

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Cisco ASA 5500-X NGFW

IBM Next Generation Intrusion Prevention System

HP Software EMEA Performance Tour Zurich, Switzerland September 18

IBM Proventia Network Anomaly Detection System

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Securing the Modern Data Center with Trend Micro Deep Security

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

INFINIT Y TOTAL PROTECTION

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

Maximizing IT Security with Configuration Management WHITE PAPER

THE ACCENTURE CYBER DEFENSE SOLUTION

align security instill confidence

Critical Hygiene for Preventing Major Breaches

Cloud-Enable Your District s Network For Digital Learning

Securing Your Microsoft Azure Virtual Networks

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

Transforming Security from Defense in Depth to Comprehensive Security Assurance

IBM Rational Software

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Managed Endpoint Defense

Securing Your Amazon Web Services Virtual Networks

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Incident Response Agility: Leverage the Past and Present into the Future

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Sourcefire 3D System Appliance Specifications

Detect Fraud & Financial Crime

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

RSA IT Security Risk Management

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

NGFW Requirements for SMBs and Distributed Enterprises

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

May the (IBM) X-Force Be With You

Business Context: Key for Successful Risk Management

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

ICS Security Monitoring

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Software-Defined Secure Networks. Sergei Gotchev April 2016

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Ransomware A case study of the impact, recovery and remediation events

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

Vulnerability Management. If you only budget for one project this year...

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Symantec Network Security 7100 Series

BETTER Mobile Threat Defense (BMTD)

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Improving Your Network Defense. Joel M Snyder Senior Partner Opus One

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Threat Centric Vulnerability Management

CND Exam Blueprint v2.0

Cisco Firepower NGIPS Tuning and Best Practices

How to manage evolving threats on evolving ICT assets across Enterprise

Transcription:

Security for the real World NG IPS Jean-Paul Kerouanton Sourcefire, Inc. Prepared for:

Agenda Your Security Challenges About Sourcefire A New Approach How It Works Products & Services Questions & Next Steps 2

Let s Solve Problems What are your challenges? How are they being addressed today? What s your ideal solution? How are you organized? What is your timeframe for this project? 3

Why an IPS? (1) Vulnerability exposure just happen as you use software (+5 CVE / day in 2010) Average time for patching counts in months Personal usage of the internet by employees increase exposure Malware Targeted fishing SSL (gmail ) Social networks Smartphones 4

Why an IPS (2) 100% of modern attacks use authorised traffic, accounts and privileges on your network Most of modern attacks are designed not to destroy but to ex-filter information without being detected Stuxnet (SCADA) Aurora (IE Vuln) Destroyer worms and BotNets are still real and active 5

NGIPS : Definition

Today s Reality Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure. Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., The Future of Information Security is Context Aware and Adaptive, May 14, 2010 Dynamic Threats Organized attackers Sophisticated threats Multiple attack vectors Static Defenses Ineffective defenses Black box limits flexibility Set-and-forget doesn t work 7

About Sourcefire

About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE 9

Powered by Snort Global standard for Intrusion Detection and Prevention World s largest threat response community Interoperable with other security products Owned and controlled by Sourcefire, Inc. www.snort.org 10

Backed by the VRT 150+ Private & Public Threat Feeds Snort & ClamAV Community Insight Advanced Microsoft & Industry Disclosure 20,000 Malware Samples per Day Sourcefire Vulnerability Research Team (VRT) Research & Analysis Best-in-Class Threat Protection 11

A New Approach

Traditional IPS vs. Next-Generation IPS Traditional IPS Next-Generation IPS Closed & Blind Architecture Open & Customizable None or Limited Awareness Visibility & Intelligence 13 Human Intensive Automation Self Tuning & Precision

14 Traditional IPS vs. Next-Generation IPS

14 Traditional IPS vs. Next-Generation IPS

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

Traditional IPS vs. Next-Generation IPS Traditionnal IPS 14 300-1000

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

15 Traditional IPS vs. Next-Generation IPS

Next-Gen IPS The Power of Awareness Network Know what s there, what s vulnerable, and what s under attack Application Identify change and enforce policy on hundreds of applications Behavior Detect anomalies in configuration, connections and data flow Identity Know who is doing what, with what, and where 16

Next-Gen IPS Highly Automated Operation Real Time, All the Time! 17

How It Works

19 Context is everything

Context is everything How much security context would you like? 19

Context is everything Event:!! Attempted Privilege Gain Target:!! 96.16.242.135 19

Context is everything Event:!! Target:!! Host OS:! Applications:! Location:! Attempted Privilege Gain 96.16.242.135 (vulnerable) Blackberry Mail, Browser, Twitter Whitehouse, US Event:!! Attempted Privilege Gain Target:!! 96.16.242.135 19

Context is everything Event:!! Attempted Privilege Gain Target:!! 96.16.242.135 (vulnerable) Host OS:! Blackberry Applications:! Mail, Browswer, Twitter Location:! Whitehouse, US User ID:!! bobama Full Name:! Barack Obama Department:! Executive Branch Event:!! Target:!! Host OS:! Applications:! Location:! Attempted Privilege Gain 96.16.242.135 (vulnerable) Blackberry Mail, Browser, Twitter Whitehouse, US Event:!! Attempted Privilege Gain Target:!! 96.16.242.135 19

20 Monitor equipment configurations

Monitor equipment configurations Sample real-time Network map Create Baseline Compliance Map Compare for differences 20

Monitor equipment configurations Sample real-time Network map Create Baseline Compliance Map Compare for differences Actionable Event 20

Putting it all together Increasing accuracy in dynamic networks Pre-processor configuration Rule Mix PCN PCN IPS Asset Discovery Defense Center 21

Putting it all together Increasing accuracy in dynamic networks Pre-processor configuration Network attacks Rule Mix IPS PCN PCN Detected Incidents Asset Discovery Defense Center 21

Putting it all together Increasing accuracy in dynamic networks Pre-processor configuration Network attacks Rule Mix IPS PCN PCN Detected Incidents 1 Impact Correlation Asset Discovery Defense Center 21

Putting it all together Increasing accuracy in dynamic networks Pre-processor configuration Rule Mix Network attacks IPS False negatives PCN PCN Detected Incidents 1 Asset Discovery Defense Center 21

Putting it all together Increasing accuracy in dynamic networks Pre-processor configuration Rule Mix Network attacks IPS False negatives PCN PCN Updated Preprocessor configuration Detected Incidents Updated Rule Mix 1 Asset Discovery Automatic Rules Tuning Defense Center 21

Putting it all together Increasing accuracy in dynamic networks Updated Preprocessor Pre-processor configuration configuration Network attacks Updated Rule Rule Mix Mix IPS PCN PCN Detected Incidents 1 Asset Discovery Defense Center 21

Sourcefire Products

Mgmt Next-Generation IPS Products Defense Center Management Console Technologies Nextgeneration IPS Awareness 23 SSL Inspection Virtual Products

24 Sourcefire 3D system components

Sourcefire 3D system components Discover In-line IPS Sensing Network Passive In-line RNA Passive In-line RUA Passive 24 G/bit copper or fiber

Sourcefire 3D system components Discover Determine Sensing Network In-line IPS Passive Typically, 1Kb / event In-line RNA Typically. 100 bytes / event DC Passive In-line RUA Management Network Passive G/bit copper 24 G/bit copper or fiber

Sourcefire 3D system components Discover Determine Defend Sensing Network In-line IPS Passive Typically, 1Kb / event Email, SNMP, Syslog,SSL In-line RNA Typically. 100 bytes / event DC Firewall, IPS, Switchers, Routers Passive In-line RUA Management Network Configuration and Compliance Mgmt. Passive G/bit copper 24 G/bit copper or fiber

25 Sourcefire 3DSensors

Sourcefire 3DSensors De 5Mbps à 10Gbps Connectivité 1G Cuivre/fibre 10G LR 10G SR Cartes failopen intégrées Configuration de 4 à 12+ ports Dimensionnement: Débit #ports #instances 10/20 Gbit/s 4 Gbit/s 2 Gbit/s 1Gbit/s 500 Mbit/s 250 Mbit/s 100 Mbit/s 45 Mbit/s 5 Mbit/s 3D9900 3D6500 3D4500 3D3500 3D2500 3D2100 3D2000 3D1000 3D500 3 body plans 25

Why Sourcefire? Powered by Snort Driven by Awareness Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the Old Way! Try the Next Generation in Intrusion Detection & Prevention. 26

27 Questions & Next Steps

28 Demo System

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback