Rethinking Security: The Need For A Security Delivery Platform

Similar documents
Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Security inside out. The top seven reasons to optimize your network security model with a security delivery platform. See what matters.

The Gigamon Visibility Platform

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

Automated Threat Management - in Real Time. Vectra Networks

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Top Five Reasons You Need an. Elemental Shift in Your Security

Copyright 2011 Trend Micro Inc.

Man kann nur schützen was man sieht - oder Zentrales Entschlüsseln von SSL/TLS Verkehr Rethinking Security

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Build a Software-Defined Network to Defend your Business

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The Future of Threat Prevention

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Next-Gen CASB. Patrick Koh Bitglass

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

RSA NetWitness Suite Respond in Minutes, Not Months

Check Point 4800 with Gigamon Inline Deployment Guide

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Network Security Monitoring with Flow Data

AKAMAI CLOUD SECURITY SOLUTIONS

Agile Security Solutions

The Evolution of : Continuous Advanced Threat Protection

BUFFERZONE Advanced Endpoint Security

Product Brief GigaVUE-VM

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

Advanced Endpoint Protection

The threat landscape is constantly

SentinelOne Technical Brief

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Comprehensive datacenter protection

Cisco Firepower NGFW. Anticipate, block, and respond to threats

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Changing face of endpoint security

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Proactive Approach to Cyber Security

Using Visibility To Turn The Tables on Cybercriminals

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

68 Insider Threat Red Flags

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Snort: The World s Most Widely Deployed IPS Technology

SYMANTEC DATA CENTER SECURITY

DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Windows Server The operating system

Operationalizing the Three Principles of Advanced Threat Detection

Gladiator Incident Alert

ARIA SDS. Application

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Total Threat Protection. Whitepaper

Validating the Security of the Borderless Infrastructure

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

SentinelOne Technical Brief

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

CloudSOC and Security.cloud for Microsoft Office 365

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Business Strategy Theatre

Cisco Start. IT solutions designed to propel your business

Un SOC avanzato per una efficace risposta al cybercrime

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

Reinvent Your 2013 Security Management Strategy

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Synchronized Security In Action

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

align security instill confidence

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

BUILDING A NEXT-GENERATION FIREWALL

Encrypted Traffic Analytics

The Internet of Everything is changing Everything

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

BUFFERZONE Advanced Endpoint Security

Compare Security Analytics Solutions

Implementing Cisco Network Security (IINS) 3.0

Building Resilience in a Digital Enterprise

IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots

SOC AUTOMATION OF THREAT INVESTIGATION

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Driving Network Visibility

Secure Access & SWIFT Customer Security Controls Framework

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Symantec Network Access Control Starter Edition

CIH

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Unlocking the Power of the Cloud

Transcription:

Rethinking Security: The Need For A Security Delivery Platform

Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries and number of financial institutions and high value businesses. Jeff Price, Experian Southeast Asia Managing Director Organizations in the Asia-Pacific region were forecast to spend $230 billion to deal with cybersecurity breaches in 2014 the highest amount for any region in the world. - IDC and the National University of Singapore The problem with having a prevention-only focus is that if you're just putting your budget there, most often, you don't have a good solid investment in detection technology and the incident response process, Laurence Pingree, Gartner Research Director, Gartner Risk Summit, Dubai 2

Traditional Security Model Perimeter or Endpoint Based Inside vs. outside Focus on prevention Rule based Signature based Simple Trust Model Trusted vs Un-trusted Corporate vs. personal asset Insider-outsider boundary dissolved BYOD Static Environment Fixed locations, zones, perimeters Mobility of users, devices and applications 3

Traditional Security Model Perimeter or Endpoint Based Simple Trust Model Static Environment Inside vs. outside Focus on prevention More importantly Trusted vs Un-trusted THE VERY NATURE Corporate vs. personal asset OF CYBER THREATS HAS CHANGED! Fixed locations, zones, perimeters Rule based Signature based Insider-outsider boundary dissolved BYOD Mobility of users, devices and applications 4

Anatomy of an Advanced Persistent Threat (APT) 1 2 3 4 5 6 Reconnaissance Phishing & zero day attack Back door Lateral movement Data gathering Exfiltrate In Many Cases the System Stays Breached After Exfiltration! Source: RSA 5

Mitigating Risk Remains Difficult The mean number of days from initial intrusion to detection* The average lifespan of a zero-day before it is discovered or disclosed* of organizations in the study were breached during the test period** of organizations had active Command & Control (C&C) communications** Sources: *Trustwave 2014 global security report **FireEye: Maginot revisited 6

What Else Has Changed That Impacts Security? FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS Internet Firewall DMZ IPS Core Switch IDS No visibility into lateral propagation of threats! Spine Leaf Server Farm 7

What Else Has Changed That Impacts Security? MOBILITY Internet Firewall DMZ IPS Core Switch IDS No visibility into lateral propagation of threats! Spine Leaf Server Farm 8

What Else Has Changed That Impacts Security? GROWING USE OF SSL 25%-35% of enterprise traffic today is SSL 1 Security and Performance management tools are either blind to SSL traffic or get overloaded if they decrypt SSL Large (2048b) ciphers cause an 81% performance degradation in existing SSL architectures 1 More than 50% of network attacks in 2017 will use encrypted traffic to bypass controls (vs. 5% today) 2 How to ensure security, manage risk, ensure compliance with growing use of encrypted traffic? 1 NSS Labs 2 Gartner 9

A Perfect Storm: The Need To Rethink Security Architecture Changed Threat Model Fundamentally Unchanged Security Trust Model At Will Security Breaches Rising Use of Encryption Changed Traffic Patterns and Mobility 10

Finding the Threat Within: Challenges With Ad Hoc Security Deployments VISIBILITY LIMITED TO A POINT IN TIME OR PLACE Significant blind spots Extraordinary costs Contention for access to traffic Inconsistent view of traffic Blind to encrypted traffic Too many false positives Intrusion Detection System Data Loss Prevention Email Threat Detection Leaf switches Virtualized Server Farm It is time the balance of power shifted from attacker to defender! Internet Routers Spine switches IPS (Inline) Anti-Malware (Inline) Forensics 11

Transformation through visibility: The Need For A Security Delivery Platform Internet IPS (Inline) Anti-Malware (Inline) Data Loss Prevention Intrusion Detection System Forensics Email Threat Detection Routers Spine switches Security Delivery Platform Leaf switches A complete network-wide reach: physical and virtual Scalable metadata extraction for improved forensics Isolation of applications for targeted inspection Visibility to encrypted traffic for threat detection Inline for prevention and 0ut-of-band for detection Virtualized Server Farm Security Delivery Platform: A foundational building block to effective security 12

Requirements For Network Wide Reach Terabit scale visibility nodes with the ability to cluster multiple nodes Traffic aggregation and intelligent filtering Replicate traffic to multiple security appliances without performance impact Non-intrusive access to virtual traffic via a lightweight user-space monitoring VM Follow the VM : Uninterrupted security monitoring during virtual workload migration Extend the security function to virtual traffic Non-intrusive access to TAP all network traffic from 10 Mb to 100 Gb links Cost effective options for retrieving traffic from all required segments 13

Requirements For NetFlow / IPFIX Generation Flow Metadata Unsampled (1:1) NetFlow/IPFIX record generation to detect low-and-slow attacks Filter records based on configurable parameters to predetermined tools Offload NetFlow/IPFIX record generation from overloaded network infrastructure SIEM and NetFlow Forensics Integration Enable end-to-end security enforcement with visibility into every flow Detect Command and Control communications Support for industry-leading SIEM and NetFlow forensics collectors Advanced information elements Support multiple NetFlow collectors and versions i.e. NetFlow v5/v9 and IPFIX Leverage LLDP / CDP information to pinpoint network source 14

Need For Application Traffic Steering 4 3 2 1 Video Monitor 4 4 3 3 2 2 1 1 4 3 2 1 Email Application Session Filtering Monitor 2 2 1 1 Collector Offloads security device from looking at irrelevant traffic Increases security application efficacy and reduces false positives Optimizes security device compute and deployment scale 15

LAN Workstations SSL Decryption OUT-OF-BAND SSL DECRYPTION USING THE SECURITY DELIVERY PLATFORM IDS at the Perimeter Server Rack Router Firewall TAP Switch (Physical / Virtual) SSL Decryption IDS Anti-malware for Web Apps SSL Decryption Anti- Malware DLP at remote sites Router SSL Decryption DLP Firewall with SSL Proxy HQ TAP Database Router Branch 16

Importance of Inline/Out of Band Toggling Inline Bypass Maximize tool efficacy Increase scale of security monitoring Add, Remove, and Upgrade tools without disruption Consolidate multiple points of failure into a single, bypass-protected solution Integrate Inline, Out-of-Band, and Flow-based tools 17

Benefits of a Security Delivery Platform FASTER DETECTION, FASTER CONTAINMENT Consistent network wide traffic view for all security appliances, all the time Eliminate departmental and appliance level contention for access to data No disruption to network traffic as security solutions get deployed or upgraded, or when moving from out-of-band to inline deployments Eliminate blind spots associated with encrypted traffic, mobility Significantly offload security appliances through full session offload and full flow metadata Faster identification of malware movement, faster time to containment 18

Sample Configuration SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM APM 19

Summary The security state of today s networks is catalyzing an acute need to shift security architecture from prevention toward detection and response This new security model has a critical reliance on network visibility with which to vet, deploy and scale security applications and devices A Security Delivery Platform (SDP), is poised to transform the way security services are deployed and leveraged by making them more effective at protection, more dynamic and more costeffective 20

Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback