Intelligent Protection
Question: Have you or your customers business experienced advanced threats such as Ransomware in the last 12 months?
Don t forget what you are being paid to do. Align the goals of IT and IT Security to the goals of the business. Support management to reach those goals while mitigating risk to acceptable levels Making sure it is done in time and within budget. Be proactive Plan Prioritize Collaborate Analyze Understand Educate yourself and others Steven Covey
What is impacting Businesses Cyber attacks affected more SMBs in the past 12 months. A growing problem for SMBs is the inability to staff their IT functions. The biggest problem is not having the personnel to mitigate cyber risks, vulnerabilities and attacks. State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute
Ransomware: The TOP Security Concern Ransomware is a form of computer malware that restricts access to your computer and/or its information, while demanding you pay a ransom to regain access. Ransomware growth: Ransomware cost U.S. victims $209m in Q1, and $1b for 2016 - FBI 6 in 10 malware payloads are ransomware in Q1, 2017 Kaspersky Ransomware spam up 6000% in 2016 IBM Mobile ransomware increases 250% - Kaspersky A company is hit with ransomware every 40 seconds 83% of WatchGuard survey respondents believe ransomware # 1 threat Verizon 2017 DBIR
The Challenges of Advanced Malware Detection Volume of Threats Reputation Signatures & Lists of Malicious URLs, Domains, IPs Heuristics Common Malware Patterns Behaviors Odd Processes and Actions Deep Analysis Detonation of Suspicious Things Only catch what they KNOW is a threat On average antivirus software was only 61% effective in catching threats two weeks after their discovery. Large volume of false positives More than 80% of the 17,000 malware alerts an average business receives each week are false positives. Volume of threat indicators overwhelming 4% of malware alerts are actually investigated by security teams Identifying bleeding-edge threats an ongoing problem 38% of Malware is zero-day, and 95% of detected Malware is less than 24 hours old
New Industry Focus on Detection and Response Experts recommend rebalancing purchasing toward D&R Avoid siloed solutions. Look for ones that share info between stages MacDonald If you lack expertise, consider MSSP or MDR. Gartner s Adaptive Security Architecture Neil MacDonald
RECONNAISSANCE The attacker gathers information on the victim DELIVERY The attack payload is delivered through the network perimeter INFECTION/ INSTALLATION The attack payload is installed on the system and persistence is obtained COMPROMISE/ EXPLOIT Vulnerabilities from reconnaissance stage are exploited to launch an attack COMMAND AND CONTROL The attack payload calls home for instructions Cyber Kill Chain 3.0 LATERAL MOVEMENT/ PIVOTING The attacker moves behind the network perimeter to their final target OBJECTIVES/ EXFILTRATION The goal of the attack is accomplished
RECONNAISSANCE Packet Filtering Proxies DELIVERY Packet Filtering Web Blocker Application Control IPS APT Blocker Gateway AntiVirus Reputation Enabled Defense COMPROMISE/ EXPLOIT IPS APT Blocker Gateway AntiVirus INFECTION/ INSTALLATION APT Blocker Gateway AntiVirus TDR WatchGuard Breaks the Kill Chain COMMAND AND CONTROL Web Blocker IPS TDR Botnet Protection LATERAL MOVEMENT/ PIVOTING Packet Filtering IPS Application Control APT Blocker Gateway AntiVirus DLP Reputation Enabled Defense OBJECTIVES/ EXFILTRATION Packet Filtering DLP Botnet Protection
What s Needed? Endpoint Insight Responding to the threat of advanced malware requires the ability to monitor endpoints for behaviors that would indicate an attack, and the means to take action to stop the threat manually or automatically. Businesses are vulnerable to exploits and malware. Only 39 percent of respondents say the technologies currently used by their organization can detect and block most cyber attacks. Network Correlation and Threat Scoring The vast majority of cyber threats are delivered via the network. Correlating network events and endpoint behaviors into a single threat score gives you the insight you need to confidently respond to threats with the appropriate action. Advanced Threat Triage Malware is constantly evolving. Submitting suspicious files for execution in a cloud-sandbox that emulates a physical machine, manually or by policy, means you can protect against the latest threats, and triage security incidents with ease. State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute
Our Security, Delivered Your Way 1. Simplified Management 2. Intelligent Protection 3. Actionable Visibility
WatchGuard Total Security Suite Includes - Threat Detection and Response that is a collection of advanced Malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown and evasive threats.
INTRUSION PREVENTION SERVICE (IPS) IPS uses continually updated signatures to scan traffic on all major protocols to provide real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows. GATEWAY ANTIVIRUS (GAV) Leverage our continuously updated signatures to identify and block known spyware, viruses, trojans, worms, rogueware and blended threats including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don t slip by. REPUTATION ENABLED DEFENSE SERVICE (RED) A powerful, cloud-based reputation lookup service that protects web users from malicious sites and botnets, while dramatically improving web processing overhead. WEBBLOCKER URL FILTERING In addition to automatically blocking known malicious sites, WebBlocker s granular content and URL filtering tools enable you to block inappropriate content, conserve network bandwidth, and increase employee productivity. Application Control Selectively allow, block, or restrict access to applications based on a user s department, job function, and time of day and to then see, in realtime, what s being accessed on your network and by whom. spamblocker Real-time spam detection for protection from outbreaks. Our spamblocker is so fast and effective, it can review up to 4 billion messages per day. APT BLOCKER ADVANCED MALWARE PROTECTION APT Blocker uses an award-winning next-gen sandbox to detect and stop the most sophisticated attacks including ransomware, zero day threats and other advanced malware. THREAT DETECTION AND RESPONSE Correlate network and endpoint security events with enterprise-grade threat intelligence to detect, prioritize and enable immediate action to stop malware attacks. Improve visibility by evolving your existing security model to extend past prevention, to now include correlation, detection and response. DATA LOSS PREVENTION (DLP) This service prevents accidental or malicious data loss by scanning text and common file types to detect sensitive information attempting to leave the network. NETWORK DISCOVERY A subscription-based service for Firebox appliances that generates a visual map of all nodes on your network so you can easily see where you may be at risk.
Delivered Your Way Intelligent Protection Prevent Provide layered threat prevention that shuts down attacks targeted at your customers. Detect Leverage cutting-edge technology to quickly and effectively detect threats from the network to the endpoint with actionable alerts. Respond Take immediate action to mitigate known threats, whether they are on the network, endpoint, or wireless environment with policy automation.
What about Wi-Fi 1. Wi-Fi Password Cracking - Wireless access points that still use older security protocols, like WEP, make for easy targets because the passwords are notoriously easy to crack. 2. Rogue APs and Clients - Nothing physically prevents a cyber criminal from enabling a foreign access point near your hotspot with a matching SSID, which invites unsuspecting customers to log in. Users that fall victim to the rogue AP are susceptible to a malicious code injection. 3. Planting Malware - A common tactic used by hackers is to plant a backdoor on the network, allowing them to return at a later date to steal sensitive information. 4. Eavesdropping - Guests run the risk of having their private communications detected, or packets sniffed, by nosey cyber snoops while on an unprotected wireless network. 5. Data Theft - Joining a wireless network puts users at risk of losing private documents that may contain highly sensitive information to cyber thieves who opportunistically intercept data being sent through the network. 6. Inappropriate and Illegal Usage - Adult or extremist content can be offensive to neighboring users, and illegal downloads of protected media leave the business susceptible to copyright infringement lawsuits. 7. Bad Neighbors - Mobile attacks, such as Android s StageFright, can spread from guest to guest, even if victim zero is oblivious to the outbreak. 8. Man in the Middle Attack (MitM) - Mundane communication over Wi-Fi can lead to a breach when a villainous actor secretly intercepts and alters legitimate conversations. 9. Wireless DoS - Attackers can cause a standstill in Wi-Fi access by intentionally sending large amounts of traffic to legitimate access points, which disables the appliance from legitimate use. 10. Masquerading Attacks - Cyber criminals set on breaching Wi-Fi security commonly attempt to disguise their devices as legitimate or known devices by spoofing MAC addresses. 11. Misconfigured AP - Deploying access points without following Wi-Fi security best practices can lead to inadvertent misconfigurations, which often leads to a security risk.
WatchGuard Access Points and WIPS Security Patented marker-packet technology automatically classifies each access point so that rogue APs can be blocked
Protection to and from Cloud to On-premise Horizontal and Vertical Coverage Leverage IaaS, PaaS On-Premise and SaaS Ecosystem coverage
Comprehensive Coverage
Best in Class - Industry Leadership
A Complete Product Portfolio for Managed Security Deploy Maintain Upgrade Prevent Detect Respond Monitor Report Troubleshoot
But when it all said and done
Never forget what you are being paid to do. Align the goals of IT and IT Security to the goals of the business. Support management to reach those goals while mitigating risk to acceptable levels Making sure it is done in time and within budget. Be proactive Plan Prioritize Collaborate Analyze Understand Educate yourself and others Steven Covey
And never, never, never, forget to:
Thank You! Questions?