scalar security roadshow - vancouver presentation
Post on 30-May-2015
335 Views
Preview:
DESCRIPTION
TRANSCRIPT
1
Scalar Security Roadshow
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 2
Purpose of today’s session:
Provide insights on how Scalar and our partners address today’s complex security challenges
Gartner report highlights
3
• Security spend as % of IT budgets increased
• Strong correlation between Security budget and maturity
• Emphasis on network, applications and endpoint
• Insufficient investment in people and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
Scalar – brief overview
4© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 5
10 Years
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 6
16590180
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 7
100%Vancouver Calgary
Toronto
Ottawa
London
Montreal
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 8
54%
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 9
#51#1#1
5
ICT Security Company
Top 250 ICT Companies
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 10
An integrator of emerging technologies.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 11
Top tier technical talent.
• Engineers average 15 years of experience
• World-class experts from some of the leading organizations in the industry
• Dedicated teams: PMO, finance, sales and operations
• Canadian Authorized Training Centres
• We employ and retain top talent
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 12
Top awards.
• Brocade Partner of the Year~ Innovation
• Cisco Partner of the Year~ Data Centre & Virtualization
• NetApp Partner of the Year~ Central Canada
• VMware Global Emerging Products Partner of the Year
• F5 VAR Partner of the Year~ North America
• Palo Alto Networks Rookie of the Year
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 13
Our Focus
• Protection of Data and Systems
• High Performance Computing
• Flexible Solutions
Our security partners
14© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
Partners here today
15© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
SECURITY
FirePOWER
Rob BleekerSecurity Consulting Systems EngineerCCIE# 29033, [CCN|I|D|P], SFCE, CEH
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Agenda:
• New Security Model and Global Intelligence• The POWER in FirePOWER• FirePOWER Appliance• ASA with FirePOWER Services
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
The New Security Model
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block Defend
DURING
Point in Time Continuous
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Cyber Attack Chain
Recon Weaponization Deliver Exploit Install CnC Actions
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
DuringDetectBlock
Prevent
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Visibility Control
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000
Cisco Security Intelligence Operation (SIO)
Cisco® SIO
WWW Email WebDevices
IPS EndpointsNetworks
More Than 150 Million DEPLOYED ENDPOINTS
100 TBDATA RECEIVED PER DAY
1.6 MillionGLOBAL SENSORS
40% WORLDWIDE EMAIL TRAFFIC
13 BillionWEB REQUESTS
Cloud AnyConnect®IPS
ESA WSAASA WWW
3 to 5 MINUTE UPDATES
More Than 200PARAMETERS TRACKED
More Than 5500IPS SIGNATURES PRODUCED
More Than 8 MillionRULES PER DAY
More Than 70PUBLICATIONS PRODUCED
Information
Actions
More Than 40LANGUAGES
More Than 80PH.D, CCIE, CISSP, MSCE
More Than $100 Million
SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT
24 Hours Daily
OPERATIONS
More Than 800ENGINEERS, TECHNICIANS,
AND RESEARCHERS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Collective Security Intelligence
IPS Rules
MalwareProtection
ReputationFeeds
Vulnerability Database Updates
Sourcefire AEGIS™
Program
Private and Public
Threat FeedsSandnets FireAMP™
Community Honeypots
Advanced Microsoft
and Industry Disclosures
SPARK ProgramSnort and ClamAV
Open Source Communities
File Samples(>380,000 per Day)
Sourcefire VRT®
(Vulnerability Research Team)
SandboxingMachine Learning
Big Data Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
The POWER in FirePOWER
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
About Sourcefire
• Founded in 2001 by Snort Creator, Martin Roesch, CTO
• Headquarters: Columbia, MD
• Focus on enterprise and government customers
• Global Security Alliance ecosystem
• NASDAQ: FIRE
Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise.
Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Integrated Threat Defense Across the Attack Continuum
BEFOREControlEnforceHarden
DURING AFTERDetectBlock
Defend
ScopeContain
Remediate
Attack Continuum
Firewall / VPN
Granular App Control
Modern Threat Control
Advanced Malware Protection
Retrospective Security
IoCs / Incident Response
NGIPS
Security Intelligence
Web Security
Visibility and Automation
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
FireSIGHT™ Management Center:Full Stack Visibility
CATEGORIES EXAMPLESFirePOWER Services TYPICAL
IPSTYPICAL NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔
Malware Conficker, Flame ✔ ✗ ✗
Command & Control Servers C&C Security Intelligence ✔ ✗ ✗
Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗
Mobile Devices iPhone, Android, Jail ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Cisco phones ✔ ✗ ✗
Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗
Contextual AwarenessInformation Superiority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Correlates all intrusion events to an impact of the attack against the target
Impact Assessment IMPACT FLAG
ADMINISTRATOR ACTION
WHY
Act Immediately, Vulnerable
Event corresponds to vulnerability mapped to host
Investigate, Potentially Vulnerable
Relevant port open or protocol in use, but no vuln mapped
Good to Know, Currently Not Vulnerable
Relevant port not open or protocol not in use
Good to Know, Unknown Target
Monitored network, but unknown host
Good to Know, Unknown Network
Unmonitored network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Cisco FireSIGHT Simplifies Operations• Impact Assessment and Recommended Rules Automate
Routine Tasks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Visibility and Context
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Visibility and Context
File Sent
File Received
File Executed
File Moved
File Quarantined
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors
CnC Connections
Exploit Kits Admin Privilege Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections
Malware Executions
Office/PDF/Java Compromises
Dropper Infections
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
FirePOWER Services: Application Control
• Control access for applications, users and devices
• “Employees may view Facebook, but only Marketing may post to it”
• “No one may use peer-to-peer file sharing apps”
Over 3,000 apps, devices, and more!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
…Yet Another Open Source Success Story
• OpenAppID
• Open source application detection and control
Application-focused detection language tied to Snort engine
Enhances coverage and efficacy and accelerates development of application detectors
Empowers the community to share detectors for greater protection
Already over 1300 OpenAppID Detectors
Ties into a Snort Pre-processor for maximum performance and integration
Detection of applications on the network
Reporting on the usage statistics of apps (traffic)
Blocking of applications by policy
Extensions to the Snort rule language to enable application specification
Reporting of an “App Name” along with Security events (e.g. IPS/AMP)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
FirePOWER Services: URL Filtering
• Block non-business-related sites by category
• Based on user and user group
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
1) File Capture
FirePOWER Services: Advanced Malware
Malware Alert!
2) File Storage
4) Execution Report Available In Defense Center
Network Traffic
Collective Security Intelligence Sandbox
3) Send to Sandbox
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Reduced Cost and Complexity
• Multilayered protection in a single device
• Highly scalable for branch, internet edge, and data centers
• Automates security tasks
oImpact assessment
oPolicy tuning
oUser identification
• Integrate transparently with third-party security solutions through eStreamer API
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
FirePOWER Appliances
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Setting the New Standard for Advanced Threat Protection
• Industry-bestIntrusion Prevention
• Real-time Contextual Awareness
• Full Stack Visibility
• Intelligent Security Automation with FireSIGHT™
• Unparalleled Performance and Scalability
• Easily add Application Control, URL Filtering and Advanced Malware Protection with optional subscription licenses
Sourcefire FirePOWER™
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
IPS
P
erfo
rman
ce a
nd S
cala
bilit
y
Data CenterCampusBranch OfficeSOHO Internet Edge
FirePOWER 7100 Series500 Mbps – 1 Gbps
FirePOWER 7120/7125/81201 Gbps - 2 Gbps
FirePOWER 8100/82002 Gbps - 10 Gbps
FirePOWER 8200 Series10 Gbps – 40 Gbps
Platforms and Places in the Network
FirePOWER 7000 Series50 Mbps – 250 Mbps
FirePOWER 8300 Series15 Gbps – 60 Gbps
FirePOWER Feature SummaryNGIPS
• IPS Detection and Prevention• Security Updates• Reports, Alerts, and Dashboards• Centralized Policy Management• Custom IPS Rule Creation• Automated Impact Assessment• Automated Tuning• FireSIGHT Network & User
Intelligence• IT Policy Compliance Whitelists• File Type Determination• Network Behavior Analysis
You can ADD additional license• Application Control• User and User Group Control• Stateful Firewall Inspection
Switching and Routing• Network Address Translation• URL Filtering• File Blocking• Advanced Malware Protection
Virtual Appliances for VMWare and XEN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
ASA with FirePOWER Services
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
FirePOWER Services for ASA: Components
ASA 5585-X
FirePOWER Services Blade
• Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X
• SSD Drive Required• FirePOWER Services Software
Module• Licenses and Subscriptions
• Models: ASA 5585-X-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60
• New FirePOWER Services Hardware Module Required
• Licenses and Subscriptions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Superior Multilayered Protection• World’s most widely deployed, enterprise-class ASA stateful firewall
• Granular Application Visibility and Control (AVC)
• Industry-leading FirePOWER Next-Generation IPS (NGIPS)
• Reputation- and category-based URL filtering
• Advanced malware protection
CISCO ASA
Identity-Policy Control & VPN
URL Filtering(subscription)
FireSIGHTAnalytics & Automation
Advanced Malware
Protection(subscription)
Application Visibility &Control
Network FirewallRouting | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(subscription)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
ASA and FirePOWER Features• IPS Detection and Prevention• Security Updates• Reports, Alerts, and Dashboards• Centralized Policy Management• Custom IPS Rule Creation• Automated Impact Assessment• Automated Tuning• FireSIGHT Network & User Intelligence• IT Policy Compliance Whitelists• File Type Determination• Network Behavior Analysis• Application Control• User and User Group Control• Stateful Firewall Inspection Switching and
Routing• Network Address Translation• URL Filtering• File Blocking• Advanced Malware Protection• Identity-Based Firewall for enhanced user ID
awareness.
• Highly Secure remote access (IPSEC and SSL)• Proactive, near-real-time protection against Internet threats• Integrates with other essential network security tech• Supports Cisco TrustSec security group tags (SGTs) and • Extensive stateful inspection engine, • Site-to-site VPN, NAT, IPv6, • Dynamic Routing (including BGP)• HA, Clustering• Protection from botnets • Delivers high availability for high-resiliency application• Change of Authorization (CoA)
Q & A
The Perimeter is Dead, Long Live the Perimeter
Buu Lam
Field Systems Engineer
What is The Perimeter?
pe·rim·e·ter1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ
Defense in Depth?
Defense in depthThe principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system……Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth
What’s a Perimeter without a
F5 Agility 2014 52
Perimeter Security Technologies
Firewalls started out as proxies
Stateless filters accelerated firewalls, but
weakened security
Stateful firewalls added security with deep
inspection, but still fall short of proxies
F5 brings full proxy back to firewalls: highest
security matched by a high-scale and high-
performance architecture
A long time ago… and then… present day… and now with F5!
F5 Agility 2014 53
Protecting against Threats is challenging
Webification of apps Device proliferation
Evolving security threats Shifting perimeter
71% of internet experts predict most people will do work via web or mobile by 2020.
95% of workers use at least one personal device for work.
130 million enterprises will use mobile apps by 2014
58% of all e-theft tied to activist groups.
81% of breaches involved hacking
80% of new apps will target the cloud.
72% IT leaders have or will move applications to the cloud.
F5 Agility 2014 54
Evolving Security Threat Landscape
F5 Agility 2014 55
More sophisticated attacks are multi-layer
Application
SSL
DNS
Network
Its all about the Application.
F5 Agility 2014 57
BIG-IP Application Security Manager
Multiple deployment options
Visibility and analysis
Comprehensive protections
• Standalone or ADC add-on• Appliance or Virtual edition• Manual or automatic policy
building • 3rd party DAST integration
• Visibility and analysis• High speed customizable syslog• Granular attack details • Expert attack tracking
and profiling• Policy & compliance reporting• Integrates with SIEM software• Full HTTP/S request logging
• Granular rules on every HTTP element
• Client side parameter manipulation protection
• Response checks for error & data leakage
• AV integrations
BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.
F5 Agility 2014 58
L7 DDOS
Web Scraping
Web bot identification
XML filtering, validation & mitigation
ICAP anti-virus Integration
XML Firewall
Geolocation blocking
Comprehensive ProtectionsBIG-IP ASM extends protection to more than application vulnerabilities
ASM
F5 Agility 2014 59
90% of security investment focused here Yet 75% of attacks are focused here
Network ThreatsApplication
Threats
Attack Vectors
TCP SYN Flood
TCP Conn Flood
DNS Flood
HTTP GET Flood
Attack Vectors
HTTP Slow Loris
DNS Cache Poison
SQL Injection
Cross Site Scripting
F5 Agility 2014 60
Unique full-proxy architecture
iRule
iRule
iRule
TCP
SSL
HTTP
TCP
SSL
HTTP
iRule
iRule
iRule
ICMP floodSYN flood
SSL renegotiation
DataleakageSlowloris attackXSS
NetworkFirewall
WAF WAF
Who are you?AAA
F5 Agility 2014 62
Who’s Requesting Access?
IT challenged to:• Control access based on user-type and role• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)• Provide fast authentication and SSO• Audit and report access and application metrics
Manage access based on identity
Employees Partner Customer Administrator
F5 Agility 2014 63
Security at the Critical Point in the Network
Virtual
Physical
Cloud
Storage
Total Application Delivery Networking Services
Clients Remote access
SSLVPN
APPfirewall
F5 Agility 2014 64
BIG-IP APM Use Cases
Accelerated Remote Access
Enterprise Data & Apps
FederationCloud, SaaS,
and Partner Apps
InternetSecure Web Gateway
Internet Apps
BIG-IP APM
App Access ManagementOAMVDIExchangeSharepoint
F5 Agility 2014 65
Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
All of the above
F5 Agility 2014 67
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full Proxy Security
F5 Agility 2014 68
F5 Provides Complete Visibility and Control Across Applications and Users
IntelligentServicesPlatform
Users
Securing access to applications from anywhere
Resources
Protecting your applications regardless of where they live
TMOS
Network Firewall
Protocol Security
DDoS Protection
Dynamic Threat Defense
DNS Web Access
F5 Agility 2014 69
PROTECTING THE DATA CENTERUse case
• Consolidation of firewall, app security, traffic management• Protection for data centers and application servers
• High scale for the most common inbound protocols
Before f5
with f5
LoadBalancer
DNS Security
Network DDoS
Web Application Firewall
Web AccessManagement
LoadBalancer & SSL
Application DDoS
Firewall/VPN
F5 Agility 2014 70
F5 Bringing deep application fluency to Perimeter security
One platform
SSL inspection
Traffic management
DNS security
Access control
Applicationsecurity
Networkfirewall
EAL2+EAL4+ (in process)
DDoS mitigation
How do I implement perimeter Security with F5?
F5 Agility 2014 72
Reference Architectures
DDoS Protection
S/Gi Network Simplification
Security for Service
Providers
Application Services
Migration to Cloud DevOps
Secure Mobility
LTE Roaming
DNS
Cloud Federation
CloudBursting
F5 Agility 2014 73
Application attacksNetwork attacks Session attacks
OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods
SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks
BIG-IP ASMPositive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection
DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation
BIG-IP LTM and GTMHigh-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation
BIG-IP AFMSynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding.
Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions.
F5
mit
iga
tio
n t
ec
hn
olo
gie
s
Application (7)Presentation (6)Session (5)Transport (4)Network (3)Data Link (2)Physical (1)
Increasing difficulty of attack detection
F5
mit
iga
tio
n t
ec
hn
olo
gie
s
OSI stack
OSI stack
DDoS MITIGATION
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 75
Solve the Endpoint Security Challenge with Isolation, not Detection
Chris Cram
Security Solutions Architect
®
76
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps
Agenda
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Security Spending — ’05–’14
Up 294%$30B No!
Up 390%
Are breaches going down?
Malware/Breaches — ’05–’14Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint Problem
71% of all breaches
are from the endpoint!
Ineffective DetectionAdvanced Threats
Polymorphic Targeted …
Pattern Matching Only known Many ??? Costly remediation
“Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye
SVP, Symantec
5
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint ProblemIneffective DetectionAdvanced Threats
Polymorphic Targeted Zero Day
Pattern-Matching Only known Many false positives Costly remediation
71% of all breaches
start on the endpoint!
Source: Verizon Data Breach Report
4
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
80
@
Threats
@
Firewall IPS Web & Email Gateways
Network Detection Based
PCFirewall
PCAnti-virus
Endpoint Detection Based
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Advanced Attacks Evade Legacy Defenses
81
$0
$5B
$10B
$15B
$20B
$25B
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
HostIntrusionPreventio
n
EndpointSandboxing
ApplicationWhitelisting
Host WebFiltering
Cloud-based
AV detection
NetworkSandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 20142003 2013
Sega
Writerspace.com
RockYou!
Target
AOL
Living Social
CardsystemsSolutions Inc.
Evernote
CheckFree Corporation
Heartland
TK/ TJ Maxx
Blizzard
Auction.com.kr
Virginia Dept. of Health
AOL
Data Processors
International
KDDI
Gawker.com
Global Payments
RBS Worldpay
Drupal
Sony Pictures
MedicaidOhio State
University
Network Solutions Betfair
US Federal Reserve Bank of Clevelan
d
Citigroup
Seacoast Radiology,
PA
Restaurant Depot
Washington State court
system
University of California
Berkeley
AT&T
University of Wisconsin – Milwaukee
Central Hudson Gas &
Electric
TD Ameritrade
Sony PSN
San Francisco
Public Utilities
Commission
YahooJapan
Ebay
NeimanMarcus
MacRumour
s.Com
NASDAQ
Ubisoft
South Africa Police
YahooMonster.
com
Hannaford Brothers
Supermarket Chain
Washington Post
Three Iranian banks
KT Corp.
LexisNexisVirginia Prescription Monitoring
Program
UbuntuScribd
Sony Online EntertainmentSouthern
California Medical-Legal
Consultants
NeimanMarcus
Nintendo
Ankle & Foot
Center of Tampa Bay,
Inc.
Bethesda Game Studios
Puerto Rico Department
of Health
American
Express
PF Changs
Home Depo
t
Paytime
Aaron Brothers
Michael’s Stores
Sutherland Healthcare
Adobe
Snapchat
2013614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
82
$0
$5B
$10B
$15B
$20B
$25B
HostIntrusionPreventio
n
EndpointSandboxing
ApplicationWhitelisting
Host WebFiltering
Cloud-based
AV detection
NetworkSandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 20142003 2013
Breaches Starting from the Endpoint
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
2013614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
Bromium—Pioneer and Innovator
8© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
84
Microvisor
Hardware isolates each untrusted Windows task
Lightweight, fast, hidden, with an
unchanged native UX
Based on Xen with a small, secure
code base
Industry-standard desktop, laptop
hardware
Hardware Virtualization
Hardware Security Features
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Core Technology
85
Isolate all end user tasks – browsing, opening emails, files…
Utilize micro-virtualization and
the CPU to hardware isolate
Across major threat vectors—Web, email, USB, shares…
Seamless user experienceon standard PCs
How Bromium Solves The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Bromium vSentry
OS
Today’s signature and behavioral techniques miss many attacks
They almost always leave endpoints corrupted, requiring re-imaging
All user tasks and malware are isolated in a super-efficient micro-VM
All micro-VMs destroyed, elimi-nating all traces of malware with them
Hardware
OS Kernel
Anti-virus, sandbox and other security tools
Applications
OSHardware
Hardware-isolated Micro VMs
Traditional Endpoint Security
OS
OS
tab
OSOS
tab
10
Different from Traditional Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
WHOIs the Target
WHEREIs the Attacker
WHATIs the Goal
WHATIs the Technique
WHATIs the Intent
24© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
LAVA Understanding the Kill Chain
Java Legacy App
Support
PatchingOff Net Laptop Users
High Value Targets
Threat Intelligence
Secure Browsing
12
Use Cases
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
89
Defeat Attacks Eliminate compromises on the endpoint Deliver protection in the office or on the road
Streamline IT Reduce operational costs Dramatically increase IT productivity
Empower End Users Remove the burden of security from users Enable users to click on anything…anywhere
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Why Customers Deploy Bromium
90
The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective; endpoint is the weakest link
Bromium is redefining endpoint security with micro-virtualization
Enormous benefits in defeating attacks,streamlining IT and empowering users
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Summary
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 91
Questions?
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 92
Beyond Compliance
Rob Stonehouse – Chief Security Architect
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 93
The Rush To Compliance
“We have to be compliant!”
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 94
What Do We Know?
• The Internet wants all your information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on anything
…It is going to get worse
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 95
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose
20+ Years of Monitoring
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 96
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 97
What is The Answer?
Visibility
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 98
Get The Help You Need
You Can No Longer Do This Alone
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 99
Recap
• Reduce complexity – simplify
• Apply security at the infrastructure, applications and endpoint
• Augment technology with people and process
• Spend on security vs. compliance
• Gain visibility through effective security operations
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 100
Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 101
Scalar discovered what they overlooked.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 102
Changing Tactics
103
The way you look at security needs to change.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 104
SIEM
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 105
The SIEM is the heart and brain of the SOC. It moves data around quickly and analyses it with
continually updated intelligence.
Improved Intelligence
Scalar has the tools and experience to manage security in a complex technical landscape.
Scalar SOC
SIEM SOC Tools
Firewalls IPS VS AV/AM/AS
Servers End Points
Users
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 106
What is SIEM?
• Log Management
• Security Event Correlation and Analysis
• Security Alerting & Reporting
A solution which gathers, analyzes, and presents security information.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 107
Reporting
Quickly Identify Patterns of Activity, Traffic, and Attacks
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 108
Managed SIEM & Incident Response
• 24 x 7 Security Alert & System Availability Monitoring
• Security Incident Analysis & Response
• Infrastructure Incident, Change, Patch, and Configuration Management
Real-time security event monitoring and intelligent incident response
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 109
What should I look for in a provider?
• Breadth and Depth of Technical Capability
• Flexibility in Deployment, Reporting, and Engagement Options
• Experience with Customers in Diverse Industries
• A Partner Model
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 110
Getting Started
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 111
Proof of Value
4 Week Trial
• Dashboard for Real-time Data
• Weekly Security Report
• Detailed Final Summary Report
• Seamless Continuation into Full Service
You decide how we fit
112© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 12, 2023
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 113
Questions?
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 114
Putting our expertise into practice.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 115
Integrating, securing and managing systems for the most technologically advanced games ever.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 116
Building a centre of excellence that delivers a compute cluster to a global user community.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 117
2 banks. 5 months. 1 great enterprise application.
Mobile
Wallet
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 118
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 119
What’s next?
Looking for more info on security? Rob Stonehouse, Scalar’s Chief Security
Architect, discusses security beyond compliance on our blog here.
top related