security automation challenge - exclusive networks - security... · company profile author: flavio...
TRANSCRIPT
![Page 1: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/1.jpg)
Challenge:Automatizzare le azioni di isolamento e
contenimento delle minacce
rilevate tramite soluzioni di malware analysis
Security Automation
![Page 2: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/2.jpg)
Network Admission Control
![Page 3: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/3.jpg)
![Page 4: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/4.jpg)
Not VisibleVisible
Visible withIoT
See
Managed Unmanaged
DIRECTORIES
PATCH
SIEM
ATD
VA
EMM
OTHER
Computing Devices
Network Devices
Applications
Antivirus out-of-date
Broken agent
Vulnerability
Continuous
Agentless
![Page 5: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/5.jpg)
Users EndpointsNetwork Existing IT
Control
Automated
Policy-driven
![Page 6: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/6.jpg)
Orchestrate
Automate
workflows
Share
context
IBM
IBM
ControlFabric Open APIs
![Page 7: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/7.jpg)
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
IT Security – With ForeScout
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
Network
Internet
11 See corporate, BYOD, IoT, rogue devices.
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
IBM
IBM
Directories
![Page 8: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/8.jpg)
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Managed DevicesBYOD Devices IoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
1
2
Rogue Devices
IBM
IBM
Directories
![Page 9: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/9.jpg)
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
3
IBM
IBM
Directories
![Page 10: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/10.jpg)
IT Security – With ForeScout
EMM
Network Infrastructure
Managed DevicesBYOD Devices IoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
5
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
4
FIREWALL SIEM ATD VA ENDPOINT PATCH
IBM
IBM
Directories
![Page 11: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/11.jpg)
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
65
IBM
IBM
Directories
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
![Page 12: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/12.jpg)
Granular Controls
Modest Strong
Open trouble ticket
Send email notification
SNMP Traps
Syslog
HTTP browser hijack
Auditable end-user acknowledgement
Self-remediation
Integrate with systems and security management platforms. Send to WebService. Write to SQL/LDAP.
Deploy a virtual firewall around an infected or non-compliant device
Reassign the device into a VLAN with restricted access
Update access lists (ACLs) on switches, firewalls and routers to restrict access
DNS hijack (captive portal)
Automatically move device to a pre-configured guest network
Reassign device from production VLAN to quarantine VLAN
Block access with 802.1X
Alter login credentials to block access, VPN block
Block access with device authentication
Turn off switch port (802.1X, SNMP)
Wi-Fi port block
Terminate unauthorized applications
Disable peripheral device
Alert & Remediate Limit Access Move & Disable
![Page 13: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/13.jpg)
Next Generation Security Platform
![Page 14: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/14.jpg)
Next Generation Security Platform
![Page 15: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/15.jpg)
Identification Technologies Transform the Firewall
•App-ID™
•Identify the application
•User-ID™
•Identify the user
•Content-ID™
•Scan the content
![Page 16: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/16.jpg)
Single-Pass Parallel Processing™ (SP3) Architecture
Single Pass
• Operations once per packet
- Traffic classification (app identification)
- User/group mapping
- Content scanning –threats, URLs, confidential data
• One policy
Parallel Processing
• Function-specific parallel processing hardware engines
• Separate data/control planes
Up to 200Gbps, Low Latency
![Page 17: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/17.jpg)
Wildfire
![Page 18: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/18.jpg)
TrapsAdvanced Endpoint Protection
Prevent ExploitsIncluding zero-day exploits
Prevent MalwareIncluding advanced & unknown malware
Collect Attempted-Attack ForensicsFor further analysis
Scalable & LightweightMust be user-friendly and cover complete enterprise
Integrate with Network and Cloud SecurityFor data exchange and crossed-organization protection
![Page 19: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/19.jpg)
Security Reimagined
![Page 20: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/20.jpg)
Multi-Vector Virtual Execution Engine
PURPOSE-BUILT FOR SECURITY
HARDENED HYPERVISOR
SIGNATURE-LESS
EXPLOIT BASED DETECTION, NOT JUST FILE
FINDS KNOWN AND UNKNOWN THREATS
MULTI-VECTOR
PERFORMANCE
EFFICACY
![Page 21: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/21.jpg)
Analyze, Detonate and Correlate
WITHIN VMs
ACROSS VMs
CROSS ENTERPRISE
DETONATE
CORRELATE
2 MILLION
OBJECTS
PER HOUR
ANALYZE
![Page 22: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/22.jpg)
FireEye Ecosystem
![Page 23: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/23.jpg)
Put pieces together!
![Page 24: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/24.jpg)
Forescout + PaloAlto
![Page 25: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/25.jpg)
Forescout + FireEye
![Page 26: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/26.jpg)
DEMO!
![Page 27: Security Automation Challenge - Exclusive Networks - Security... · Company Profile Author: Flavio Ferrara Subject: Punto COM Srl - Company Profile Created Date: 9/14/2016 2:33:22](https://reader034.vdocuments.us/reader034/viewer/2022051919/600b6abb9c226b5c8d76cf35/html5/thumbnails/27.jpg)
Q&A