Date post: | 21-May-2015 |
Category: |
Technology |
Upload: | ricardo-resnik |
View: | 425 times |
Download: | 0 times |
Automated Breach Defense
CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA
Why Advanced Threat Protection and Containment?
Percent of breaches that remain undiscovered for months or more
“There is widespread agreement that advanced attacks are bypassing traditional signature-based security… The threat is real. You are compromised; you just don't know it.” – Gartner, Inc., 2012
69% of breaches were spotted by an external party – 9% were spotted by customers. 69%
“Prevention is crucial, and we can’t lose sight of that goal. But we must accept the fact that no barrier is impenetrable, and detection/response represents an extremely critical line of defense. Let’s stop treating itlike a backup plan if things go wrong and start making it a core part of the plan.”
– Verizon Data Breach Study 2013
How big is the problem in terms of dollars?
3
32 daysAverage time to resolve a
known cyber attack
$1.04MAverage total cost to the
organization over 32 days
63%Of enterprises say it’s only a matter of time until they’re
targeted by APT
How big is the problem in terms of resources?
4
86%Of CISOs say lack of confidence in ability to manage risk is due to
staffing
81% Of security leaders say staffing challenges will remain the same
or get worse over next 5-10 years
2/3’sOf CISOs say they are short-
staffed and therefore vulnerable to breaches
The Old Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
Firewall
IDS/IPS
Web Security
Email Security
Sandboxing
Host AV/IPS/FW
Resource intensive, inefficient manual investigation efforts.
“Is this alert real or a false positive?”
ALERT & LOGS
SOC
SIEMSingle Pane of Glass
The New Security Stack
Prevention DetectionATTACK INFECTION DAMAGE
INFECTION RISK BUSINESS RISK
NGFW
Endpoint Containment
Sandboxing
Email Gateway
ALERT & LOGS
SOC
SIEMSingle Pane of Glass
LEGACY
Host AV/IPS/FW
Damballa fills the security gap
between failed prevention and your incident
response
Damballa: Automated Breach Defense
› Automatically identify active threats
› With certainty
Regardless of prior visibility or knowledge of malware sample,
infection vector or source
Focus on true, active infections
Confidently prioritize response
Proactively block infections you haven’t gotten to
Enabling A Breach Resistant Organization
Predictive Security Analytics Platform
Case Analyzer Platform
Connection Query
• Indicators of Compromise
• Threat Actors / Intent
File Request
• Zero Day Files• Suspicious HTTP
Content
Domain Fluxing Automation Execution Peer-To-Peer
• Automated Malicious Activity• Observed Evasion Tactics
Data Transferred PCAPs Communication Success Malicious File Availability Sequence of Events Importance of Endpoint Malware Family Intent Severity AV Coverage
Damage Potential•Observed Activity•Device Properties•Threat Sophistication•Threat Intent
9 Risk Profilers
Prioritized Risk of Confirmed Infections
8 DetectionEngines
Rapid Discovery & Validation of Infections
8
Damballa Failsafe Architecture
9Hub & Spoke | 1 U Appliances | Out of Band
Damballa Failsafe
Data Center Corporate HQ
Data Center Remote Office
Data Center / Office
Sensor Sensor
BackhaulSensor
Management Console
EgressProxyDNS
Pro
xy DN
S
Eg
ress
Traffic Monitored by Sensor
Our Formula – Delivering Predictive Security Analytics
Visibility for Security and Risk Professionals
Infographics styled dashboards, presenting critical information upon login.
Dashboard Assets Files Reports System Threats
Damballa Failsafe 5.2Welcome Admin
My Account | Help | Logout
Incident Reports for Security Managers
Assurance for Executives
Damballa Customer Success:Breach Defense = Lower Risk
› Augment client teams before, during, or install
› Provide threat analysis & research
Professional Services
CustomerSupport
Customer Advocacy
Education& Training
Ensure adoption & value realization
Provide tech & functional support
Manage updates & upgrades
Teach customers how to use Failsafe
Provide industry knowledge
Automated Breach DefenseCustomer Case Studies
Global Family Entertainment CompanySaves $2.0M Over 18 Months
Challenge A major entertainment company suspected persistent threats on their network and brought in a well-known incident response firm to help. The firm’s evidence was hard to corroborate and lack of visibility forced IT to constantly perform bare-metal restores to machines that may or may not have actually been a risk to the organization.
SolutionThe company, which operates many non-Windows devices (Macs, iOS, Android and even embedded systems), purchased Damballa Failsafe because the solution is platform-agnostic. “The ability to cover multiple platforms and operating systems across the enterprise separated Damballa Failsafe from the others.” The company currently protects over 100,000 enterprise devices throughout the organization.
ResultThe company has saved $2.0M in 18 months from improved response capabilities.
“ We’re not wasting money and time for truck rolls on things that aren’t actually infected. One hundred percent of the machines that Damballa Failsafe has identified as infected have in fact been infected.”
Fortune 500 Entertainment Company Plugs Gaps in Defense
Challenge A major media company knew their network was slow, and they were spending a lot of time troubleshooting users systems, related to security. None of their solutions were alerting them to malicious traffic, so infections remained hidden.
SolutionThe company selected Damballa Failsafe to fill the gaps resulting from signature-based defenses.“Within 48 hours, we saw a clear difference with Damballa Failsafe. We understood what, where and how the threat activity was occurring, blocked the threat and triaged that information into an actionable task such as patch management or cleaning up other security instrumentation.”
ResultThe IT team reduced the number of monthly incidents by over 99%.
“ Everybody does signatures and sandboxing. Failsafe does behavior detection, and that’s the right ingredient for our network security sandwich. Damballais the secret sauce we were missing,” said their information security director. ”
Major Tech Company Fights APTs with Lean Security Staff
Challenge A major technology company needed additional visibility into threats on their network. They were spending 4-5 days responding to a single malware incident, meaning higher-priority projects were not getting completed by their small team.
Solution“We were interested in a company that was focused on researching APTs and innovating in this space. We wanted strong focus on detection, not a one-box-does-all solution,” said their Senior IT Security Specialist. The company began its Damballa Failsafe deployment with one sensor and immediately realized benefits as a result of the added visibility provided by the product.
ResultDamballa saved more than a week, reducing the time to resolve a threat from hours/days to less than 20 minutes, depending on the criticality of the threat. Damballa also accelerated incident response decisions and reactions due to the accurate data and the ability to pinpoint threats early and easily remediate them.
“ I love the product –it is extremely easy to set up and deploy. In just five to ten minutes I can have a new sensor up and running and see what’s on the network.”
The University of Tampa Increases Visibility
Challenge Fostering freedom of learning and exchange of knowledge while protecting the school’s research and information. “I have two challenges,” said Tammy Clark, CISO. “Protecting these environments in a manner that allows us to maintain that open culture and being able to see what the bad guys are doing.”
SolutionThe University of Tampa purchased Damballa for its ability to identify active threats and level of intelligence it provides on command-and-control behavior sets it apart from other advanced threat detection solutions. “Other technologies don’t provide the same level of intelligence. Failsafe is like having a pair of eyes on the network that let you see what is otherwise invisible to the naked eye,” said Clark.
ResultClark credits Damballa for enabling her team to reduce the time required to respond to an incident while improving overall network security.
“ Damballa lets us be highly proactive in detecting advanced threats. When we see network activity in Failsafe, we can quickly pivot to other security controls to see if that activity is also showing up somewhere else and shut it down. There is a high confidence factor in the solution being able to find a threat and show it to us quickly, so we can take action to contain and remediate it effectively.”