Dell Security Overview
Eddie Chan Security Solution ConsultantDell Security SolutionsDell | Hong Kong & Taiwan
Security Products
Agenda
• Session One
• 2016 Threat Report Update
• Session Two
• SonicWALL CAPTURE Advanced Threat Protection Service
• Session Three
• Privileged Management - Safeguard
• Access Management - Defender
Internal Use Only – Dell Confidential
Global Response Intelligent Defense (GRID) Network
• Threat research team
• Proprietary malware analysis automation
• World-wide monitoring
• Shared cross-vector threat-related information (i.e. 1M Sensors, Honeypots, Sandboxing)
• Real-time counter-threat intelligence
• Active participant in leading research organizations
• Industry leading responsiveness
Internal Use Only – Dell Confidential
8.19 billion |Malware attacks blocked by Dell firewalls in 2015
Dell - Internal Use - Confidential6
The top malware delivery methods
Website downloads
Text messages (SMS)
Email/Phishing
Portable devices (USB)
Internal Use Only – Dell Confidential
What did we find last year?
Dell - Restricted - Confidential
Exploit kits evolved with greater speed, heightened stealth and novel shape-shifting abilities
1• Use of anti-forensic
mechanisms to evade security systems
• Upgrades in evasion techniques, such as URL pattern changes
• Changes to landing page redirection techniques (i.e. Steganography)
• Modifications in landing page entrapment techniques
Flow chart Spartan infection chain
Dell - Internal Use - Confidential11
黑客鎖電腦檔案 索金鑰費 中小企下載圖片中招付款失敗資料救不回
Angler exploit kit pushed new variant of ransomeare
Ransomware effect for differences business area
Dell - Restricted - Confidential
HTTPS hits as percentage of total hits
SSL/TLS encrypted traffic rises sharply, leading to more under-the-radar hacks
2
61%
39%
By Jeremy Kirk, IDG News Service, Jul 27, 2015
You can’t protect what you can’t see — attacks unseen by most firewalls
“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”
“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”
Dell - Restricted - Confidential
Malware for the Android ecosystem continued to rise and evolve
Notable trends in Android attacks
• New variant that added a randomly
generated PIN to the typical
ransomware lock screen
• Dropping malicious code as part of a
library file, rather than a classes file
• Financial sector continued to be a
prime target for Android malware
3
Dell - Restricted - Confidential
Popular malware families continued to morph from season to season and differed across geographic regions
4
Most popular malware by country in November 2015
Dell - Internal Use - Confidential19
Top 10 malware families
Predictions for 2016
• Battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs
• Flash zero-days will drop gradually because major browser vendors have stopped supporting Flash plugins
• Malicious threats will target Android Pay through the vulnerabilities of Near Field Communication (NFC)
Final Takeaways
Internal Use Only – Dell Confidential
RecommendationsIAM VPN AV
AppControl
2FA IPS
Patch Management
Encryption
PAM DPI CFC SIEM
Education
Sandbox
AVmonit
or
logs DLPId
en
tity
Ne
two
rk
En
dp
oin
t
Data
Forensics
Behavioral
analysis
Be
fore
Du
ring
Afte
r
De
fen
dD
ete
ct
Dis
co
ve
r
Combine technologies from each tower that cross the time boundaries
Layered Security - most effective better together strategy
Obey the 3 D’s
Defend:: Before an attack fortify your position to give yourself the best chance of preventing a breach.
Detect:: During an attack ensure your tools see the threat and act quickly to prevent it
Discover:: After penetration ensure visibility un-masks the threat quickly to minimize loss.
Introducing Dell SonicWALL CAPTURE Advanced Threat Protection Service
February 2016
Challenge: Explosion of evasive, zero-day threats*
• Designed to evade 1st generation sandbox analysis and detection
• Target not just windows environments but also mobile and connected devices
• Hide in encrypted and unencrypted traffic
• Hide in more file types, of any file size
* Source: Dell Security 2016 Threat Report
SuperMassive 9200-9600
Introducing Dell SonicWALL CaptureAdvanced Threat Protection ServiceCloud service detects and blocks zero-day threats at the gateway
• Multi-engine sandbox detects more threats than single sandbox technology
• Broad file type analysis and operating system support and no file-size limitation
• Blocks until verdict at the gateway
• Rapid deployment of remediation signatures
• Reporting and alerts
TZ SOHO – TZ600 NSA 2600 – 6600
Internal Use Only – Dell Confidential
Increase security effectiveness against zero-day threats
• Multi-engine advanced threat analysis detects
more threats, can’t be evaded
• Virtualized sandbox
• Full system emulation
• Hypervisor level analysis
• Broad file type and OS environment analysis,
no file size limitation
• PE, MS Office, PDF, archives, JAR, APK
• Windows, Android and Mac OS
• Automated and manual file submission
26
Internal Use Only – Dell Confidential
VMRAY with Dell SonicWALL
Internal Use Only – Dell Confidential
lastline with Dell SonicWALL
Internal Use Only – Dell Confidential
lastline in NSS LABs report in 2015
Internal Use Only – Dell Confidential
Monitoring and reporting
• At-a-glance dashboard
• Scanned file history
• Detailed file analysis report
30
Internal Use Only – Dell Confidential
Internal Use Only – Dell Confidential
Internal Use Only – Dell Confidential
Internal Use Only – Dell Confidential
Manually upload file for advance inspection
Internal Use Only – Dell Confidential
CAPTURE Screen Demo
April 2016
Introduce for Safeguard & Defender
April 2016
39 Dell Software
Privilege Management Challenges
• Difficult to manage
• Huge security and compliance risk
Fact: 69% of confirmed security incidents were perpetuated by insiders, and increased more than 300% between 2011 and 2012
Fact: More than half were former employees who regained access via backdoors or corporate accounts that were never disabled
40 Dell Software
Why are they difficult to manage?
ApplicationsAdmins Helpdesk Developers Vendors
ApplicationsDevices MainframesDatabases Servers
41 Dell Software
Huge security and compliance risk?
• IT Admin - Deleted 15 virtualized machines that ran 88 servers
• IT Admin – Stole patient records and test results
• IT Director – Continued use for a month and altered CEO presentation
• Systems Admin – Took down 2000 servers
Very Powerful
No individual accountability
42 Dell Software
Solve the challenges
Task 1 Task 2 Task 3
User A
User B
User C
Granular delegation & command control
Monitoring & logging
Secure & efficient management
43 Dell Software
Secure and efficient managementPrivilege Safe
?Request Authorization Issuance Change
Devices Servers ApplicationsDatabases Mainframes
44 Dell Software
Privileged passwordsafe
Privileged Password Manager
• Secures accounts in a password safe–AES 256 Encrypted
• Request and approval workflow–Dual or more release controls
• Removes embedded passwords in applications and scripts
• Automated password changes–“Last use”–Time-based
• Full audit trail
45 Dell Software
Session Management(IN THE ROADMAP)
Pre-set time limits Full DVR-like recordingAllow only certain commands
46 Dell Software
Who to talk to and what to listen for
Manual process, application
access, assigning accountability,
access reporting
IT Manager
Potential breach, audit
reports, compliance
Security officer
Manual process,
too much responsibility
Administrator
Dell Defender
48
Problem: static passwords are inefficient, unsecure and expensive
• Average user has over 40 professional/personal accounts
– Users use the same password for multiple accounts
– Complex passwords are written down
– Passwords are only changed when required
• Large organizations spend on average $850,000 per year resetting passwords
• Increasing remote workforce makes it more important to prove identity of users accessing the network
49
Answer:two-factor authentication
• Changes with every use
• Can’t be written down
• Nothing to forget
2FA
50
A two-factor authentication solution should be:
• Secure
• Flexible
• Scalable
• Easy to use
• Affordable
51
Defender Architecture and Scalability
• Architecture– Leverages existing investment in Active Directory
– Identity, roles, and rules stored in and retrieved from AD
– Management through ADUC
– Standards Based– RADIUS
– OATH
– LDAP
– PAM
• Scalability– Scales with Active Directory
– Automated replication and backup of Defender data
– Multiple points of authentication for load balancing and redundancy
52
Defender Administration Tool
• Integrates fully with Active Directory• MMC snap-ins
• Tools and Wizards
• Stores Defender information in AD• license
• token
• Security Server configuration
• Adds Defender credentials to each user’s record
53
Defender Web-Based Management Portal
• Dashboard
• Configuration
• Activity
• Self-Service Settings
• Helpdesk
• Management
54
Helpdesk
55
Defender Tokens
• Wide range of tokens
• Hardware tokens are good for their entire battery life
• Software tokens never expire – contrast with some other token vendors
• Each user can have more than one token
• Multiple tokens per device
• Tokens can be allocated to more than one user
• Helpdesk tokens
• Universal Software token license
56
Defender hardware tokens
Go-7 Go-6 YubiKey
57
Defender software tokens
Android BlackBerry iOS Windows Phone GrIDsure SMS
Java Windows E-mail
58
Defender Hardware Token Self Registration
59
Defender Hardware Token Self Registration
60
Defender Applications
• Defender agents available for many applications at no extra charge
• CITRIX, Terminal Services, Windows Desktop, Unix Desktop, IIS ISAPI Filters, VPN Clients (with SSO), Dell Software (CAM, ARS, TPAM, D1IM, Sonic Wall…), OWA, Custom (via Client SDK--C#, C++, Java)
• Verified to work with Aventail, Juniper, Symantec, MSFT IAG and more…
• Defender Windows Desktop Login
• Replace Windows password with token
• Policies determine token or password users
• Offline login mode
• Automatic password change
• Integration with Password Manager, Cloud Access Manager, TPAM
61
Qualifying Questions
• Why are you considering a 2FA solution in the first place?
• What applications do you require 2FA protection on (VPN, desktop, Unix, etc.)?
• What regulatory requirements (if any) are driving this initiative (HIPAA, PCI, etc)?
• How many users do you anticipate supporting with the 2FA solution?
• What is your deadline for that support?
• What is your expected annual growth for the 2FA solution?
• What types of tokens are you considering and why?
• Is an existing 2FA solution already deployed?
• Why are you looking at alternatives to the existing 2FA solution?
• What is your current price, and lifespan for the tokens?
Internal Use Only – Dell Confidential
KB Article Best Practice Defender with NGFW
- IDC (April 2014)
http://support-
public.cfm.software.dell.com/31228_best_practice_defender_with_ngfw_ver1.2.pdf
•Also works with SMA, both the SMB and the Enterprise Models
Dell - Restricted - Confidential
Thank You!