Dell Security Overview

Eddie Chan Security Solution ConsultantDell Security SolutionsDell | Hong Kong & Taiwan

Security Products

Agenda

• Session One

• 2016 Threat Report Update

• Session Two

• SonicWALL CAPTURE Advanced Threat Protection Service

• Session Three

• Privileged Management - Safeguard

• Access Management - Defender

Internal Use Only – Dell Confidential

Global Response Intelligent Defense (GRID) Network

• Threat research team

• Proprietary malware analysis automation

• World-wide monitoring

• Shared cross-vector threat-related information (i.e. 1M Sensors, Honeypots, Sandboxing)

• Real-time counter-threat intelligence

• Active participant in leading research organizations

• Industry leading responsiveness

Internal Use Only – Dell Confidential

8.19 billion |Malware attacks blocked by Dell firewalls in 2015

Dell - Internal Use - Confidential6

The top malware delivery methods

Website downloads

Text messages (SMS)

Email/Phishing

Portable devices (USB)

Internal Use Only – Dell Confidential

What did we find last year?

Dell - Restricted - Confidential

Exploit kits evolved with greater speed, heightened stealth and novel shape-shifting abilities

1• Use of anti-forensic

mechanisms to evade security systems

• Upgrades in evasion techniques, such as URL pattern changes

• Changes to landing page redirection techniques (i.e. Steganography)

• Modifications in landing page entrapment techniques

Flow chart Spartan infection chain

Dell - Internal Use - Confidential11

黑客鎖電腦檔案 索金鑰費 中小企下載圖片中招付款失敗資料救不回

Angler exploit kit pushed new variant of ransomeare

Ransomware effect for differences business area

Dell - Restricted - Confidential

HTTPS hits as percentage of total hits

SSL/TLS encrypted traffic rises sharply, leading to more under-the-radar hacks

2

61%

39%

By Jeremy Kirk, IDG News Service, Jul 27, 2015

You can’t protect what you can’t see — attacks unseen by most firewalls

“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”

“…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”

Dell - Restricted - Confidential

Malware for the Android ecosystem continued to rise and evolve

Notable trends in Android attacks

• New variant that added a randomly

generated PIN to the typical

ransomware lock screen

• Dropping malicious code as part of a

library file, rather than a classes file

• Financial sector continued to be a

prime target for Android malware

3

Dell - Restricted - Confidential

Popular malware families continued to morph from season to season and differed across geographic regions

4

Most popular malware by country in November 2015

Dell - Internal Use - Confidential19

Top 10 malware families

Predictions for 2016

• Battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs

• Flash zero-days will drop gradually because major browser vendors have stopped supporting Flash plugins

• Malicious threats will target Android Pay through the vulnerabilities of Near Field Communication (NFC)

Final Takeaways

Internal Use Only – Dell Confidential

RecommendationsIAM VPN AV

AppControl

2FA IPS

Patch Management

Encryption

PAM DPI CFC SIEM

Education

Sandbox

AVmonit

or

logs DLPId

en

tity

Ne

two

rk

En

dp

oin

t

Data

Forensics

Behavioral

analysis

Be

fore

Du

ring

Afte

r

De

fen

dD

ete

ct

Dis

co

ve

r

Combine technologies from each tower that cross the time boundaries

Layered Security - most effective better together strategy

Obey the 3 D’s

Defend:: Before an attack fortify your position to give yourself the best chance of preventing a breach.

Detect:: During an attack ensure your tools see the threat and act quickly to prevent it

Discover:: After penetration ensure visibility un-masks the threat quickly to minimize loss.

Introducing Dell SonicWALL CAPTURE Advanced Threat Protection Service

February 2016

Challenge: Explosion of evasive, zero-day threats*

• Designed to evade 1st generation sandbox analysis and detection

• Target not just windows environments but also mobile and connected devices

• Hide in encrypted and unencrypted traffic

• Hide in more file types, of any file size

* Source: Dell Security 2016 Threat Report

SuperMassive 9200-9600

Introducing Dell SonicWALL CaptureAdvanced Threat Protection ServiceCloud service detects and blocks zero-day threats at the gateway

• Multi-engine sandbox detects more threats than single sandbox technology

• Broad file type analysis and operating system support and no file-size limitation

• Blocks until verdict at the gateway

• Rapid deployment of remediation signatures

• Reporting and alerts

TZ SOHO – TZ600 NSA 2600 – 6600

Internal Use Only – Dell Confidential

Increase security effectiveness against zero-day threats

• Multi-engine advanced threat analysis detects

more threats, can’t be evaded

• Virtualized sandbox

• Full system emulation

• Hypervisor level analysis

• Broad file type and OS environment analysis,

no file size limitation

• PE, MS Office, PDF, archives, JAR, APK

• Windows, Android and Mac OS

• Automated and manual file submission

26

Internal Use Only – Dell Confidential

VMRAY with Dell SonicWALL

Internal Use Only – Dell Confidential

lastline with Dell SonicWALL

Internal Use Only – Dell Confidential

lastline in NSS LABs report in 2015

Internal Use Only – Dell Confidential

Monitoring and reporting

• At-a-glance dashboard

• Scanned file history

• Detailed file analysis report

30

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Manually upload file for advance inspection

Internal Use Only – Dell Confidential

CAPTURE Screen Demo

April 2016

Introduce for Safeguard & Defender

April 2016

39 Dell Software

Privilege Management Challenges

• Difficult to manage

• Huge security and compliance risk

Fact: 69% of confirmed security incidents were perpetuated by insiders, and increased more than 300% between 2011 and 2012

Fact: More than half were former employees who regained access via backdoors or corporate accounts that were never disabled

40 Dell Software

Why are they difficult to manage?

ApplicationsAdmins Helpdesk Developers Vendors

ApplicationsDevices MainframesDatabases Servers

41 Dell Software

Huge security and compliance risk?

• IT Admin - Deleted 15 virtualized machines that ran 88 servers

• IT Admin – Stole patient records and test results

• IT Director – Continued use for a month and altered CEO presentation

• Systems Admin – Took down 2000 servers

Very Powerful

No individual accountability

42 Dell Software

Solve the challenges

Task 1 Task 2 Task 3

User A

User B

User C

Granular delegation & command control

Monitoring & logging

Secure & efficient management

43 Dell Software

Secure and efficient managementPrivilege Safe

?Request Authorization Issuance Change

Devices Servers ApplicationsDatabases Mainframes

44 Dell Software

Privileged passwordsafe

Privileged Password Manager

• Secures accounts in a password safe–AES 256 Encrypted

• Request and approval workflow–Dual or more release controls

• Removes embedded passwords in applications and scripts

• Automated password changes–“Last use”–Time-based

• Full audit trail

45 Dell Software

Session Management(IN THE ROADMAP)

Pre-set time limits Full DVR-like recordingAllow only certain commands

46 Dell Software

Who to talk to and what to listen for

Manual process, application

access, assigning accountability,

access reporting

IT Manager

Potential breach, audit

reports, compliance

Security officer

Manual process,

too much responsibility

Administrator

Dell Defender

48

Problem: static passwords are inefficient, unsecure and expensive

• Average user has over 40 professional/personal accounts

– Users use the same password for multiple accounts

– Complex passwords are written down

– Passwords are only changed when required

• Large organizations spend on average $850,000 per year resetting passwords

• Increasing remote workforce makes it more important to prove identity of users accessing the network

49

Answer:two-factor authentication

• Changes with every use

• Can’t be written down

• Nothing to forget

2FA

50

A two-factor authentication solution should be:

• Secure

• Flexible

• Scalable

• Easy to use

• Affordable

51

Defender Architecture and Scalability

• Architecture– Leverages existing investment in Active Directory

– Identity, roles, and rules stored in and retrieved from AD

– Management through ADUC

– Standards Based– RADIUS

– OATH

– LDAP

– PAM

• Scalability– Scales with Active Directory

– Automated replication and backup of Defender data

– Multiple points of authentication for load balancing and redundancy

52

Defender Administration Tool

• Integrates fully with Active Directory• MMC snap-ins

• Tools and Wizards

• Stores Defender information in AD• license

• token

• Security Server configuration

• Adds Defender credentials to each user’s record

53

Defender Web-Based Management Portal

• Dashboard

• Configuration

• Activity

• Self-Service Settings

• Helpdesk

• Management

54

Helpdesk

55

Defender Tokens

• Wide range of tokens

• Hardware tokens are good for their entire battery life

• Software tokens never expire – contrast with some other token vendors

• Each user can have more than one token

• Multiple tokens per device

• Tokens can be allocated to more than one user

• Helpdesk tokens

• Universal Software token license

56

Defender hardware tokens

Go-7 Go-6 YubiKey

57

Defender software tokens

Android BlackBerry iOS Windows Phone GrIDsure SMS

Java Windows E-mail

58

Defender Hardware Token Self Registration

59

Defender Hardware Token Self Registration

60

Defender Applications

• Defender agents available for many applications at no extra charge

• CITRIX, Terminal Services, Windows Desktop, Unix Desktop, IIS ISAPI Filters, VPN Clients (with SSO), Dell Software (CAM, ARS, TPAM, D1IM, Sonic Wall…), OWA, Custom (via Client SDK--C#, C++, Java)

• Verified to work with Aventail, Juniper, Symantec, MSFT IAG and more…

• Defender Windows Desktop Login

• Replace Windows password with token

• Policies determine token or password users

• Offline login mode

• Automatic password change

• Integration with Password Manager, Cloud Access Manager, TPAM

61

Qualifying Questions

• Why are you considering a 2FA solution in the first place?

• What applications do you require 2FA protection on (VPN, desktop, Unix, etc.)?

• What regulatory requirements (if any) are driving this initiative (HIPAA, PCI, etc)?

• How many users do you anticipate supporting with the 2FA solution?

• What is your deadline for that support?

• What is your expected annual growth for the 2FA solution?

• What types of tokens are you considering and why?

• Is an existing 2FA solution already deployed?

• Why are you looking at alternatives to the existing 2FA solution?

• What is your current price, and lifespan for the tokens?

Internal Use Only – Dell Confidential

KB Article Best Practice Defender with NGFW

- IDC (April 2014)

http://support-

public.cfm.software.dell.com/31228_best_practice_defender_with_ngfw_ver1.2.pdf

•Also works with SMA, both the SMB and the Enterprise Models

Dell - Restricted - Confidential

Thank You!