Date post: | 30-May-2015 |
Category: |
Technology |
Upload: | scalar-decisions |
View: | 551 times |
Download: | 3 times |
Scalar Security Roadshow
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Purpose of today’s session:
Provide insights on how Scalar and our partners address today’s complex
security challenges
2
Gartner report highlights
3
• Security spend as % of IT budgets increased
• Strong correlation between Security budget and maturity
• Emphasis on network, applications and endpoint
• Insufficient investment in people and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Scalar – brief overview
4 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
10 Years
5
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 6
165 90 180
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 7
100% Vancouver Calgary
Toronto
Ottawa London
Montreal
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 8
#51 #1 #15
ICT Security Company
Top 250 ICT Companies
Top tier technical talent.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 9
• Engineers average 15 years of experience
• World-class experts from some of the leading organizations in the industry
• Dedicated teams: PMO, finance, sales and operations
• Canadian Authorized Training Centres
• We employ and retain top talent
Top awards.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 10
• Brocade Partner of the Year ~ Innovation
• Cisco Partner of the Year ~ Data Centre & Virtualization
• NetApp Partner of the Year ~ Central Canada
• VMware Global Emerging Products Partner of the Year
• F5 VAR Partner of the Year ~ North America
• Palo Alto Networks Rookie of the Year
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Putting our expertise into practice.
11
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 12
Integrating, securing and managing systems for the most technologically advanced games ever.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 13
Our Focus
• Protection of Data and Systems
• High Performance Computing
• Flexible Solutions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 14
Our security partners
15 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Partners here today
16 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Cisco Next Generation Security Solutions
Michael Mercier Consulting Systems Engineer - Security
October 1, 2014
Cisco ASA with FirePOWER Services
Cisco Confidential 18 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Industry’s First Threat-Focused Next-Generation Firewall (NGFW)
No. 1 Cisco security announcement of the year
Cisco ASA with FirePOWER Services
► Integrating defense layers helps organizations get the best visibility ► Enable dynamic controls to automatically adapt
► Protect against advanced threats across the entire attack continuum
Introducing
Proven Cisco® ASA firewalling + Industry-leading NGIPS and AMP
What You’ll Learn from This Presentation
► How existing NGFWs focus only on apps and ignore threats that creates challenges
► How Cisco® FireSIGHT Management Center provides comprehensive visibility into threats
► How Cisco Adaptive Security Appliances (ASA) with FirePOWER Services deliver superior protection across the entire attack continuum
► How Cisco ASA with FirePOWER reduces costs and complexity
Cisco Confidential 20 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
The Problem with Traditional Next-Generation Firewalls
Focus on the apps But miss the threat…
01000 01000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1
01000 01000111 0100 111001 1001 11 111 0
Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.
Cisco Confidential 21 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Threat Landscape Demands More Than Application Control
avoids detection, and attacks swiftly
It is a Community that hides in plain sight,
100% of companies connect to domains that host
malicious files or services
54% of breaches
remain undiscovered for months
60% of data is stolen in hours
Cisco Confidential 22 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Defense-in-Depth Security Alone Is Not Enough
Poor Visibility
Undetected multivector and
advanced threats
Siloed Approach
Increased complexity and reduced effectiveness
Manual and Static
Slow, manual, inefficient response
Cisco Confidential 23 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Integrated Threat Defense Across the Attack Continuum
Firewall/VPN NGIPS
Security Intelligence
Web Security
Advanced Malware Protection
BEFORE Discover Enforce Harden
DURING Detect Block
Defend
AFTER Scope
Contain Remediate
Attack Continuum
Visibility and Automation
Detailed App Control
Modern Threat Control
Retrospective Security
IoCs/Incident Response
Cisco Confidential 24 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco ASA with FirePOWER Services Industry’s First Adaptive Threat-Focused NGFW
► Cisco® ASA firewalling combined with Cisco Sourcefire® next-generation IPS (NGIPS)
► Integrated threat defense over the entire attack continuum
► Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Features
► Superior, multilayered threat protection
► Outstanding network visibility
► Advanced malware protection
► Reduced cost and complexity
Benefits
Cisco Confidential 25 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Superior Integrated and Multilayered Protection
► World’s most widely deployed, enterprise-class Cisco ASA stateful firewall
► Cisco Application Visibility and Control (AVC) with detailed control
► Industry-leading Cisco FirePOWER next-generation IPS (NGIPS)
► Reputation- and category-based URL filtering
► Cisco Advanced Malware Protection (AMP)
Cisco ASA
Identity-Policy Control and VPN
URL Filtering (Subscription)
FireSIGHT Analytics & Automation
Advanced Malware
Protection (Subscription)
Application Visibility and
Control Network Firewall
Routing | Switching
Clustering and High Availability
WWW
Cisco® Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(Subscription)
Cisco Confidential 26 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco FirePOWER Delivers Best Threat Effectiveness
Security Value Map for Intrusion Prevention System (IPS)
Security Value Map for Breach Detection
Cisco Confidential 27 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Management Center APPLIANCES | VIRTUAL
CONTEXTUAL AWARENESS
NEXT- GENERATION
FIREWALL
NEXT- GENERATION INTRUSION
PREVENTION
ADVANCED MALWARE
PROTECTION
TALOS COLLECTIVE SECURITY INTELLIGENCE
APPLIANCES | VIRTUAL
HOSTS | MOBILE
Cisco Sourcefire Solution
Cisco Confidential 28 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Collective Security Intelligence - TALOS Built on unmatched collective security intelligence
101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
700,000+ File Samples per Day
FireAMP™ Community
Advanced Microsoft and Industry Disclosures
Snort and ClamAV Open Source Communities
Honeypots
Sourcefire AEGIS™ Program
Private and Public Threat Feeds
Dynamic Analysis
1.6 million global sensors
100 TB of data received per day
150 million+ deployed endpoints
600+ engineers, technicians,
and researchers
35% worldwide email traffic
13 billion web requests
24x7x365 operations
40+languages
101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00 Cisco® SIO
Sourcefire VRT®
(Vulnerability Research Team)
Email Endpoints Web Networks IPS Devices
WWW
Cisco Collective Security
Intelligence
Cisco Confidential 29 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Exceptional Network Visibility
Categories Cisco® FirePOWER Services Typical IPS Typical NGFW
Threats ü ü ü Users ü û ü Web Applications ü û ü Application Protocols ü û ü File Transfers ü û ü Malware ü û û Command and Control Servers ü û û Client Applications ü û û Network Servers ü û û Operating Systems ü û û Routers and Switches ü û û Mobile Devices ü û û Printers ü û û VoIP Phones ü û û Virtual Machines ü û û
Cisco Confidential 30 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Context Explorer
Cisco Confidential 31 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Impact Assessment
Correlates all intrusion events with an impact of the attack against the target
1
2
3
4
0
IMPACT FLAG ADMINISTRATOR ACTION WHY
Act Immediately; Vulnerable
Event corresponds with vulnerability mapped to host
Investigate; Potentially Vulnerable
Relevant port open or protocol in use, but no vulnerability mapped
Good to Know; Currently Not Vulnerable
Relevant port not open or protocol not in use
Good to Know; Unknown Target
Monitored network, but unknown host
Good to Know; Unknown Network
Unmonitored network
Cisco Confidential 32 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum
Retrospective Security
ReduceTime Between Detection and Cure
PDF Mail
Admin Request
Admin Request
Multivector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWW WWW WWW
Dynamic Security Control
http:// http:// WWW WEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs
Cisco Confidential 33 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors CnC Connections
Exploit Kits Admin Privilege Escalations
Web App Attacks
SI Events
Connections to Known CnC IPs
Malware Events
Malware Detections
Malware Executions
Office/PDF/Java Compromises Dropper Infections
Cisco Confidential 34 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco AMP Provides Continuous Retrospective Security
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
Continuous Feed
Continuous Analysis
Telemetry Stream
Web
WWW
Endpoints Network Email
Devices
IPS
File Fingerprint and Metadata
File and Network I/O
Process Information
Breadth of Control Points
Cisco Confidential 35 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
1) File Capture
Cisco AMP: Continuous Retrospective Security
Malware Alert!
2) File Storage
4) Execution Report Available in FireSIGHT Management Center
Network Traffic
Collective Security Intelligence Sandbox
3) Send to Sandbox
Cisco Confidential 36 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Visibility and Context – Network File Trajectory
Cisco Confidential 37 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Visibility and Context – Network File Trajectory
File Sent
File Received
File Executed
File Moved
File Quarantined
Cisco Confidential 38 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco ASA with FirePOWER Services
► Base Hardware - New Cisco® ASA 5585-X Bundle SKUs with FirePOWER Services Module
- New Cisco ASA 5500-X SKUs running FirePOWER Services Software - Cisco ASA with FirePOWER Services Spare Module/Blade for Cisco ASA 5585-X Series
- Cisco ASA with FirePOWER Services Software - Hardware includes Cisco Application Visibility and Control (AVC)
► Security Subscription Services - Cisco IPS, URL, and Advanced Malware Protection (AMP) Subscription Services
- One- and Three-Year Term Options
► Management - Cisco FireSIGHT Management Center (Hardware Appliance or Virtual) - Cisco Security Manager or ASDM
► Support - Cisco SMARTnet™ Service
- Cisco Software Application Support plus Upgrades (SASU)
Cisco Confidential 39 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco ASA with FirePOWER Services A New, Adaptive, Threat-Focused NGFW
Superior Visibility
Integrated Threat Defense
Best-in-class, multilayered protection in a single device
Full contextual awareness to eliminate gaps
Automation
Simplified operations and dynamic response
and remediation
Cisco Confidential 40 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
§ Of the 20, Cisco provides effective solutions for: § 15 controls directly, 4 assist § 1 no solution – data recovery
§ CSIS: 20 Critical Security Controls v4.1 § http://www.sans.org/critical-security-controls/ § Automation leads to lower cost and improved effectiveness § 94% reduction in “measured” security risk § Inventory, Boundary Defenses and Malware Defenses
CSIS: Top 20 Critical Security Controls
Cisco Confidential 41 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Reduced Cost and Complexity
§ Multilayered protection in a single device
§ Highly scalable for branch, internet edge, and data centers
§ Automates security tasks § Impact assessment
§ Policy tuning
§ User identification
§ Integrate transparently with third-party security solutions through eStreamer API
Thank you.
Cisco Confidential 43 C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved.
§ Questions? § Demo additional features:
§ Policies – IPS, File, Access Control § Intrusion Events § ?
Conclusion
The Perimeter is Dead, Long Live the Perimeter
Peter Scheffler
Field Systems Engineer
What is The Perimeter?
pe·rim·e·ter 1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ
Defense in Depth?
Defense in depth The principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system……Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth
Evolving Threat Landscape
F5 Agility 2014 50
Protecting against Threats is challenging
Webification of apps Device proliferation
Evolving security threats Shifting perimeter
71% of internet experts predict most people will do work via web or mobile by 2020.
95% of workers use at least one personal device for work.
130 million enterprises will use mobile apps by 2014
58% of all e-theft tied to activist groups. 81% of breaches involved hacking
80% of new apps will target the cloud.
72% IT leaders have or will move applications to the cloud.
F5 Agility 2014 51
Evolving Security Threat Landscape
F5 Agility 2014 52
More sophisticated attacks are multi-layer
Application
SSL
DNS
Network
Its all about the Application.
F5 Agility 2014 54
BIG-IP Application Security Manager
Multiple deployment options
Visibility and analysis
Comprehensive protections
• Standalone or ADC add-on • Appliance or Virtual edition • Manual or automatic policy
building • 3rd party DAST integration
• Visibility and analysis • High speed customizable syslog • Granular attack details • Expert attack tracking
and profiling • Policy & compliance reporting • Integrates with SIEM software • Full HTTP/S request logging
• Granular rules on every HTTP element
• Client side parameter manipulation protection
• Response checks for error & data leakage
• AV integrations
BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.
F5 Agility 2014 55
L7 DDOS
Web Scraping
Web bot identification
XML filtering, validation & mitigation
ICAP anti-virus Integration
XML Firewall
Geolocation blocking
Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities
ASM
F5 Agility 2014 56
Unique full-proxy architecture
iRule
iRule
iRule
TCP
SSL
HTTP
TCP
SSL
HTTP
iRule
iRule
iRule
ICMP flood SYN flood
SSL renegotiation
Data leakage Slowloris attack XSS
Network Firewall
WAF WAF
Who are you? AAA
F5 Agility 2014 58
Who’s Requesting Access?
IT challenged to: • Control access based on user-type and role • Unify access to all applications (mobile, VDI, Web, client-server, SaaS) • Provide fast authentication and SSO • Audit and report access and application metrics
Manage access based on identity
Employees Partner Customer Administrator
F5 Agility 2014 59
Security at the Critical Point in the Network
Virtual
Physical
Cloud
Storage
Total Application Delivery Networking Services
Clients Remote access
SSL VPN
APP firewall
F5 Agility 2014 60
BIG-IP APM Use Cases
Accelerated Remote Access
Enterprise Data & Apps
Federation Cloud, SaaS, and Partner
Apps
Internet Secure Web Gateway Internet Apps
BIG-IP APM
App Access Management OAM VDI Exchange Sharepoint
F5 Agility 2014 61
Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
All of the above
F5 Agility 2014 63
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full Proxy Security
F5 Agility 2014 64
F5 Provides Complete Visibility and Control Across Applications and Users
Intelligent Services Platform
Users
Securing access to applications from anywhere
Resources
Protecting your applications regardless of where they live
TMOS
Network Firewall
Protocol Security
DDoS Protection
Dynamic Threat Defense
DNS Web Access
F5 Agility 2014 65
PROTECTING THE DATA CENTER Use case
• Consolidation of firewall, app security, traffic management
• Protection for data centers and application servers
• High scale for the most common inbound protocols
Before f5
with f5
Load Balancer
DNS Security
Network DDoS
Web Application Firewall
Web Access Management
Load Balancer & SSL
Application DDoS
Firewall/VPN
F5 Agility 2014 66
F5 Bringing deep application fluency to Perimeter security
One platform
SSL inspection
Traffic management
DNS security
Access control
Application security
Network firewall
EAL2+ EAL4+ (in process)
DDoS mitigation
How do I implement
perimeter Security with
F5?
F5 Agility 2014 68
Reference Architectures
DDoS Protection
S/Gi Network Simplification
Security for Service
Providers
Application Services
Migration to Cloud
DevOps
Secure Mobility
LTE Roaming
DNS
Cloud Federation
Cloud Bursting
Solve the Endpoint Security Challenge with Isolation, not Detection
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 70
Chris Cram Security Solutions Architect
®
71
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps
Agenda
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Security Spending — ’05–’14
Up 294% $30B No!
Up 390%
Are breaches going down?
Malware/Breaches — ’05–’14 Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint Problem
71% of all breaches are from the
endpoint!
Ineffective Detection Advanced Threats
§ Polymorphic § Targeted § …
Pattern Matching § Only known § Many ??? § Costly remediation
“Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye
SVP, Symantec
5
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint Problem Ineffective Detection Advanced Threats
§ Polymorphic § Targeted § Zero Day
Pattern-Matching § Only known § Many false positives § Costly remediation
71% of all breaches start on the endpoint!
Source: Verizon Data Breach Report
4
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Threats
75
Firewall IPS Web & Email Gateways
Network Detection Based
PC Firewall
PC Anti-virus
Endpoint Detection Based
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Advanced Attacks Evade Legacy Defenses
76
$0
$5B
$10B
$15B
$20B
$25B
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
Host Intrusion
Prevention
Endpoint Sandboxing
Application Whitelisting
Host Web Filtering
Cloud-based AV
detection
Network Sandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013
Sega
Writerspace .com
RockYou!
Target
AOL
Living Social
Cardsystems Solutions Inc. Evernote
CheckFree Corporation
Heartland
TK/ TJ Maxx
Blizzard Auction. com.kr
Virginia Dept. of Health
AOL
Data Processors
International
KDDI
Gawker .com
Global Payments
RBS Worldpay
Drupal
Sony Pictures
Medicaid Ohio State
University
Network Solutions Betfair
US Federal Reserve Bank of Clevelan
d
Citigroup
Seacoast Radiology,
PA
Restaurant Depot
Washington State court
system
University of California
Berkeley
AT&T
University of Wisconsin – Milwaukee
Central Hudson Gas & Electric
TD Ameritrade
Sony PSN
San Francisco
Public Utilities
Commission
Yahoo Japan
Ebay
Neiman Marcus
Mac Rumou
rs .Com
NASDAQ
Ubisoft
South Africa Police
Yahoo Monster.
com
Hannaford Brothers
Supermarket Chain
Washington Post
Three Iranian banks
KT Corp.
LexisNexis Virginia Prescription Monitoring Program
Ubuntu Scribd
Sony Online Entertainment Southern
California Medical-Legal Consultants
Neiman Marcus
Nintendo
Ankle & Foot
Center of Tampa Bay,
Inc.
Bethesda Game
Studios
Puerto Rico Department of Health
American
Express
PF Changs
Home Depot
Paytime
Aaron Brothers
Michael’s Stores
Sutherland Healthcare
Adobe
Snapchat
2013 614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
77
$0
$5B
$10B
$15B
$20B
$25B
Host Intrusion
Prevention
Endpoint Sandboxing
Application Whitelisting
Host Web Filtering
Cloud-based AV
detection
Network Sandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013
Breaches Starting from the Endpoint
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
2013 614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
Bromium—Pioneer and Innovator
8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
79
Microvisor
Hardware isolates each untrusted Windows task
Lightweight, fast, hidden, with an
unchanged native UX
Based on Xen with a small, secure
code base
Industry-standard desktop, laptop
hardware
Hardware Virtualization
Hardware Security Features
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Core Technology
Isolate all end user tasks – browsing, opening emails, files…
Utilize micro-virtualization and the CPU to hardware isolate
Across major threat vectors— Web, email, USB, shares…
Seamless user experience on standard PCs
80
How Bromium Solves The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Bromium vSentry
OS
§ Today’s signature and behavioral techniques miss many attacks
§ They almost always leave endpoints corrupted, requiring re-imaging
§ All user tasks and malware are isolated in a super-efficient micro-VM
§ All micro-VMs destroyed, elimi-nating all traces of malware with them
Hardware OS Kernel
Anti-virus, sandbox and other security tools
Applications
OS Hardware
Hardware-isolated Micro VMs
Traditional Endpoint Security
OS
OS
tab
OS OS
tab
10
Different from Traditional Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
WHO Is the Target
WHERE Is the Attacker WHAT
Is the Goal WHAT
Is the Technique WHAT
Is the Intent
24 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
LAVA Understanding the Kill Chain
Java Legacy App Support
Patching Off Net Laptop Users
High Value Targets
Threat Intelligence
Secure Browsing
12
Use Cases
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
84
Defeat Attacks § Eliminate compromises on the endpoint § Deliver protection in the office or on the road
Streamline IT § Reduce operational costs § Dramatically increase IT productivity
Empower End Users § Remove the burden of security from users § Enable users to click on anything…anywhere
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Why Customers Deploy Bromium
The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective; endpoint is the weakest link
Bromium is redefining endpoint security with micro-virtualization
Enormous benefits in defeating attacks, streamlining IT and empowering users
85 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Summary
Beyond Compliance
Rob Stonehouse – Chief Security Architect
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 86
The Rush To Compliance
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 87
“We have to be compliant!”
What Do We Know?
• The Internet wants all your information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on anything
…It is going to get worse
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 88
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose
20+ Years of Monitoring
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 89
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 90
What is The Answer?
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 91
Visibility
Get The Help You Need
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 92
You Can No Longer Do This Alone
Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 93
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 94
Scalar discovered what they overlooked.
Changing Tactics
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 95
The way you look at security needs to change.
96 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
SIEM
97
The SIEM is the heart and brain of the SOC. It moves data around quickly and analyses it with continually
updated intelligence.
Improved Intelligence
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 98
Scalar has the tools and experience to manage security in a complex technical landscape.
Scalar SOC
SIEM SOC Tools
Firewalls IPS VS AV/AM/AS
Servers End Points
Users
What is SIEM?
• Log Management • Security Event Correlation and Analysis • Security Alerting & Reporting
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 99
A solution which gathers, analyzes, and presents security information.
Reporting
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 100
Quickly Identify Patterns of Activity, Traffic, and Attacks
Managed SIEM & Incident Response
• 24 x 7 Security Alert & System Availability Monitoring • Security Incident Analysis & Response • Infrastructure Incident, Change, Patch, and Configuration
Management
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 101
Real-time security event monitoring and intelligent incident response
What should I look for in a provider?
• Breadth and Depth of Technical Capability • Flexibility in Deployment, Reporting, and Engagement Options • Experience with Customers in Diverse Industries • A Partner Model
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 102
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Getting Started
103
Proof of Value
4 Week Trial • Dashboard for Real-time Data • Weekly Security Report • Detailed Final Summary Report • Seamless Continuation into Full Service
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 104
You decide how we fit
105 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Recap
• Reduce complexity – simplify • Apply security at the infrastructure, applications and endpoint • Augment technology with people and process • Spend on security vs. compliance • Gain visibility through effective security operations
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 106
What’s Next?
Looking for more information on security?
Rob Stonehouse, Scalar’s Chief Security Architect, discusses security beyond our compliance on the Scalar blog here.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 107
Connect with Us!
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
facebook.com/scalardecisions
@scalardecisions
linkedin.com/company/scalar-decisions
slideshare.net/scalardecisions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 109