SlideShare una empresa de Scribd logo

Revolutionizing Advanced Threat Protection

Blue Coat
Blue Coat

The document discusses Blue Coat's approach to modern advanced threat protection. It begins by outlining the evolving threat landscape and why traditional security solutions are no longer sufficient. It then describes Blue Coat's solution which uses security visibility, big data analytics, threat intelligence and integration to provide improved detection, response and prevention against advanced threats. Several use cases are presented that demonstrate how Blue Coat's solution helped organizations enhance security monitoring, reduce breach impact and streamline incident response.

Tecnología
1 de 44
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist
EVOLVING LANDSCAPE OF MODERN THREATS TODAY’S ADVANCED THREAT LANDSCAPE
ADVANCED THREATS
IMPROVED Smarter | Faster | Stronger Rootkits Virtual machine Detection Line-by-line debugger detection Re-writes host file Multi-packed, one time, encrypted Fuzzing Reverse Engineering Code Auditing
THE INVISIBLE THREATS Majority of APTs Operate Over SSL 20-70% of Traffic is Encrypted Threats we can’t see…
TOTAL NUMBER OF NEW TABLET DEVICES RELEASED IN 2013
Average Number of Personal Mobile Devices Used for Work By Enterprise Employees. TODAY’S ENTERPRISE USER
TODAY’S SURFACE AREA
WHY A MODERN APPROACH
POST-PREVENTION SECURITY GAP Threat Actors Nation States Cybercriminals Hactivists Insider-Threats HostAV NGFW IDS/IPS Signature-based Security Picket Fence DLP SIEM EmailGateway WebApplicationFirewall WebGateway Traditional Threats Known Threats Known Malware Known Files Known IPs/URLs Advanced Threats Novel Malware Zero-Day Threats Targeted Attacks Modern TTPs Modern, Post- Prevention Security • Context • Content • Visibility • Detection • Intelligence
THE WINDOW OF OPPORTUNITY Hours 60% Days 13% weeks 2%Seconds 11% Minutes 13% 84% Initial Attack to Compromise Months 62% Weeks 12% 78% Initial Compromise to Discovery Days 11% Hours 9% Years 4%
Proof of the Problem
CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational Silos Limit Current Defenses
DREADED QUESTIONS FROM CISO Who did this to us? How did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again?
PROTECTING AGAINST ADVANCED THREATS WITH CRIME ‘CRIME’ METHODOLOGY • Faster time-to-action • Faster time-to- react/respond • Greater ability to reduce/minimize/elim inate impact! ERADICATION CONTEXT MITIGATION ROOT CAUSE IMPACT
Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by 2020. — Gartner 2013 SECURITY SHIFTS TO SWIFT RESPONSE
ADVANCED THREAT PROTECTION USE CASES Who? When? What?Where? How? Target(s)? Who Else? Is It Over? What Else? How Long? Continuous Monitoring Situational Awareness Incident Response Data Loss Monitoring & Analysis Policy Compliance Cyber Threat Protection
MODERN COUNTER- MEASURES
SITUATION BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100 0 01 00011 11 01 101101 101 00101101 1 001 1 0 01 0001101 10 0 01 0 0 01 00 WHAT KEPT US SECURE – Has stopped working GOOD OR BAD SECURITY – Is irrelevant with an attacker’s resources & motivation MODERN ADVANCED THREAT PROTECTION – Is the new imperative
POSITION “ ”— General George S. Patton Fixed fortifications are monuments to man’s stupidity.
BUSINESS ASSURANCE TECHNOLOGY Web Gateway & Orchestration(SWG) Web & Network Protection SSL Interception Security & Policy Enforcement Center Web Gateway Mobile Expander Mobile Protection Mobility Empowerment Center Application Management Business Application Enablement Trusted Applications Center WAN/Video Optimization Cache optimization Shaping Performance Center Vulnerability Expertise Services Case Analyst Workflow Reporting and Management Resolution Center Cloud Mobility Security Analytics Platform by Solera (formerly DeepSee) • Cloud • 15,000 Customers • 80M Users • VM, Appliance, X-Beam platforms Business Assurance Platform • 33 Worldwide PoP’s • 84% of Fortune 500, 90% FedGov ThreatBLADES Blue Coat Advanced Threat Protection WebThreat MailThreat FileThreat ATP Suite Custom Analytics Malware Analysis SSL Visibility Content Analysis System
MODERN ADVANCED THREAT PROTECTION Complete Web Control Web Security, Content Analysis, Real-time Blocking Advanced Malware Detection White/Blacklists, Sandboxing, Feeds Visual Insight Context, Real-time Awareness, IOCs, Alerts Full Packet Capture Layer 2 – 7 Indexing & Classification Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer
MODERN ADVANCED THREAT PROTECTION Security Visibility Security Visibility • Full packet capture • Layers 2-7 indexing • Deep packet inspection • Session reconstruction • Scalability and performance • Single pane-of-glass
Security Visibility Big Data Security Analytics Big Data Security Analytics • Heuristic detection • Statistical analysis • Inferential reporting • Context-aware analysis • IOC’s & TTP’s • Visual insight MODERN ADVANCED THREAT PROTECTION
Threat Intelligence Security Visibility Big Data Security Analytics Threat Intelligence • Real-time white/black lists • Sandbox detonation • On-premises or cloud-based • External data enrichment • Dynamic Intelligence Cloud • Machine-learning architecture MODERN ADVANCED THREAT PROTECTION
Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Blocking and Enforcement • Scan, block and cache • Inline AV with feedback loop • Obscure sensitive data or block • Web and application controls • Best-of-breed perimeter blocking • Granular customization MODERN ADVANCED THREAT PROTECTION
Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer Network Effect and Integration Deliver: • Security Ecosystem • Context-Aware Security • Adaptive Security • Enhance existing investments • Integrated workflow automation MODERN ADVANCED THREAT PROTECTION
Real-time & Retrospective Analysis & Resolution Simple, Flexible & Extensible BLUE COAT ADVANCED THREAT PROTECTION THE SECURITY CAMERA FOR YOUR NETWORK Turing Complexity into Context Full Visibility: Before, During & After the Attack Big Data Security Analytics: Collect, Analyze & Store Threat Intelligence: Web, File, Email & Malware Reputation
Advanced Threat Protection Improving Real-World Use Cases INTEGRATED ECOSYSTEM Situational Awareness Incident Response Policy & ITGRC Data Loss Monitoring & Analysis Advanced Malware Detection Continuous Monitoring ANALYTICS AND INTELLIGENCE • Collect & Warehouse • Investigate • Alert & Report ENRICHMENT • Technology Partners • File Analysis & IP Reputation • Malware Sandboxing FLEXIBLE FORM FACTORS • Hardware • Software • Virtual Machines Web Control and Security Enforcement
Three new ThreatBLADES for unbeatable Advanced Threat Protection… BLUE COAT THREATBLADES
WEB, MAIL & FILE THREAT IDENTIFICATION If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis Malware Analysis Appliance WebThreat BLADE inspects all HTTP or HTTPS traffic and identifies malicious communications and files FileThreat BLADE inspects all FTP and SMB traffic for malicious communications and files MailThreat BLADE inspects all SMTP, POP3 and IMAP traffic for malicious communications and files
SIEM SIEM = PHONE BILL
IPS IPS = SINGLE FRAME 9A
Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE GLOBAL INTELLIGENCE NETWORK Security & Policy Enforcement Center ProxySG & SG-VA Web Security Service WebFilter Content Analysis Malware Analysis SSL Visibility Content Analysis, DLP FW/IDS on X-Series Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Now known threats blocked at gateway Fewer threats to contain and resolve Increased system performance through fewer malware scans More robust threat analysis with fewer false positives
USE CASES
OVERSTOCK.COM …using root cause analysis from Solera Networks, we were able to pinpoint how the exploit occurred, understand the full scope of the problem, and completely prevent that exploit from ever happening again.... – Overstock.com “ ” • Identify attacks that passed preventative controls • Remediate all infected systems quickly • Ensure that preventative controls are working REQUIREMENTS • Deployed various Solera Security Analytics form factors • Built an IR process around Solera Security Analytics • Integrated Solera with log management and IPS SOLUTION • Identified nefarious activity sourced from inside and outside the network • Pinpointed “all” compromised systems through root cause analysis • Conducted assurance testing on preventative controls by replaying malicious packets on a shadow network VALUE
US COAST GUARD • Enhance threat detection • Reduce threat acquisition window • Improve team effectiveness REQUIREMENTS • Integrated with existing McAfee NSM (IPS) solution • Employed 100% data capture • Built custom reports for rapid analysis SOLUTION • Reduced threat identification time by 60% • Reduced threat remediation time by 75% • Allowed for more unified threat management across disparate, internal teams through the use of reporting VALUE
JEFFERIES GLOBAL INVESTMENT BANKING • Streamline monitoring of a dozen international locations • Provide workflow that supports multiple analysts • Integrate with FireEye and Blue Coat ProxySG, WebPulse & SSL Visibility REQUIREMENTS • Consolidated incident detection and response • Supported several months of packet and metadata retention • Improved ROI & ROSI through integration SOLUTION • Improved incident responder workflow with reduced response times • Leveraged fewer FTEs for tactical analysis: strategically repurpose other FTEs • Achieved holistic visibility across network traffic, users and data (files, IM, voice, etc.) VALUE
US AIR FORCE • Monitor all major Internet gateways • Support over 50 concurrent analysts with disparate privileges/visibility • Use APIs to integrate with COTS, GOTS, and open source security solutions REQUIREMENTS • Provided tiered, centralized management • Supported lossless capture on multiple 10 gigabit networks • Integrated with 3rd party solutions such as ArcSight SOLUTION • Deployed with 100% situational awareness with a small (green) footprint • Utilized RBAC via LDAP for granular access control • Passed multiple, stringent military testing and certification criteria • Replaced incumbent solution based on scalability, capability and footprint VALUE
GET YOUR COPY! www.bluecoat.com/atplifecycle READING
Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund LinkedIn: http://www.linkedin.com/in/grantasplund/ THANK YOU!

Recomendados

CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 

Recomendados

CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Infographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionInfographic: Stop Attacks Hiding Under the Cover of SSL Encryption
Infographic: Stop Attacks Hiding Under the Cover of SSL EncryptionBlue Coat
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Symantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentationSymantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentationInvestorSymantec
 
Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016InvestorSymantec
 

Más contenido relacionado

La actualidad más candente

Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 

La actualidad más candente (20)

Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligence
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 

Destacado

Symantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentationSymantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentationInvestorSymantec
 
Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016InvestorSymantec
 
Empowering the Campus Network
Empowering the Campus NetworkEmpowering the Campus Network
Empowering the Campus NetworkBlue Coat
 
Bc threat intelligence_rev2.1
Bc threat intelligence_rev2.1Bc threat intelligence_rev2.1
Bc threat intelligence_rev2.1Takayoshi Takaoka
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-idsecconf
 
Vfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporterVfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reportervfmindia
 
What is Heartbleed?
What is Heartbleed?What is Heartbleed?
What is Heartbleed?Blue Coat
 
Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeBlue Coat
 

Destacado (10)

Symantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentationSymantec to-acquire-blue-coat-investor-presentation
Symantec to-acquire-blue-coat-investor-presentation
 
Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016Symantec Investor Presentation November 2016
Symantec Investor Presentation November 2016
 
Empowering the Campus Network
Empowering the Campus NetworkEmpowering the Campus Network
Empowering the Campus Network
 
Bc threat intelligence_rev2.1
Bc threat intelligence_rev2.1Bc threat intelligence_rev2.1
Bc threat intelligence_rev2.1
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-
 
Vfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporterVfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporter
 
How to master Blue Coat Proxy SG
How to master Blue Coat Proxy SGHow to master Blue Coat Proxy SG
How to master Blue Coat Proxy SG
 
What is Heartbleed?
What is Heartbleed?What is Heartbleed?
What is Heartbleed?
 
Education is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber CrimeEducation is the Key to Fighting Cyber Crime
Education is the Key to Fighting Cyber Crime
 

Similar a Revolutionizing Advanced Threat Protection

Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAmazon Web Services
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CloudIDSummit
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 

Similar a Revolutionizing Advanced Threat Protection (20)

MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Information Security
Information SecurityInformation Security
Information Security
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworks
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Revolutionizing Advanced Threat Protection

  • 1. REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist
  • 2.
  • 3. EVOLVING LANDSCAPE OF MODERN THREATS TODAY’S ADVANCED THREAT LANDSCAPE
  • 5. IMPROVED Smarter | Faster | Stronger Rootkits Virtual machine Detection Line-by-line debugger detection Re-writes host file Multi-packed, one time, encrypted Fuzzing Reverse Engineering Code Auditing
  • 6. THE INVISIBLE THREATS Majority of APTs Operate Over SSL 20-70% of Traffic is Encrypted Threats we can’t see…
  • 7.
  • 8. TOTAL NUMBER OF NEW TABLET DEVICES RELEASED IN 2013
  • 9. Average Number of Personal Mobile Devices Used for Work By Enterprise Employees. TODAY’S ENTERPRISE USER
  • 12. POST-PREVENTION SECURITY GAP Threat Actors Nation States Cybercriminals Hactivists Insider-Threats HostAV NGFW IDS/IPS Signature-based Security Picket Fence DLP SIEM EmailGateway WebApplicationFirewall WebGateway Traditional Threats Known Threats Known Malware Known Files Known IPs/URLs Advanced Threats Novel Malware Zero-Day Threats Targeted Attacks Modern TTPs Modern, Post- Prevention Security • Context • Content • Visibility • Detection • Intelligence
  • 13. THE WINDOW OF OPPORTUNITY Hours 60% Days 13% weeks 2%Seconds 11% Minutes 13% 84% Initial Attack to Compromise Months 62% Weeks 12% 78% Initial Compromise to Discovery Days 11% Hours 9% Years 4%
  • 14. Proof of the Problem
  • 15. CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational Silos Limit Current Defenses
  • 16. DREADED QUESTIONS FROM CISO Who did this to us? How did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again?
  • 17. PROTECTING AGAINST ADVANCED THREATS WITH CRIME ‘CRIME’ METHODOLOGY • Faster time-to-action • Faster time-to- react/respond • Greater ability to reduce/minimize/elim inate impact! ERADICATION CONTEXT MITIGATION ROOT CAUSE IMPACT
  • 18. Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by 2020. — Gartner 2013 SECURITY SHIFTS TO SWIFT RESPONSE
  • 19. ADVANCED THREAT PROTECTION USE CASES Who? When? What?Where? How? Target(s)? Who Else? Is It Over? What Else? How Long? Continuous Monitoring Situational Awareness Incident Response Data Loss Monitoring & Analysis Policy Compliance Cyber Threat Protection
  • 21. SITUATION BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100 0 01 00011 11 01 101101 101 00101101 1 001 1 0 01 0001101 10 0 01 0 0 01 00 WHAT KEPT US SECURE – Has stopped working GOOD OR BAD SECURITY – Is irrelevant with an attacker’s resources & motivation MODERN ADVANCED THREAT PROTECTION – Is the new imperative
  • 22. POSITION “ ”— General George S. Patton Fixed fortifications are monuments to man’s stupidity.
  • 23. BUSINESS ASSURANCE TECHNOLOGY Web Gateway & Orchestration(SWG) Web & Network Protection SSL Interception Security & Policy Enforcement Center Web Gateway Mobile Expander Mobile Protection Mobility Empowerment Center Application Management Business Application Enablement Trusted Applications Center WAN/Video Optimization Cache optimization Shaping Performance Center Vulnerability Expertise Services Case Analyst Workflow Reporting and Management Resolution Center Cloud Mobility Security Analytics Platform by Solera (formerly DeepSee) • Cloud • 15,000 Customers • 80M Users • VM, Appliance, X-Beam platforms Business Assurance Platform • 33 Worldwide PoP’s • 84% of Fortune 500, 90% FedGov ThreatBLADES Blue Coat Advanced Threat Protection WebThreat MailThreat FileThreat ATP Suite Custom Analytics Malware Analysis SSL Visibility Content Analysis System
  • 24. MODERN ADVANCED THREAT PROTECTION Complete Web Control Web Security, Content Analysis, Real-time Blocking Advanced Malware Detection White/Blacklists, Sandboxing, Feeds Visual Insight Context, Real-time Awareness, IOCs, Alerts Full Packet Capture Layer 2 – 7 Indexing & Classification Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer
  • 25. MODERN ADVANCED THREAT PROTECTION Security Visibility Security Visibility • Full packet capture • Layers 2-7 indexing • Deep packet inspection • Session reconstruction • Scalability and performance • Single pane-of-glass
  • 26. Security Visibility Big Data Security Analytics Big Data Security Analytics • Heuristic detection • Statistical analysis • Inferential reporting • Context-aware analysis • IOC’s & TTP’s • Visual insight MODERN ADVANCED THREAT PROTECTION
  • 27. Threat Intelligence Security Visibility Big Data Security Analytics Threat Intelligence • Real-time white/black lists • Sandbox detonation • On-premises or cloud-based • External data enrichment • Dynamic Intelligence Cloud • Machine-learning architecture MODERN ADVANCED THREAT PROTECTION
  • 28. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Blocking and Enforcement • Scan, block and cache • Inline AV with feedback loop • Obscure sensitive data or block • Web and application controls • Best-of-breed perimeter blocking • Granular customization MODERN ADVANCED THREAT PROTECTION
  • 29. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer Network Effect and Integration Deliver: • Security Ecosystem • Context-Aware Security • Adaptive Security • Enhance existing investments • Integrated workflow automation MODERN ADVANCED THREAT PROTECTION
  • 30. Real-time & Retrospective Analysis & Resolution Simple, Flexible & Extensible BLUE COAT ADVANCED THREAT PROTECTION THE SECURITY CAMERA FOR YOUR NETWORK Turing Complexity into Context Full Visibility: Before, During & After the Attack Big Data Security Analytics: Collect, Analyze & Store Threat Intelligence: Web, File, Email & Malware Reputation
  • 31. Advanced Threat Protection Improving Real-World Use Cases INTEGRATED ECOSYSTEM Situational Awareness Incident Response Policy & ITGRC Data Loss Monitoring & Analysis Advanced Malware Detection Continuous Monitoring ANALYTICS AND INTELLIGENCE • Collect & Warehouse • Investigate • Alert & Report ENRICHMENT • Technology Partners • File Analysis & IP Reputation • Malware Sandboxing FLEXIBLE FORM FACTORS • Hardware • Software • Virtual Machines Web Control and Security Enforcement
  • 32. Three new ThreatBLADES for unbeatable Advanced Threat Protection… BLUE COAT THREATBLADES
  • 33. WEB, MAIL & FILE THREAT IDENTIFICATION If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis Malware Analysis Appliance WebThreat BLADE inspects all HTTP or HTTPS traffic and identifies malicious communications and files FileThreat BLADE inspects all FTP and SMB traffic for malicious communications and files MailThreat BLADE inspects all SMTP, POP3 and IMAP traffic for malicious communications and files
  • 36. Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE GLOBAL INTELLIGENCE NETWORK Security & Policy Enforcement Center ProxySG & SG-VA Web Security Service WebFilter Content Analysis Malware Analysis SSL Visibility Content Analysis, DLP FW/IDS on X-Series Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Now known threats blocked at gateway Fewer threats to contain and resolve Increased system performance through fewer malware scans More robust threat analysis with fewer false positives
  • 38. OVERSTOCK.COM …using root cause analysis from Solera Networks, we were able to pinpoint how the exploit occurred, understand the full scope of the problem, and completely prevent that exploit from ever happening again.... – Overstock.com “ ” • Identify attacks that passed preventative controls • Remediate all infected systems quickly • Ensure that preventative controls are working REQUIREMENTS • Deployed various Solera Security Analytics form factors • Built an IR process around Solera Security Analytics • Integrated Solera with log management and IPS SOLUTION • Identified nefarious activity sourced from inside and outside the network • Pinpointed “all” compromised systems through root cause analysis • Conducted assurance testing on preventative controls by replaying malicious packets on a shadow network VALUE
  • 39. US COAST GUARD • Enhance threat detection • Reduce threat acquisition window • Improve team effectiveness REQUIREMENTS • Integrated with existing McAfee NSM (IPS) solution • Employed 100% data capture • Built custom reports for rapid analysis SOLUTION • Reduced threat identification time by 60% • Reduced threat remediation time by 75% • Allowed for more unified threat management across disparate, internal teams through the use of reporting VALUE
  • 40. JEFFERIES GLOBAL INVESTMENT BANKING • Streamline monitoring of a dozen international locations • Provide workflow that supports multiple analysts • Integrate with FireEye and Blue Coat ProxySG, WebPulse & SSL Visibility REQUIREMENTS • Consolidated incident detection and response • Supported several months of packet and metadata retention • Improved ROI & ROSI through integration SOLUTION • Improved incident responder workflow with reduced response times • Leveraged fewer FTEs for tactical analysis: strategically repurpose other FTEs • Achieved holistic visibility across network traffic, users and data (files, IM, voice, etc.) VALUE
  • 41. US AIR FORCE • Monitor all major Internet gateways • Support over 50 concurrent analysts with disparate privileges/visibility • Use APIs to integrate with COTS, GOTS, and open source security solutions REQUIREMENTS • Provided tiered, centralized management • Supported lossless capture on multiple 10 gigabit networks • Integrated with 3rd party solutions such as ArcSight SOLUTION • Deployed with 100% situational awareness with a small (green) footprint • Utilized RBAC via LDAP for granular access control • Passed multiple, stringent military testing and certification criteria • Replaced incumbent solution based on scalability, capability and footprint VALUE
  • 43.
  • 44. Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund LinkedIn: http://www.linkedin.com/in/grantasplund/ THANK YOU!