SlideShare a Scribd company logo

Moving Security Model From Content to Context

Paolo Passeri
Paolo Passeri

www.lucky-bet.site => Bet on Sports - 50% Deposit Bonus www.lucky-bet.site/casino => Online Casino - 5000$ Welcome Bonus www.lucky-bet.site/lotto247 => Lotto247 - Win Big, Live Free Malware is getting more and more sophisticated and capable to circumvent traditional security technologies, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”.

Technology
1 of 9
Download to read offline
Moving Security Model From Content To Context Quick Random Thoughts on Security Trends and Technologies for 2012 Paolo Passeri paulsparrows.wordpress.com
Why Next Generation Technologies Are Needed Malware is getting more and more sophisticated and capable to circumvent traditional security technologies paulsparrows.wordpress.com
APTs Are Changing The Rules Of The Game APTs threaten Organizations on different levels (from users to application) and heterogeneous time scales, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”. paulsparrows.wordpress.com
The Next Level: From Content to Context Context-aware security is the use of supplemental information to improve security decisions at the time the decision is made. Supplemental Information include: Geo Location, Reputation, and the interaction of the user with the environment (applications, directory, etc.). This class of devices is called Next Generation IPS: http://blogs.gartner.com/neil_macdonald/2011/10/13/next-gen-context-aware-intrusion- prevention/ paulsparrows.wordpress.com
NG-IPS Vs The Rest Of The World Firewall IPS NGF NG-IPS Works At Layer 3-4 Layer 4-7 Layer 7 Layer 4-7 Security Paradigm • IP Address • Protocol • User • User • Port • Vulnerability • Application • Application • Protocol • Vulnerability Scans All Traffic All Traffic Classified Applications All Traffic including classified Applications Deployed as • Layer 3 Gateway • Transparent Mode • Layer 3 Gateway • Layer 3 Gateway • Transparent Mode • Connected to TAP • Transparent Mode • Transparent Mode • Connected to Span Port Defends Against • Intrusions by • Intrusions by everyone • Misuse of applications by Users; • Intrusions by everyone exploiting unauthorized users exploiting vulnerabilities at • Intrusions by unauthorized users application and server vulnerabilities, exploiting known ports; Layer 4-7; exploiting classified applications; • Misuse of applications by users Performs Access Yes No Yes Yes Control Access Control By • IP Address - • User • User • Port • Application • Application • Protocol • IP address • Port • Protocol Detection Algorithms • Packet Filter • Deep Packet Inspection • Application Classification via • Stateful Inspection • Application Proxy • Signatures proprietary methods • Deep Packet Inspection • Stateful Inspection • Pattern Matching • Application Classification • Protocol-Based • Signatures • Anomaly Detection • Pattern Matching • Heuristics • Anomaly Detection (ApplAnd Protocol) • Heuristics Use cloud based No Yes for updating signatures Yes for updating application Yes for updating signatures and services from data received from other fingerprints and dynamically classify application fingerprints sensors unknown applications Use reputation and No Partially No Yes Geo-location Dedicated Device Yes May exist as a dedicated device Once existed as a dedicated device, Yes, Will replace traditional Firewalls, NG or as a security feature on a now is a security feature on top of a Firewalls, IPSs UTM “traditional firewall” Deployed at Perimeter On perimeter firewall or behind Perimeter, focused to protect Perimeter it and in front of Key Asset s outbound traffic May Scan SSL No Yes No Yes paulsparrows.wordpress.com
Web Application Firewalls The growing number of vulnerabilities targeting Web Applications and cyber attacks carried on against banks together with the need to be compliant with strict requirements and regulations are pushing the adoption of Web Application Firewalls. Although Technology tends to consolidate traditional security solutions, WAFs are destined to remain standalone dedicated devices in front of key web assets to protect. These devices are required by PCI-DSS and most of all by the growing attention by Cybercrookers for exploiting vulnerabilities in banking web applications. Only this year, famous victims included CitiGroup and Samsung Card. In particular attackers were able to subtract $2.7 million to Citigroup. http://spectrum.ieee.org/riskfactor/telecom/security/citigroup-admits-being-hacked-in- may-coy-about-extent-of-impact http://www.databreaches.net/?p=20522 paulsparrows.wordpress.com
WAFs Against The Rest Of The World paulsparrows.wordpress.com
So Which Is The Most Revolutionary Technology? Avoid to invest in new technologies without first patching the user! APT Holds only for 1%, (human) vulnerabilities for the remaining 99% paulsparrows.wordpress.com
References Oct 5, 2011: Information, The Next Battlefield http://paulsparrows.wordpress.com/2011/10/05/information-the- next-battlefield/ Oct 7, 2011: Next Generation Firewalls and Web Applications Firewall Q&A http://paulsparrows.wordpress.com/2011/10/07/next-generation- firewalls-and-web-applications-firewall-qa/ Oct 13, 2011: Advanced Persistent Threats and Security Information Management http://paulsparrows.wordpress.com/2011/10/13/apts-and- security-information-management/ Oct 27, 2011: Are You Ready For The Next Generation IPS? http://paulsparrows.wordpress.com/2011/10/27/are-you-ready- for-the-next-generation-ips/ Nov 20, 2011: Advanced Persistent Threats and Human Errors http://paulsparrows.wordpress.com/2011/11/20/advanced- persistent-threats-and-human-errors/

Recommended

12201952 pss7
12201952 pss712201952 pss7
12201952 pss7tsoikiuyau
 
BDSA Solutions Comparison sheet
BDSA Solutions Comparison sheetBDSA Solutions Comparison sheet
BDSA Solutions Comparison sheetKanikkannan L
 
12203300 pss7
12203300 pss712203300 pss7
12203300 pss7Loree Ng
 
12201499 pss7
12201499 pss712201499 pss7
12201499 pss712201499
 
Extracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationExtracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationOpposing Force S.r.l.
 
12206644 pps7
12206644 pps712206644 pps7
12206644 pps7lydialo15
 
12203882 pss7
12203882 pss712203882 pss7
12203882 pss7NgJodia
 
12200646 pss7
12200646 pss712200646 pss7
12200646 pss7sarah889
 

Recommended

12201952 pss7
12201952 pss712201952 pss7
12201952 pss7tsoikiuyau
 
BDSA Solutions Comparison sheet
BDSA Solutions Comparison sheetBDSA Solutions Comparison sheet
BDSA Solutions Comparison sheetKanikkannan L
 
12203300 pss7
12203300 pss712203300 pss7
12203300 pss7Loree Ng
 
12201499 pss7
12201499 pss712201499 pss7
12201499 pss712201499
 
Extracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationExtracting the Painful (Blue)Tooth - Presentation
Extracting the Painful (Blue)Tooth - PresentationOpposing Force S.r.l.
 
12206644 pps7
12206644 pps712206644 pps7
12206644 pps7lydialo15
 
12203882 pss7
12203882 pss712203882 pss7
12203882 pss7NgJodia
 
12200646 pss7
12200646 pss712200646 pss7
12200646 pss7sarah889
 
12213217 pss7
12213217 pss712213217 pss7
12213217 pss7irenechau
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
12202703 pps7
12202703 pps712202703 pps7
12202703 pps7000Shirley000
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
12214116 pp7
12214116 pp712214116 pp7
12214116 pp7christinatam
 
Rfid
Rfid Rfid
Rfid durrmuhammad
 
12203718‐pss7
12203718‐pss712203718‐pss7
12203718‐pss712203718
 
12207640 pss7
12207640 pss712207640 pss7
12207640 pss7howardchau
 
NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)Opposing Force S.r.l.
 
12206571 pss7
12206571 pss712206571 pss7
12206571 pss7pamellachan
 
AGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldAGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldCisco Russia
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7yoiss
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7yoiss
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
12213845 pss7
12213845 pss712213845 pss7
12213845 pss7fungtsingli
 
Global tag portfolio_2015
Global tag portfolio_2015Global tag portfolio_2015
Global tag portfolio_2015Global Tag Srl
 
12204560 pss7
12204560 pss712204560 pss7
12204560 pss7cheriechuk
 
12206571 pss7
12206571 pss712206571 pss7
12206571 pss7pamellachan
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksPriyanka Aash
 
Sample PPT
Sample PPTSample PPT
Sample PPTDrCarmenLam
 
Mobile Security Business-e
Mobile Security Business-eMobile Security Business-e
Mobile Security Business-ePaolo Passeri
 
Relazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo finalRelazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo finalPaolo Passeri
 

More Related Content

What's hot

12213217 pss7
12213217 pss712213217 pss7
12213217 pss7irenechau
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
12203718‐pss7
12203718‐pss712203718‐pss7
12203718‐pss712203718
 
NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)Opposing Force S.r.l.
 
AGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldAGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldCisco Russia
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7yoiss
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7yoiss
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Global tag portfolio_2015
Global tag portfolio_2015Global tag portfolio_2015
Global tag portfolio_2015Global Tag Srl
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksPriyanka Aash
 

What's hot (20)

12213217 pss7
12213217 pss712213217 pss7
12213217 pss7
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
12202703 pps7
12202703 pps712202703 pps7
12202703 pps7
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
 
12214116 pp7
12214116 pp712214116 pp7
12214116 pp7
 
Rfid
Rfid Rfid
Rfid
 
12203718‐pss7
12203718‐pss712203718‐pss7
12203718‐pss7
 
12207640 pss7
12207640 pss712207640 pss7
12207640 pss7
 
NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)NFC: Naked Fried Chicken (PHDays VI)
NFC: Naked Fried Chicken (PHDays VI)
 
12206571 pss7
12206571 pss712206571 pss7
12206571 pss7
 
AGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldAGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real World
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7
 
12250090 pss7
12250090 pss712250090 pss7
12250090 pss7
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
 
12213845 pss7
12213845 pss712213845 pss7
12213845 pss7
 
Global tag portfolio_2015
Global tag portfolio_2015Global tag portfolio_2015
Global tag portfolio_2015
 
12204560 pss7
12204560 pss712204560 pss7
12204560 pss7
 
12206571 pss7
12206571 pss712206571 pss7
12206571 pss7
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
 
Sample PPT
Sample PPTSample PPT
Sample PPT
 

Viewers also liked

Mobile Security Business-e
Mobile Security Business-eMobile Security Business-e
Mobile Security Business-ePaolo Passeri
 
Relazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo finalRelazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo finalPaolo Passeri
 
Hackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksHackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksPaolo Passeri
 
Context Aware Reactive Applications
Context Aware Reactive ApplicationsContext Aware Reactive Applications
Context Aware Reactive ApplicationsClarkTony
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CloudIDSummit
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to SelinuxAtul Jha
 
Context model
Context modelContext model
Context modelUbaid423
 
5(re dfd-erd-data dictionay)
5(re dfd-erd-data dictionay)5(re dfd-erd-data dictionay)
5(re dfd-erd-data dictionay)randhirlpu
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & futureAlex Matrosov
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Open Context Model of Learning & Craft of Teaching
Open Context Model of Learning & Craft of TeachingOpen Context Model of Learning & Craft of Teaching
Open Context Model of Learning & Craft of TeachingLondon Knowledge Lab
 
Structured system analysis
Structured system analysisStructured system analysis
Structured system analysislearnt
 
Addie instructinal design model
Addie instructinal design modelAddie instructinal design model
Addie instructinal design modelBee Ho
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsMilosch Meriac
 

Viewers also liked (20)

Mobile Security Business-e
Mobile Security Business-eMobile Security Business-e
Mobile Security Business-e
 
Relazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo finalRelazione tavola rotonda 14 marzo final
Relazione tavola rotonda 14 marzo final
 
Cyberwar22092011
Cyberwar22092011Cyberwar22092011
Cyberwar22092011
 
Hackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber AttacksHackmageddon stats: 4 Year of Cyber Attacks
Hackmageddon stats: 4 Year of Cyber Attacks
 
Context Aware Reactive Applications
Context Aware Reactive ApplicationsContext Aware Reactive Applications
Context Aware Reactive Applications
 
NTU_Portfolio
NTU_PortfolioNTU_Portfolio
NTU_Portfolio
 
1 system security
1 system security1 system security
1 system security
 
2 erd
2 erd2 erd
2 erd
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
Rbac
RbacRbac
Rbac
 
Ais Romney 2006 Slides 20 System Design
Ais Romney 2006 Slides 20 System DesignAis Romney 2006 Slides 20 System Design
Ais Romney 2006 Slides 20 System Design
 
Introduction to Selinux
Introduction to SelinuxIntroduction to Selinux
Introduction to Selinux
 
Context model
Context modelContext model
Context model
 
5(re dfd-erd-data dictionay)
5(re dfd-erd-data dictionay)5(re dfd-erd-data dictionay)
5(re dfd-erd-data dictionay)
 
Bootkits: past, present & future
Bootkits: past, present & futureBootkits: past, present & future
Bootkits: past, present & future
 
Security models
Security models Security models
Security models
 
Open Context Model of Learning & Craft of Teaching
Open Context Model of Learning & Craft of TeachingOpen Context Model of Learning & Craft of Teaching
Open Context Model of Learning & Craft of Teaching
 
Structured system analysis
Structured system analysisStructured system analysis
Structured system analysis
 
Addie instructinal design model
Addie instructinal design modelAddie instructinal design model
Addie instructinal design model
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 

Similar to Moving Security Model From Content to Context

Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablementresponsedatacomms
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout PresentationFiroze Hussain
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environmentnicolasotira
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016rajeshnikam
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
12207128 pss7
12207128 pss712207128 pss7
12207128 pss7wongfai10
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol SecurityDavid Barker
 

Similar to Moving Security Model From Content to Context (20)

Palo alto safe application enablement
Palo alto safe application enablementPalo alto safe application enablement
Palo alto safe application enablement
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
Pci Req
Pci ReqPci Req
Pci Req
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
 
Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environment
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
 
Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
12207128 pss7
12207128 pss712207128 pss7
12207128 pss7
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
Firewalls
FirewallsFirewalls
Firewalls
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 

Recently uploaded

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Moving Security Model From Content to Context

  • 1. Moving Security Model From Content To Context Quick Random Thoughts on Security Trends and Technologies for 2012 Paolo Passeri paulsparrows.wordpress.com
  • 2. Why Next Generation Technologies Are Needed Malware is getting more and more sophisticated and capable to circumvent traditional security technologies paulsparrows.wordpress.com
  • 3. APTs Are Changing The Rules Of The Game APTs threaten Organizations on different levels (from users to application) and heterogeneous time scales, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”. paulsparrows.wordpress.com
  • 4. The Next Level: From Content to Context Context-aware security is the use of supplemental information to improve security decisions at the time the decision is made. Supplemental Information include: Geo Location, Reputation, and the interaction of the user with the environment (applications, directory, etc.). This class of devices is called Next Generation IPS: http://blogs.gartner.com/neil_macdonald/2011/10/13/next-gen-context-aware-intrusion- prevention/ paulsparrows.wordpress.com
  • 5. NG-IPS Vs The Rest Of The World Firewall IPS NGF NG-IPS Works At Layer 3-4 Layer 4-7 Layer 7 Layer 4-7 Security Paradigm • IP Address • Protocol • User • User • Port • Vulnerability • Application • Application • Protocol • Vulnerability Scans All Traffic All Traffic Classified Applications All Traffic including classified Applications Deployed as • Layer 3 Gateway • Transparent Mode • Layer 3 Gateway • Layer 3 Gateway • Transparent Mode • Connected to TAP • Transparent Mode • Transparent Mode • Connected to Span Port Defends Against • Intrusions by • Intrusions by everyone • Misuse of applications by Users; • Intrusions by everyone exploiting unauthorized users exploiting vulnerabilities at • Intrusions by unauthorized users application and server vulnerabilities, exploiting known ports; Layer 4-7; exploiting classified applications; • Misuse of applications by users Performs Access Yes No Yes Yes Control Access Control By • IP Address - • User • User • Port • Application • Application • Protocol • IP address • Port • Protocol Detection Algorithms • Packet Filter • Deep Packet Inspection • Application Classification via • Stateful Inspection • Application Proxy • Signatures proprietary methods • Deep Packet Inspection • Stateful Inspection • Pattern Matching • Application Classification • Protocol-Based • Signatures • Anomaly Detection • Pattern Matching • Heuristics • Anomaly Detection (ApplAnd Protocol) • Heuristics Use cloud based No Yes for updating signatures Yes for updating application Yes for updating signatures and services from data received from other fingerprints and dynamically classify application fingerprints sensors unknown applications Use reputation and No Partially No Yes Geo-location Dedicated Device Yes May exist as a dedicated device Once existed as a dedicated device, Yes, Will replace traditional Firewalls, NG or as a security feature on a now is a security feature on top of a Firewalls, IPSs UTM “traditional firewall” Deployed at Perimeter On perimeter firewall or behind Perimeter, focused to protect Perimeter it and in front of Key Asset s outbound traffic May Scan SSL No Yes No Yes paulsparrows.wordpress.com
  • 6. Web Application Firewalls The growing number of vulnerabilities targeting Web Applications and cyber attacks carried on against banks together with the need to be compliant with strict requirements and regulations are pushing the adoption of Web Application Firewalls. Although Technology tends to consolidate traditional security solutions, WAFs are destined to remain standalone dedicated devices in front of key web assets to protect. These devices are required by PCI-DSS and most of all by the growing attention by Cybercrookers for exploiting vulnerabilities in banking web applications. Only this year, famous victims included CitiGroup and Samsung Card. In particular attackers were able to subtract $2.7 million to Citigroup. http://spectrum.ieee.org/riskfactor/telecom/security/citigroup-admits-being-hacked-in- may-coy-about-extent-of-impact http://www.databreaches.net/?p=20522 paulsparrows.wordpress.com
  • 7. WAFs Against The Rest Of The World paulsparrows.wordpress.com
  • 8. So Which Is The Most Revolutionary Technology? Avoid to invest in new technologies without first patching the user! APT Holds only for 1%, (human) vulnerabilities for the remaining 99% paulsparrows.wordpress.com
  • 9. References Oct 5, 2011: Information, The Next Battlefield http://paulsparrows.wordpress.com/2011/10/05/information-the- next-battlefield/ Oct 7, 2011: Next Generation Firewalls and Web Applications Firewall Q&A http://paulsparrows.wordpress.com/2011/10/07/next-generation- firewalls-and-web-applications-firewall-qa/ Oct 13, 2011: Advanced Persistent Threats and Security Information Management http://paulsparrows.wordpress.com/2011/10/13/apts-and- security-information-management/ Oct 27, 2011: Are You Ready For The Next Generation IPS? http://paulsparrows.wordpress.com/2011/10/27/are-you-ready- for-the-next-generation-ips/ Nov 20, 2011: Advanced Persistent Threats and Human Errors http://paulsparrows.wordpress.com/2011/11/20/advanced- persistent-threats-and-human-errors/