Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Esteban Próspero
Similar a Esteban Próspero (20)
Más de ClusterCba
Último
Último (20)
Esteban Próspero
- 1. . Seguridad Conectada La Nueva Generación de Protección para Empresas Esteban Javier Próspero | Director, Ingeniería @e_prospero
- 2. La Complejidad de IT Corporativa crece día a día . 1. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013-2018. Feb. 2014 2. IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in Far East. Dec. 2012 81% crecimiento de tráfico de datos móviles en 2013 (1.5 exabytes/mes)1 50% de los datos que necesitan protección están protegidos hoy2 40% de los datos estarán en el cloud en el 20202
- 3. . Ataques Avanzados: alto impacto material 3 VENTAS caída 46%1 COSTOS más US $61M1 1. http://online.wsj.com/news/articles/SB10001424052702304255604579406694182132568 2. McAfee, “Net Losses: Estimating the Global Cost of Cybercrime,” June 2014 3. Ponemon Institute 2013 Cost of Cyber Crime study IMPACTO MARCA INCALCULABLE GANANCIAS caída 34%1 Costo anual del crimen cibernético: US $400.000 millones2 MULTAS POSIBLES US $400M a $1.1B1 Costo promedio de ataques 2013: US $11.6 millones3 Cantidad de ataques exitosos: 122 por semana por empresa3 Ejemplo de la cadena de retail TARGET*
- 4. Plataforma de Seguridad Conectada de McAfee Security Management Threat Intelligence Context and Orchestration Network Security Endpoint Security . Analytics Deep Security . 4 McAfee Confidential
- 5. . Threat Intelligence Exchange Adapt and Immunize—From Encounter to Containment in Milliseconds Endpoint Endpoint McAfee ePO Adaptive security improves anti-malware protection • Better analysis of the gray • Crowd-source reputations from your own environment • Manage risk tolerance across departments / system types Actionable intelligence • Early awareness of first occurrence flags attacks as they begin • Know who may be / was compromised when certificate or file reputation changes 5 YES NO McAfee Global Threat Intelligence 3rd Party Feeds Data Exchange Layer McAfee TIE Server McAfee ATD McAfee ESM ePO : Policy Orchestrator ESM : Enterprise Security Manager ATD : Advanced Threat Detection TIE : Threat Information Exchange
- 6. . Threat Intelligence Exchange Adapt and Immunize—From Encounter to Containment in Milliseconds Endpoint Endpoint McAfee ePO McAfee ATD 6 McAfee Global Threat Intelligence 3rd Party Feeds Data Exchange Layer McAfee TIE Server McAfee ESM NGFW NSP Web Gateway Email Gateway ePO : Policy Orchestrator ESM : Enterprise Security Manager ATD : Advanced Threat Detection TIE : Threat Information Exchange
- 7. Protección Instantánea en toda la Empresa Data Exchange Layer . McAfee ESM Endpoint Endpoint McAfee ePO McAfee ATD NGFW NSP Web Gateway Email Gateway 7 McAfee Global Threat Intelligence 3rd Party Feeds Gateways block access based on endpoint convictions Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Proactively and efficiently protect your organization as soon as a threat is revealed McAfee TIE Server ePO : Policy Orchestrator ESM : Enterprise Security Manager ATD : Advanced Threat Detection TIE : Threat Information Exchange
- 8. . ESM DXL TIE SIEM: Enterprise Security Manager Performance Inteligencia Situational awareness Data Exchange Layer Real-time Comunicación bidireccional Seguridad adaptativa Threat Information Exchange Visibilidad y control real time Protección y respuesta integral Seguridad adaptativa Made in Cordoba desde hoy
- 9. . Muchas Gracias Esteban Javier Próspero @e_prospero empleos.asdc@intel.com
Notas del editor
- The Security Connected platform from McAfee provides a unified framework for hundreds of products, services, and partners to learn from each other, share context-specific data in real time, and act as a team to keep information and networks safe. The Security Connected platform includes integrated solutions that address (starting from bottom): Analytics: McAfee ESM provides high-speed data mining and risk assessment based on hundreds of data sources and can directly integrate with McAfee countermeasures and threat intelligence to guide data-driven risk management. Context & Orchestration: DXL is first extensible high-speed communication layer that allows intelligence sharing, product deployment, and distribution of policies and protections. Threat Intelligence: Only McAfee creates an aggregate picture based on local, custom intelligence; a global, cross-vector threat intelligence network; and third party data services to drive countermeasure actions and efficient incident response. And, finally, at the foundation of Security Connected is McAfee Security Management, which provides a critical connective framework and an open platform. It unites product and technology components as well as processes and policies to enable an efficient and secure IT infrastructure that businesses can build on as they identify and pursue global business opportunities. McAfee Security Management create simplified management solutions that work together to give you complete visibility into your enterprise—including both a real-time and a historical view (what did that user do on that device across those days?). That requires deep integration across endpoints, the network, and the management software. In other words, McAfee Security Management gives you the visibility you need to analyze risk across all elements of your security environment, and then to make informed decisions and respond in less time. The products we’re about to talk about—including ePO, Deep Command, SIEM, and TIE—provide a connective framework that unites products, processes, and policies to enable a more efficient and more secure IT infrastructure that is ready for today’s threats, and those of tomorrow.
- In this use case, we have several security solutions working together with TIE (of the many that are possible): ePO (described earlier) SIEM (described earlier) DXL (real-time, bi-directional communications fabric) Advanced Threat Defense (ATD): Analyzes malware behavior In this example, <build 1> if an endpoint attempts to executes an executable file that has passed through VSE (may be suspicious, but neither DAT, GTI, nor VSE heuristics have enough data to convict it), TIE will send the file information to the TIE Server to learn more about it. The query is performed over the data exchange layer and includes file, process and environmental attributes recorded by the endpoint. <Build 2> In this case, TIE has seen the suspicious-but-not-convicted file elsewhere in the enterprise but checks with GTI to see if the reputation has changed. From this point, the TIE server will check the McAfee Global Threat Intelligence in the cloud for a reputation. It will then send back the results of this look up back to the endpoint. <Build 3> At this point, endpoint will take action according to the local TIE rules and risk tolerance-based policy admin has applied: 1. allow the file to execute. 2. Block it from executing but leave it in place. 3. Prevent execution and quarantine/clean because it is a known bad file. 4. Separately, TIE can sent the file to McAfee Advanced Threat Defense (ATD) for analysis (assuming you have ATD installed). If we assume that the reputation change assigns a malicious reputation to the file, the TIE dashboards in ePO will display the systems who have inquired about the file in the past – indicating that they are compromised (they executed it too) or may be compromised (asked about but did not execute the file). Admin can quickly view where and when systems have experienced the file and take prioritized remediation steps. This information is available also to SIEM, which can provide further analytics and deep inspection triggered by the initial TIE reputation change event.
- The next set of slides illustrate how Threat Intelligence Exchange works. In this example, <build 1> if an endpoint attempts to executes an executable file that VSE has never seen before and is not part of our DAT file, it will send the file information to the TIE server to determine if it is a known file. In this case, it has determined if it is an unknown file and does not have a reputation for this file. The query is to be performed over the data exchange layer and is to include file, process and environmental attributes recorded by the endpoint with regards to this file <Build 2> From this point, the TIE server will check the McAfee Global Threat Intelligence in the cloud for a reputation. It will then send back the results of this look up back to the endpoint. <Build 3> At this point, there are has some options, 1. allow the file to execute, 2. prevent it from executing and quarantine it, 3. Prevent execution because it is a known bad file, 4. Or if it doesn’t know the reputation, it can sent it to McAfee Advanced Threat Defense (ATD) for analysis. <Build4> to next slide
- <Build 1> Once classification is determined, ATD is to publish the information using the DXL Endpoints, Gateways and other security components are to consume classification changes published by specific sources Once a conviction is received endpoints immunize themselves – Prevent on endpoints which had not observed this file as of yet Detect and remediate on endpoints which had been previously infected Once a conviction is received by gateways they are to block access based on endpoint convictions Remark: The components added to this slide (McAfee ESM on the DXL, McAfee NGFW, McAfee NSP, McAfee MWG, McAfee MEG) are slated for a late 2H14 delivery