Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

SecureSphere ThreatRadar: Improve Security Team Productivity and Focus

As much as 50% of the traffic hitting websites comes from known bad actors. This traffic can cause as much as 90% of security events, overwhelm security engineers and obscure the truly scary events that need further investigation. Imperva SecureSphere ThreatRadar proactively filters traffic from known bad actors so security teams can focus on what matters most. View this webinar and learn how to make your security engineering team more productive, Improve security and website infrastructure efficiency, and reduce risk and improve overall security posture.

  • Inicia sesión para ver los comentarios

SecureSphere ThreatRadar: Improve Security Team Productivity and Focus

  1. 1. © 2015 Imperva, Inc. All rights reserved. SecureSphere ThreatRadar Improve Security Team Productivity and Focus Pravin Rasiah, Sr. Product Manager, Web Application Security, Imperva Morgan Gerhart, VP Product Marketing, Imperva
  2. 2. © 2015 Imperva, Inc. All rights reserved. Speakers Confidential2 Pravin Rasiah Senior Product Manager Morgan Gerhart VP, Product Marketing
  3. 3. © 2015 Imperva, Inc. All rights reserved. Hackers Exploiting Same Old Vulnerabilities Confidential3 Source: Verizon 2015 Data Breach Investigation Report
  4. 4. © 2015 Imperva, Inc. All rights reserved. Hackers Exploiting Same Old Vulnerabilities Confidential4 “99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED.” Source: Verizon 2015 Data Breach Investigation Report
  5. 5. Confidential5 96%of applications have vulnerabilities Source: Cenzic
  6. 6. 6 Confidential
  7. 7. Confidential7 Industrialized Hacking gives hackers extreme leverage
  8. 8. 90%of security events from known bad actors Source: Imperva
  9. 9. 90% 60%+of security events from known bad actors of website traffic is non-human Source: Imperva Source: Imperva
  10. 10. © 2015 Imperva, Inc. All rights reserved. Example 1: Global Financial Services Firm •  Suspected it had a known bad traffic problem –  Some visibility from feeds from other vendors –  Way too much chaff/noise –  No visibility into how this traffic was impacting apps –  Only detection, no protection Confidential10
  11. 11. © 2015 Imperva, Inc. All rights reserved. Example 2: SaaS Provider •  Security team overwhelmed by web events –  6 million per hour –  Knew many/most from script kiddies, malware sources and maliscious IPs –  But unable to filter, focus and prioritize noise from the truly worrisome Confidential11
  12. 12. © 2015 Imperva, Inc. All rights reserved. SecureSphere ThreatRadar Confidential12 •  Global Threat Intelligence Service •  Globally crowdsourced •  Curated by Imperva ADC •  Adds “gods-eye” context of threat landscape to WAF
  13. 13. © 2015 Imperva, Inc. All rights reserved. SecureSphere ThreatRadar Confidential13 More productive, more focused security engineering team Cut infrastructure costs Demonstrate better security posture
  14. 14. © 2015 Imperva, Inc. All rights reserved. Example 1: Global Financial Services Firm •  Suspected it had a known bad traffic problem –  Some visibility from feeds from other vendors –  Way too much chaff/noise –  No visibility into how this traffic was impacting apps –  Only detection, no protection Confidential14
  15. 15. © 2015 Imperva, Inc. All rights reserved. Example 1: Global Financial Services Firm •  Suspected it had a known bad traffic problem –  Some visibility from feeds from other vendors –  Way too much chaff/noise –  No visibility into how this traffic was impacting apps –  Only detection, no protection •  ThreatRadar showed known bad was several times worse than suspected –  12 million events in last 6 months, 11 million filtered by ThreatRadar –  Geographic reputation spotlighting potential state-funded/state-sponsored actors •  Today –  90-95% of protections utilize ThreatRadar –  Business trusts SecureSphere (not worried about false positives/blocking legit traffic) –  Less network traffic (behind the WAF, of course) Confidential15
  16. 16. © 2015 Imperva, Inc. All rights reserved. Example 2: SaaS Provider •  Security team overwhelmed by web events –  6 million per hour –  Knew many/most from script kiddies, malware sources and maliscious IPs –  But unable to filter, focus and prioritize noise from the truly worrisome Confidential16
  17. 17. © 2015 Imperva, Inc. All rights reserved. Example 2: SaaS Provider •  Security team overwhelmed by web events –  6 million per hour –  Knew many/most security events from script kiddies, malware sources and malicious IPs –  But unable to filter, focus and prioritize noise from the truly worrisome •  ThreatRadar showed –  10-30% of traffic was from known bad sources –  80-90% of security alerts associated with traffic from known bad •  Today –  Filter and ignore the 80-90% that is known bad –  Prioritize and focus on what is left – “that’s the really worrisome stuff” –  Noticed some actors have “given up” Confidential17
  18. 18. © 2015 Imperva, Inc. All rights reserved. More Focused, More Productive Team Confidential18 Eliminate the “noise” from known bad, and prioritize on truly worrisome Before
  19. 19. © 2015 Imperva, Inc. All rights reserved. More Focused, More Productive Team Confidential19 Eliminate the “noise” from known bad, and prioritize on truly worrisome Before After
  20. 20. © 2015 Imperva, Inc. All rights reserved. More Focused, More Productive Team Confidential20 Suspicious SQL Syntax
  21. 21. © 2015 Imperva, Inc. All rights reserved. More Focused, More Product Team Confidential21 Suspicious SQL Syntax vs. Suspicious SQL Syntax + Know SQLi IP
  22. 22. © 2015 Imperva, Inc. All rights reserved. More Focused, More Product Team Confidential22 Suspicious SQL Syntax vs. Suspicious SQL Syntax + Know SQLi IP Increased WAF Accuracy
  23. 23. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential23 Spam Marketing Spamdexing: Reputation Impact Fraud DDoS Manual Reviews Malicious Traffic
  24. 24. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential24 Spam Marketing Spamdexing: Reputation Impact Fraud DDoS Manual Reviews Malicious Traffic Keep Forms Safe Gain Backend Efficiencies
  25. 25. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential25 10-50% OF WEBSITE TRAFFIC FROM KNOWN BAD ACTORS
  26. 26. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential26 10-50% OF WEBSITE TRAFFIC FROM KNOWN BAD ACTORS
  27. 27. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential27 10-50% OF WEBSITE TRAFFIC FROM KNOWN BAD ACTORS
  28. 28. © 2015 Imperva, Inc. All rights reserved. Reduce Infrastructure Costs Confidential28 10-50% OF WEBSITE TRAFFIC FROM KNOWN BAD ACTORS More efficient WAF Fewer logs entries Less disc needed Fewer events to SIEM
  29. 29. © 2015 Imperva, Inc. All rights reserved. Globally Crowdsourced Confidential29 Malicious IPsPhishing URLs Anonymous Proxy ToR IPs Comment Spam IPs RFIIP Forensics SQLi IPs Scanner IPs Scraping BOTS Credit Card Cycling Registration BOTS
  30. 30. © 2015 Imperva, Inc. All rights reserved. Demonstrate Better Security Posture •  Who’s on your network? •  Who’s trying to get on your network? •  Where are they coming from? •  How are they attacking? •  How effectively are you mitigating “known bad”? Confidential31

×