Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Scalar Security Roadshow - Ottawa Presentation

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Cargando en…3
×

Eche un vistazo a continuación

1 de 112 Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (11)

Anuncio

Similares a Scalar Security Roadshow - Ottawa Presentation (20)

Más de Scalar Decisions (19)

Anuncio

Más reciente (20)

Scalar Security Roadshow - Ottawa Presentation

  1. 1. Scalar Security Roadshow © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1
  2. 2. Purpose of today’s session: Provide insights on how Scalar and our partners address today’s complex security challenges © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 2
  3. 3. Gartner report highlights 3 • Security spend as % of IT budgets increased • Strong correlation between Security budget and maturity • Emphasis on network, applications and endpoint • Insufficient investment in people and process © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
  4. 4. Scalar – brief overview © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 4
  5. 5. 10 Years © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 5
  6. 6. 901 65 180 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 6
  7. 7. 100% Vancouver Calgary Montreal Ottawa Toronto London © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 7
  8. 8. #1 ICT Security #51 Company #15 Top 250 ICT Companies © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 8
  9. 9. Top tier technical talent. • Engineers average 15 years of experience • World-class experts from some of the leading organizations in the industry • Dedicated teams: PMO, finance, sales and operations • Canadian Authorized Training Centres • We employ and retain top talent © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 9
  10. 10. Top awards. • Brocade Partner of the Year ~ Innovation • Cisco Partner of the Year ~ Data Centre & Virtualization • NetApp Partner of the Year ~ Central Canada • VMware Global Emerging Products Partner of the Year • F5 VAR Partner of the Year ~ North America • Palo Alto Networks Rookie of the Year © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 10
  11. 11. Putting our expertise into practice. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 11
  12. 12. Integrating, securing and managing systems for the most technologically advanced games ever. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 12
  13. 13. Our Focus • Protection of Data and Systems • High Performance Computing • Flexible Solutions © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 13
  14. 14. Our security partners © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 14
  15. 15. Partners here today © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 15
  16. 16. SECURITY © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. Cisco-Sourcefire FirePOWER Sylvain Levesque Security Consulting Systems Engineer slevesqu@cisco.com SECURITY
  18. 18. SECURITY Agenda: • New Security Model and Global Intelligence • The POWER in FirePOWER • FirePOWER Appliance • ASA with FirePOWER Services © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. The New Security Model BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum DURING Detect Block Defend Network Endpoint Mobile Virtual Cloud Point in Time Continuous © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. Cisco Security Intelligence Operation (SIO) More Than $100 24 Hours Daily More Than 40 Million OPERATIONS SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 Cisco1100001110001110 ® SIO 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 Email Devices WWW Web LANGUAGES IPS Networks Endpoints More Than 80 PH.D, CCIE, CISSP, MSCE Cloud IPS AnyConnect® ESA ASA WWW WSA Information More Than 800 ENGINEERS, TECHNICIANS, AND RESEARCHERS Actions Visibility Control 1.6 Million GLOBAL SENSORS 100 TB DATA RECEIVED PER DAY 40% WORLDWIDE EMAIL TRAFFIC 13 Billion WEB REQUESTS More Than 150 Million DEPLOYED ENDPOINTS 3 to 5 MINUTE UPDATES More Than 200 PARAMETERS TRACKED More Than 5500 IPS SIGNATURES PRODUCED More Than 70 PUBLICATIONS PRODUCED More Than 8 Million RULES PER DAY © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. Collective Security Intelligence Malware Protection IPS Rules Reputation Feeds Vulnerability Database Updates Sourcefire AEGIS™ Program Private and Public Threat Feeds Sourcefire VRT® (Vulnerability Research Team) Sandboxing Machine Learning Big Data Infrastructure Sandnets FireAMP™ Community Honeypots File Samples (>380,000 per Day) Advanced Microsoft and Industry Disclosures SPARK Program Snort and ClamAV Open Source Communities © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. The POWER in FirePOWER SECURITY © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  23. 23. About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. • Founded in 2001 by Snort Creator, Martin Roesch, CTO • Headquarters: Columbia, MD • Focus on enterprise and government customers • Global Security Alliance ecosystem • NASDAQ: FIRE Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. FireSIGHT™ Management Center: Full Stack Visibility CATEGORIES EXAMPLES FirePOWER Services TYPICAL IPS TYPICAL NGFW Threats Attacks, Anomalies ✔ ✔ ✔ Users AD, LDAP, POP3 ✔ ✗ ✔ Web Applications Facebook Chat, Ebay ✔ ✗ ✔ Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔ File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔ Malware Conficker, Flame ✔ ✗ ✗ Command & Control Servers C&C Security Intelligence ✔ ✗ ✗ Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗ Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗ Operating Systems Windows, Linux ✔ ✗ ✗ Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗ Mobile Devices iPhone, Android, Jail ✔ ✗ ✗ Printers HP, Xerox, Canon ✔ ✗ ✗ VoIP Phones Cisco phones ✔ ✗ ✗ Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗ Contextual Information Superiority Awareness © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. Cisco FireSIGHT Simplifies Operations • Impact Assessment and Recommended Rules Automate Routine Tasks © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  26. 26. Impact Assessment IMPACT Correlates all intrusion events to an impact of the attack against the target FLAG ADMINISTRATOR ACTION WHY Act Immediately, Vulnerable Event corresponds to vulnerability mapped to host Investigate, Potentially Vulnerable Relevant port open or protocol in use, but no vuln mapped Good to Know, Currently Not Vulnerable Relevant port not open or protocol not in use Good to Know, Unknown Target Monitored network, but unknown host Good to Know, Unknown Network Unmonitored network © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. Visibility and Context © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  28. 28. Visibility and Context File Sent File Received File Executed File Moved File Quarantined © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
  29. 29. Indications of Compromise (IoCs) IPS Events Malware Backdoors CnC Connections Exploit Kits Admin Privilege Escalations Web App Attacks SI Events Connections to Known CnC IPs Malware Events Malware Detections Malware Executions Office/PDF/ Java Compromises Dropper Infections © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
  30. 30. FirePOWER Services: Application Control • Control access for applications, users and devices • “Employees may view Facebook, but only Marketing may post to it” • “No one may use peer-to-peer file sharing apps” Over 3,000 apps, devices, and more! © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  31. 31. …Yet Another Open Source Success Story • OpenAppID • Open source application detection and control Application-focused detection language tied to Snort engine Enhances coverage and efficacy and accelerates development of application detectors Empowers the community to share detectors for greater protection Already over 1300 OpenAppID Detectors Ties into a Snort Pre-processor for maximum performance and integration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
  32. 32. FirePOWER Services: URL Filtering • Block non-business-related sites by category • Based on user and user group © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  33. 33. FirePOWER Services: Advanced Malware Malware Alert! 4) Execution Report Available In Defense Center 1) File Capture Collective Security Intelligence Sandbox 3) Send to Sandbox 2) File Storage Network Traffic © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  34. 34. Reduced Cost and Complexity • Multilayered protection in a single device • Highly scalable for branch, internet edge, and data centers • Automates security tasks o Impact assessment o Policy tuning o User identification • Integrate transparently with third-party security solutions through eStreamer API © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  35. 35. FirePOWER Appliances SECURITY © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  36. 36. Setting the New Standard for Advanced Threat Protection Sourcefire FirePOWER™ • Industry-­‐best Intrusion Preven1on • Real-­‐1me Contextual Awareness • Full Stack Visibility • Intelligent Security Automa1on with FireSIGHT™ • Unparalleled Performance and Scalability • Easily add Applica1on Control, URL Filtering and Advanced Malware Protec1on with op1onal subscrip1on licenses © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
  37. 37. Platforms and Places in the Network IPS Performance and Scalability Data Center Campus Branch Office SOHO Internet Edge FirePOWER 7100 Series 500 Mbps – 1 Gbps FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps FirePOWER 8100/8200 2 Gbps - 10 Gbps FirePOWER 8200 Series 10 Gbps – 40 Gbps FirePOWER 7000 Series 50 Mbps – 250 Mbps FirePOWER 8300 Series 15 Gbps – 60 Gbps © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  38. 38. FirePOWER Feature Summary NGIPS • IPS Detection and Prevention • Security Updates • Reports, Alerts, and Dashboards • Centralized Policy Management • Custom IPS Rule Creation • Automated Impact Assessment • Automated Tuning • FireSIGHT Network & User Intelligence • IT Policy Compliance Whitelists • File Type Determination • Network Behavior Analysis You can ADD additional license • Application Control • User and User Group Control • Stateful Firewall Inspection Switching and Routing • Network Address Translation • URL Filtering • File Blocking • Advanced Malware Protection Virtual Appliances for VMWare and XEN
  39. 39. ASA with FirePOWER Services SECURITY © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
  40. 40. FirePOWER Services for ASA: Components FirePOWER Services Blade ASA 5585-X • Models: ASA 5585-X-10, ASA 5585- X-20, ASA 5585-X-40, ASA 5585-X-60 • New FirePOWER Services Hardware Module Required • Licenses and Subscriptions • Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X • SSD Drive Required • FirePOWER Services Software Module • Licenses and Subscriptions © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
  41. 41. Superior Multilayered Protection • World’s most widely deployed, enterprise-class ASA stateful firewall • Granular Application Visibility and Control (AVC) • Industry-leading FirePOWER Next-Generation IPS (NGIPS) • Reputation- and category-based URL filtering • Advanced malware protection Cisco Collective Security Intelligence Enabled FireSIGHT Analytics & Automation CISCO ASA WWW URL Filtering (subscription) Identity-Policy Control & VPN Advanced Malware Protection (subscription) Intrusion Prevention (subscription) Application Visibility &Control Clustering & High Availability Network Firewall Routing | Switching Built-in Network Profiling © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
  42. 42. ASA and FirePOWER Features • IPS Detection and Prevention • Security Updates • Reports, Alerts, and Dashboards • Centralized Policy Management • Custom IPS Rule Creation • Automated Impact Assessment • Automated Tuning • FireSIGHT Network & User Intelligence • IT Policy Compliance Whitelists • File Type Determination • Network Behavior Analysis • Application Control • User and User Group Control • Stateful Firewall Inspection Switching and Routing • Network Address Translation • URL Filtering • File Blocking • Advanced Malware Protection • Identity-Based Firewall for enhanced user ID awareness. • Highly Secure remote access (IPSEC and SSL) • Proactive, near-real-time protection against Internet threats • Integrates with other essential network security tech • Supports Cisco TrustSec security group tags (SGTs) and • Extensive stateful inspection engine, • Site-to-site VPN, NAT, IPv6, • Dynamic Routing (including BGP) • HA, Clustering • Protection from botnets • Delivers high availability for high-resiliency application • Change of Authorization (CoA) © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
  43. 43. Q & A
  44. 44. The Perimeter is Dead, Long Live the Perimeter Steve Hillier Field Systems Engineer
  45. 45. What is The Perimeter?
  46. 46. pe·rim·e·ter 1.the continuous line forming the boundary of a closed geometric figure. "the perimeter of a rectangle" synonyms: circumference, outside, outer edge "the perimeter of a circle" the outermost parts or boundary of an area or object. "the perimeter of the garden" synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More a defended boundary of a military position or base. In Networking we call it…DMZ
  47. 47. Defense in Depth?
  48. 48. Defense in depth The principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system…… Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it. https://www.owasp.org/index.php/Defense_in_depth
  49. 49. Evolving Threat Landscape
  50. 50. Perimeter Security Technologies A long time ago… and then… present day… and now with F5! Firewalls started out as proxies Stateless filters accelerated firewalls, but weakened security Stateful firewalls added security with deep inspection, but still fall short of proxies F5 brings full proxy back to firewalls: highest security matched by a high-scale and high-performance architecture F5 Agility 2014 50
  51. 51. Protecting against Threats is challenging Webification of apps Device proliferation 71% of internet experts predict most people will do work via web or mobile by 2020. 95% of workers use at least one personal device for work. 130 million enterprises will use mobile apps by 2014 Evolving security threats Shifting perimeter 58% of all e-theft tied to activist groups. 81% of breaches involved hacking 80% of new apps will target the cloud. 72% IT leaders have or will move applications to the cloud. F5 Agility 2014 51
  52. 52. Evolving Security Threat Landscape F5 Agility 2014 52
  53. 53. More sophisticated attacks are multi-layer Application SSL DNS Network F5 Agility 2014 53
  54. 54. Its all about the Application.
  55. 55. BIG-IP Application Security Manager BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands. Multiple deployment options Visibility and analysis Comprehensive protections • Standalone or ADC add-on • Appliance or Virtual edition • Manual or automatic policy building • 3rd party DAST integration • Visibility and analysis • High speed customizable syslog • Granular attack details • Expert attack tracking and profiling • Policy & compliance reporting • Integrates with SIEM software • Full HTTP/S request logging • Granular rules on every HTTP element • Client side parameter manipulation protection • Response checks for error & data leakage • AV integrations F5 Agility 2014 55
  56. 56. Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities L7 DDOS Web Scraping Web bot identification XML filtering, validation & mitigation XML Firewall Geolocation blocking ICAP anti-virus Integration ASM F5 Agility 2014 56
  57. 57. Network Threats Application Threats 90% of security investment focused here Yet 75% of attacks are focused here Attack Vectors TCP SYN Flood TCP Conn Flood DNS Flood HTTP GET Flood Attack Vectors HTTP Slow Loris DNS Cache Poison SQL Injection Cross Site Scripting F5 Agility 2014 57
  58. 58. Unique full-proxy architecture WAF WAF Slowloris atXtaScSk iRule leakage iRule iRule HTTP SSL TCP HTTP SSL TCP iRule iRule iRule SSL renegotiation SYN flood ICMP flood Data Network Firewall F5 Agility 2014 58
  59. 59. Who are you? AAA
  60. 60. Who’s Requesting Access? Employees Partner Customer Administrator Manage access based on identity IT challenged to: • Control access based on user-type and role • Unify access to all applications (mobile, VDI, Web, client-server, SaaS) • Provide fast authentication and SSO • Audit and report access and application metrics F5 Agility 2014 60
  61. 61. Security at the Critical Point in the Network Physical Virtual Cloud Storage Total Application Delivery Networking Services Clients Remote access SSL VPN APP firewall F5 Agility 2014 61
  62. 62. BIG-IP APM Use Cases Internet Secure Web Gateway Accelerated Remote Access Internet Apps Enterprise Data & Apps Federation Cloud, SaaS, and Partner Apps App Access Management BIG-IP APM OAM VDI Exchange Sharepoint F5 Agility 2014 62
  63. 63. Which Threat mitigation to use? Content Delivery Network Carrier Service Provider Cloud-based DDoS Service Cloud/Hosted Service Network firewall with SSL inspection Web Application Firewall On-premise DDoS solution Intrusion Detection/Prevention On-Premise Defense F5 Agility 2014 63
  64. 64. All of the above
  65. 65. Full Proxy Security Client / Server Web application Application Session Network Physical Application health monitoring and performance anomaly detection HTTP proxy, HTTP DDoS and application security SSL inspection and SSL DDoS mitigation L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation Client / Server Web application Application Session Network Physical F5 Agility 2014 65
  66. 66. F5 Provides Complete Visibility and Control Across Applications and Users DNS Web Access Intelligent Services Platform Users Securing access to applications from anywhere Resources Protecting your applications regardless of where they live Dynamic Threat Defense DDoS Protection Protocol Security Network Firewall TMOS F5 Agility 2014 66
  67. 67. PROTECTING THE DATA CENTER Use case Load Balancer Firewall/VPN • Consolidation of firewall, app security, traffic management Network DDoS DNS Security Balancer & SSL • Protection for data centers and application servers Application DDoS Web Application Firewall Load • High scale for the most common inbound protocols Before f5 with f5 Web Access Management F5 Agility 2014 67
  68. 68. F5 Bringing deep application fluency to Perimeter security One platform SSL inspection Traffic management DNS security Access control Application security Network firewall EAL2+ EAL4+ (in process) DDoS mitigation F5 Agility 2014 68
  69. 69. How do I implement perimeter Security with F5?
  70. 70. Reference Architectures DDoS Protection S/Gi Network Simplification Security for Service Providers Application Services LTE Roaming Migration to Cloud DevOps Secure Mobility DNS Cloud Federation Cloud Bursting F5 Agility 2014 70
  71. 71. Increasing difficulty of attack detection DDoS MITIGATION Presentation Application (7) Physical (1) Data Link (2) Network (3) Transport (4) Session (5) (6) Network attacks Session attacks Application attacks OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks BIG-IP ASM Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation BIG-IP LTM and GTM High-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation BIG-IP AFM SynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding. Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions. OSI stack F5 mitigation technologies OSI stack F5 mitigation technologies F5 Agility 2014 71
  72. 72. ® Solve the Endpoint Security Challenge with Isolation, not Detection Chris Cram Security Solutions Architect © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 73
  73. 73. 74 Agenda The Security Landscape Bromium Overview Use Cases and Benefits Summary and Next Steps © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  74. 74. Up 294% $30B No! Security Spending — ’05–’14 Are breaches going down? Up 390% Malware/Breaches — ’05–’14 Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014 3 The IT Security Paradox © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  75. 75. “Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye SVP, Symantec 71% of all breaches are from the endpoint! The Endpoint Problem § Polymorphic § Targeted § … Pattern Matching § Only known § Many ??? § Costly remediation Advanced Threats Ineffective Detection 5 The Problem © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  76. 76. § Polymorphic § Targeted § Zero Day Pattern-Matching § Only known § Many false positives § Costly remediation 71% of all breaches start on the endpoint! Advanced Threats Ineffective Detection The Endpoint Problem Source: Verizon Data Breach Report 4 The Problem © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  77. 77. Advanced Attacks Evade Legacy Defenses Threats 78 Network Detection Based Firewall IPS Web & Email Gateways Endpoint Detection Based PC Firewall PC Anti-virus © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  78. 78. 79 $25B $20B $15B $10B $5B $0 Citigroup Washington Post Restaurant Depot Scribd Ubuntu Bethesda Game Studios Michael’s Stores Virginia LexisNexis Prescription Monitoring Sega Program Network Solutions Betfair University of California Berkeley Heartland TD Ameritrade Hannaford Brothers Supermarket Monster. com Chain TK/ TJ Maxx University of Wisconsin – Milwaukee Seacoast Radiology, PA Three Iranian banks KT Corp. Ohio Medicaid State University Yahoo Puerto Rico Department of Health Sony Online Entertainment Southern California Medical-Legal Consultants Blizzard RBS Worldpay Auction. com.kr Virginia Dept. of Health Data KDDI Gawker .com Drupal Sony Pictures US Federal Reserve Bank of Clevelan d Yahoo Japan Central Hudson Gas & Electric South Africa Police Nintendo Washington State court system Sony PSN San Francisco Public Utilities Commission Ankle & Foot Center of Tampa Bay, Cardsystems Solutions Inc. Evernote Writerspace .com RockYou! Living Social Processors International CheckFree Corporation Global Payments AT&T Ubisoft Inc. Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71% Application Whitelisting Host Intrusion Prevention Endpoint Sandboxing Host Web Filtering Cloud-based AV detection Network Sandboxing Target AOL AOL NASDAQ Twitter Sutherland Healthcare Neiman Marcus Ebay Aaron Brothers Mac Rumou rs .Com Neiman Marcus Home Depot America 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 n Express PF Changs Paytime Adobe Snapch at 2013 614 reported breaches 91,982,172 records Recent Security Timeline © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  79. 79. 80 $25B $20B $15B $10B $5B $0 Application Whitelisting Host Intrusion Prevention Endpoint Sandboxing Host Web Filtering Cloud-based AV detection Network Sandboxing Breaches Starting from the Endpoint 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71% 2013 614 reported breaches 91,982,172 records Recent Security Timeline © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  80. 80. Bromium—Pioneer and Innovator Redefining security with isolation technology Transforming the legacy security model Global, top investors, leaders of Xen Top tier customers across every vertical 8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  81. 81. 82 Core Technology Hardware isolates each untrusted Windows task Lightweight, fast, hidden, with an unchanged native UX Microvisor Based on Xen with a small, secure code base Industry-standard desktop, laptop hardware Hardware Virtualization Hardware Security Features © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  82. 82. Isolate all end user tasks – browsing, opening emails, files… Utilize micro-virtualization and the CPU to hardware isolate Across major threat vectors— Web, email, USB, shares… Seamless user experience on standard PCs 83 How Bromium Solves The Problem © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  83. 83. Bromium vSentry OS Anti-virus, sandbox and other security tools OS Kernel § Today’s signature and behavioral techniques miss many attacks § They almost always leave endpoints corrupted, requiring re-imaging Hardware-isolated Micro VMs § All user tasks and malware are isolated in a super-efficient micro-VM § All micro-VMs destroyed, elimi-nating all traces of malware with them Hardware Applications tab tab OS Hardware Traditional Endpoint Security O S O S O S O S 10 Different from Traditional Security © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  84. 84. LAVA Understanding the Kill Chain WHO Is the Target WHERE Is the Attacker WHAT Is the Goal WHAT WHAT Is the Intent Is the Technique 24 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  85. 85. Java Legacy App Support Off Net Patching Laptop Users High Value Targets Threat Intelligence Secure Browsing 12 Use Cases © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  86. 86. 87 Why Customers Deploy Bromium Defeat Attacks § Eliminate compromises on the endpoint § Deliver protection in the office or on the road Streamline IT § Reduce operational costs § Dramatically increase IT productivity Empower End Users § Remove the burden of security from users § Enable users to click on anything… anywhere © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  87. 87. Summary The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era Current ‘detection’ defenses are ineffective; endpoint is the weakest link Bromium is redefining endpoint security with micro-virtualization Enormous benefits in defeating attacks, streamlining IT and empowering users 88 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  88. 88. Beyond Compliance Rob Stonehouse – Chief Security Architect © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 89
  89. 89. The Rush To Compliance “We have to be compliant!” © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 90
  90. 90. What Do We Know? • The Internet wants all your information • Law is not a deterrent • Little risk for huge gains • Patience = Success • Users will still click on anything …It is going to get worse © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 91
  91. 91. 20+ Years of Monitoring What have we seen? - Sophisticated malware - Teams of attackers - Persistence & Purpose © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 92
  92. 92. The Problem Technology • New strategies • Hard to realize the value InfoSec is Expensive • Resource issues © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 93
  93. 93. What is The Answer? Visibility © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 94
  94. 94. Get The Help You Need You Can No Longer Do This Alone © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 95
  95. 95. Managed Security Services Jamie Hari – Product Manager, Infrastructure & Security © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 96
  96. 96. Scalar discovered what they overlooked. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 97
  97. 97. Changing Tactics © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 98
  98. 98. The way you look at security needs to change. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 99
  99. 99. SIEM © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 100
  100. 100. Improved Intelligence Scalar has the tools and experience to manage security The SIEM is the heart and brain of the SOC. It moves data around in a quickly complex and technical analyses landscape. it with continually updated intelligence. Users Servers End Points Firewalls IPS VS AV/AM/AS SIEM SOC Tools Scalar SOC © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 101
  101. 101. What is SIEM? A solution which gathers, analyzes, and presents security information. • Log Management • Security Event Correlation and Analysis • Security Alerting & Reporting © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 102
  102. 102. Reporting Quickly Identify Patterns of Activity, Traffic, and Attacks © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 103
  103. 103. Managed SIEM & Incident Response Real-time security event monitoring and intelligent incident response • 24 x 7 Security Alert & System Availability Monitoring • Security Incident Analysis & Response • Infrastructure Incident, Change, Patch, and Configuration Management © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 104
  104. 104. What should I look for in a provider? • Breadth and Depth of Technical Capability • Flexibility in Deployment, Reporting, and Engagement Options • Experience with Customers in Diverse Industries • A Partner Model © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 105
  105. 105. Getting Started © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 106
  106. 106. Proof of Value 4 Week Trial • Dashboard for Real-time Data • Weekly Security Report • Detailed Final Summary Report • Seamless Continuation into Full Service © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 107
  107. 107. You decide how we fit © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 108
  108. 108. Recap • Reduce complexity – simplify • Apply security at the infrastructure, applications and endpoint • Augment technology with people and process • Spend on security vs. compliance • Gain visibility through effective security operations © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 109
  109. 109. What’s Next? Looking for more information on security? Rob Stonehouse, Scalar’s Chief Security Architect, discusses security beyond our compliance on the Scalar blog here. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 110
  110. 110. Connect with Us! @scalardecisions facebook.com/scalardecisions linkedin.com/company/scalar-decisions slideshare.net/scalardecisions © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
  111. 111. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 112

×