More Related Content Similar to Scalar Security Roadshow - Toronto Presentation (20) More from Scalar Decisions (20) Scalar Security Roadshow - Toronto Presentation2. Purpose of today’s session:
Provide insights on how Scalar and our
partners address today’s complex
security challenges
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
2
3. Gartner report highlights
3
• Security spend as % of IT
budgets increased
• Strong correlation between
Security budget and maturity
• Emphasis on network,
applications and endpoint
• Insufficient investment in people
and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
4. Scalar – brief overview
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 4
5. 10 Years
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
5
6. 901 65 180
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 6
7. 100%
Vancouver Calgary
Montreal
Ottawa
Toronto
London
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 7
8. #1 ICT
Security
#51
Company
#15
Top 250 ICT
Companies
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 8
9. Top tier technical talent.
• Engineers average 15 years of experience
• World-class experts from some of the
leading organizations in the industry
• Dedicated teams: PMO, finance, sales and
operations
• Canadian Authorized Training Centres
• We employ and retain top talent
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 9
10. Top awards.
• Brocade Partner of the Year
~ Innovation
• Cisco Partner of the Year
~ Data Centre & Virtualization
• NetApp Partner of the Year
~ Central Canada
• VMware Global Emerging Products
Partner of the Year
• F5 VAR Partner of the Year
~ North America
• Palo Alto Networks Rookie of the
Year
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 10
11. Putting our expertise into practice.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
11
12. Integrating, securing and managing
systems for the most technologically
advanced games ever.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 12
13. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 13
14. Our Focus
• Protection of Data and
Systems
• High Performance
Computing
• Flexible Solutions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 14
15. Our security partners
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 15
16. Partners here today
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 16
17. Cisco Next Generation
Security Solutions
Cisco ASA with FirePOWER Services
Michael Mercier
Consulting Systems Engineer - Security
October 1, 2014
18. Industry’s First Threat-Focused Next-Generation
Firewall (NGFW)
Proven Cisco® ASA firewalling
+ Industry-leading NGIPS and AMP
Cisco ASA with FirePOWER Services
► Integrating defense layers helps organizations get the best visibility
► Enable dynamic controls to automatically adapt
► Protect against advanced threats across the entire attack continuum
No. 1 Cisco security announcement of the year
Introducing
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
19. What You’ll Learn from This Presentation
► How existing NGFWs focus only on apps and
ignore threats that creates challenges
► How Cisco® FireSIGHT Management Center
provides comprehensive visibility into threats
► How Cisco Adaptive Security Appliances (ASA) with
FirePOWER Services deliver superior protection across the
entire attack continuum
► How Cisco ASA with FirePOWER reduces costs and
complexity
20. The Problem with Traditional Next-Generation Firewalls
Focus on the apps But miss the threat…
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 01000111 0100 111001 1001 11 111 0
01000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0111100 011 1010011101 1
Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
21. Threat Landscape Demands More Than Application Control
It is a Community
that hides in plain sight,
avoids detection, and
attacks swiftly
100%
of companies connect
to domains that host
malicious files or services
54%
of breaches
remain undiscovered
for months
60%
of data is
stolen in
hours
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
22. Defense-in-Depth Security Alone Is Not Enough
Poor Visibility
Undetected
multivector and
advanced threats
Siloed Approach
Increased complexity
and reduced
effectiveness
Manual and Static
Slow, manual,
inefficient
response
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
23. Integrated Threat Defense Across the Attack Continuum
BEFORE
Discover
Enforce
Harden
Attack Continuum
DURING
Detect
Block
Defend
Firewall/VPN NGIPS
Security Intelligence
Web Security
AFTER
Scope
Contain
Remediate
Advanced Malware
Protection
Visibility and Automation
Detailed App Control
Modern Threat Control
Retrospective Security
IoCs/Incident
Response
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
24. Cisco ASA with FirePOWER Services
Industry’s First Adaptive Threat-Focused NGFW
Features
► Cisco® ASA firewalling combined with Cisco Sourcefire® next-generation
IPS (NGIPS)
► Integrated threat defense over the entire attack continuum
► Best-in-class security intelligence, application visibility and control
(AVC), and URL filtering
Benefits
► Superior, multilayered threat protection
► Outstanding network visibility
► Advanced malware protection
► Reduced cost and complexity
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
25. Superior Integrated and Multilayered Protection
► World’s most widely deployed,
enterprise-class Cisco ASA stateful
firewall
► Cisco Application Visibility and
Control (AVC) with detailed control
► Industry-leading Cisco FirePOWER
next-generation IPS (NGIPS)
► Reputation- and category-based
URL filtering
► Cisco Advanced Malware Protection
(AMP)
Cisco® Collective Security Intelligence Enabled
Advanced
Malware
Protection
(Subscription)
WWW
(Subscription) FireSIGHT
Analytics &
Automation
Cisco ASA
URL Filtering
Identity-Policy
Control and VPN
Intrusion
Prevention
(Subscription)
Application
Visibility and
Control
Clustering and
High Availability
Network Firewall
Routing | Switching
Built-in Network
Profiling
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
26. Cisco FirePOWER Delivers Best Threat Effectiveness
Security Value Map for
Intrusion Prevention System (IPS)
Security Value Map for
Breach Detection
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
27. Cisco Sourcefire Solution
Management Center
APPLIANCES | VIRTUAL
NEXT-GENERATION
FIREWALL
NEXT-GENERATION
INTRUSION
PREVENTION
ADVANCED
MALWARE
PROTECTION
CONTEXTUAL AWARENESS
TALOS
COLLECTIVE
SECURITY
INTELLIGENCE
APPLIANCES | VIRTUAL
HOSTS | MOBILE
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
28. Cisco Collective Security Intelligence - TALOS
Built on unmatched collective security intelligence
Sourcefire
VRT®
(Vulnerability
Research Team)
Cisco1001 1101 ® 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
101000 SIO
0110 00 0111000 111010011 101 1100001 110
Cisco Collective
101000 0110 00 0111000 111010011 101 1100001 110
1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Security
Intelligence
1100001110001110 1001 1101 1110011 0110011 101000 0110 00
700,000+ File Samples per
Day
FireAMP™ Community
Advanced Microsoft
and Industry Disclosures
Snort and ClamAV Open
Source Communities
Honeypots
Sourcefire AEGIS™ Program
Private and Public Threat
Feeds
Dynamic Analysis
WWW
Email Endpoints Web Networks IPS Devices
1.6 million
global sensors
100 TB
of data received per day
150 million+
deployed endpoints
600+
engineers, technicians,
and researchers
35%
worldwide email traffic
13 billion
web requests
24x7x365
operations
40+languages
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
29. Exceptional Network Visibility
Categories Cisco® FirePOWER Services Typical IPS Typical NGFW
Threats ü ü ü
Users ü û ü
Web Applications ü û ü
Application Protocols ü û ü
File Transfers ü û ü
Malware ü û û
Command and Control Servers ü û û
Client Applications ü û û
Network Servers ü û û
Operating Systems ü û û
Routers and Switches ü û û
Mobile Devices ü û û
Printers ü û û
VoIP Phones ü û û
Virtual Machines ü û û
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
31. Impact Assessment
Correlates all intrusion events with an
impact of the attack against the target
IMPACT FLAG ADMINISTRATOR
1
2
3
4
0
ACTION WHY
Act Immediately;
Vulnerable
Event corresponds
with vulnerability
mapped to host
Investigate;
Potentially
Vulnerable
Relevant port open
or protocol in use,
but no vulnerability
mapped
Good to Know;
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know;
Unknown Target
Monitored network,
but unknown host
Good to Know;
Unknown Network
Unmonitored
network
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
32. Automated, Integrated Threat Defense
Superior Protection for Entire Attack Continuum
Multivector Correlation
Admin
Request
Mail
PDF
Early Warning for Advanced Threats
Retrospective Security
Admin
Request
PMDaiFl
ReduceTime Between Detection and Cure
Host A
Host B
Host C
5 IoCs
3 IoCs
Context and Threat Correlation
Impact Assessment
WWWWWWWWW
Dynamic Security Control
Adapt Policy to Risks
http://
WWWhWEtt pB://
Priority 1
Priority 2
Priority 3
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
33. Indications of Compromise (IoCs)
IPS Events
Malware
Backdoors CnC Connections
Exploit Kits Admin Privilege
Escalations
Web App Attacks
SI Events
Connections to
Known CnC IPs
Malware
Events
Malware
Detections
Malware
Executions
Office/PDF/Java
Compromises Dropper Infections
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
34. Cisco AMP Provides Continuous Retrospective Security
WWW
Email Endpoints Web
Network
IPS
Devices
Continuous Feed
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Continuous Analysis
Breadth of
Control Points
Telemetry
Stream
File Fingerprint and Metadata
File and Network I/O
Process Information
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
35. Cisco AMP: Continuous Retrospective Security
4) Execution Report Available
in FireSIGHT Management Center
Malware Alert!
1) File Capture
Collective Security
Intelligence Sandbox
3) Send to Sandbox
2) File Storage
Network Traffic
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
36. Visibility and Context – Network File Trajectory
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
37. Visibility and Context – Network File Trajectory
File Sent
File Received
File Executed
File Moved
File Quarantined
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
38. Cisco ASA with FirePOWER Services
► Base Hardware
- New Cisco® ASA 5585-X Bundle SKUs with FirePOWER Services Module
- New Cisco ASA 5500-X SKUs running FirePOWER Services Software
- Cisco ASA with FirePOWER Services Spare Module/Blade for Cisco ASA 5585-X Series
- Cisco ASA with FirePOWER Services Software
- Hardware includes Cisco Application Visibility and Control (AVC)
► Security Subscription Services
- Cisco IPS, URL, and Advanced Malware Protection (AMP) Subscription Services
- One- and Three-Year Term Options
► Management
- Cisco FireSIGHT Management Center (Hardware Appliance or Virtual)
- Cisco Security Manager or ASDM
► Support
- Cisco SMARTnet™ Service
- Cisco Software Application Support plus Upgrades (SASU)
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
39. Cisco ASA with FirePOWER Services
A New, Adaptive, Threat-Focused NGFW
Superior Visibility
Integrated
Threat Defense
Best-in-class, multilayered
protection in a
single device
Full contextual
awareness to
eliminate gaps
Automation
Simplified operations
and dynamic response
and remediation
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
40. CSIS: Top 20 Critical Security Controls
§ Of the 20, Cisco provides effective solutions for:
§ 15 controls directly, 4 assist
§ 1 no solution – data recovery
§ CSIS: 20 Critical Security Controls v4.1
§ http://www.sans.org/critical-security-controls/
§ Automation leads to lower cost and improved effectiveness
§ 94% reduction in “measured” security risk
§ Inventory, Boundary Defenses and Malware Defenses
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
41. Reduced Cost and Complexity
§ Multilayered protection in a
single device
§ Highly scalable for branch,
internet edge, and data centers
§ Automates security tasks
§ Impact assessment
§ Policy tuning
§ User identification
§ Integrate transparently with
third-party security solutions
through eStreamer API
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
43. Conclusion
§ Questions?
§ Demo additional features:
§ Policies – IPS, File, Access Control
§ Intrusion Events
§ ?
C97-732214-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
44. The Perimeter is Dead,
Long Live the Perimeter
Peter Scheffler
Field Systems Engineer
46. pe·rim·e·ter
1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s),
periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ
48. Defense in depth
The principle of defense-in-depth is that layered security
mechanisms increase security of the system as a whole. If an
attack causes one security mechanism to fail, other mechanisms
may still provide the necessary security to protect the system……
Implementing a defense-in-depth strategy can add to the
complexity of an application, which runs counter to the “simplicity”
principle often practiced in security. That is, one could argue that
adding new protection functionality adds additional complexity that
might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth
50. Protecting against Threats is challenging
Webification of apps Device proliferation
71% of internet experts predict
most people will do work via web
or mobile by 2020.
95% of workers use at least
one personal device for work.
130 million enterprises will
use mobile apps by 2014
Evolving security threats Shifting perimeter
58% of all e-theft tied
to activist groups.
81% of breaches
involved hacking
80% of new apps will
target the cloud.
72% IT leaders have or will
move applications to the cloud.
F5 Agility 2014 50
54. BIG-IP Application Security Manager
BIG-IP ® ASM™ protects the applications your business relies on most and scales
to meet changing demands.
Multiple deployment
options
Visibility and
analysis
Comprehensive
protections
• Standalone or ADC add-on
• Appliance or Virtual edition
• Manual or automatic policy
building
• 3rd party DAST integration
• Visibility and analysis
• High speed customizable syslog
• Granular attack details
• Expert attack tracking
and profiling
• Policy & compliance reporting
• Integrates with SIEM software
• Full HTTP/S request logging
• Granular rules on every HTTP
element
• Client side parameter
manipulation protection
• Response checks for error &
data leakage
• AV integrations
F5 Agility 2014 54
55. Comprehensive Protections
BIG-IP ASM extends protection to more than application vulnerabilities
L7 DDOS
Web Scraping
Web bot
identification
XML filtering,
validation &
mitigation
XML Firewall
Geolocation
blocking
ICAP anti-virus
Integration
ASM
F5 Agility 2014 55
56. Unique full-proxy architecture
WAF WAF
Slowloris atXtaScSk iRule
leakage
iRule
iRule
HTTP
SSL
TCP
HTTP
SSL
TCP
iRule
iRule
iRule
SSL renegotiation
SYN flood
ICMP flood
Data
Network
Firewall
F5 Agility 2014 56
58. Who’s Requesting Access?
Employees Partner Customer Administrator
Manage access based on identity
IT challenged to:
• Control access based on user-type and role
• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)
• Provide fast authentication and SSO
• Audit and report access and application metrics
F5 Agility 2014 58
59. Security at the Critical Point in the Network
Physical
Virtual
Cloud
Storage
Total Application Delivery Networking
Services
Clients Remote
access
SSL
VPN
APP
firewall
F5 Agility 2014 59
60. BIG-IP APM Use Cases
Internet Secure Web Gateway
Accelerated Remote
Access
Internet Apps
Enterprise Data
& Apps
Federation
Cloud, SaaS,
and Partner
Apps
App Access Management
BIG-IP APM
OAM
VDI
Exchange
Sharepoint
F5 Agility 2014 60
61. Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
F5 Agility 2014 61
63. Full Proxy Security
Client / Server
Web application
Application
Session
Network
Physical
Application health monitoring and performance anomaly detection
HTTP proxy, HTTP DDoS and application security
SSL inspection and SSL DDoS mitigation
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
Client / Server
Web application
Application
Session
Network
Physical
F5 Agility 2014 63
64. F5 Provides Complete Visibility and Control
Across Applications and Users
DNS Web Access
Intelligent
Services
Platform
Users
Securing access to applications
from anywhere
Resources
Protecting your applications
regardless of where they live
Dynamic Threat Defense
DDoS Protection
Protocol Security
Network Firewall
TMOS
F5 Agility 2014 64
65. PROTECTING THE DATA CENTER
Use case
Load
Balancer
Firewall/VPN
• Consolidation of
firewall, app security,
traffic management
Network DDoS
DNS Security
Balancer & SSL
• Protection for data
centers and
application servers
Application DDoS
Web Application Firewall
Load
• High scale for the
most common
inbound protocols
Before f5
with f5
Web Access
Management
F5 Agility 2014 65
66. F5 Bringing deep application fluency to Perimeter security
One platform
SSL
inspection
Traffic
management
DNS
security
Access
control
Application
security
Network
firewall
EAL2+
EAL4+ (in process)
DDoS
mitigation
F5 Agility 2014 66
67. How do I implement
perimeter Security with
F5?
68. Reference Architectures
DDoS
Protection
S/Gi Network
Simplification
Security for
Service
Providers
Application
Services
LTE
Roaming
Migration
to Cloud
DevOps
Secure
Mobility
DNS
Cloud
Federation
Cloud
Bursting
F5 Agility 2014 68
70. ®
Solve the Endpoint Security Challenge with Isolation, not Detection
Chris Cram
Security Solutions Architect
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 70
71. 71
Agenda
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
72. Up 294%
$30B No!
Security Spending — ’05–’14
Are
breaches
going
down?
Up 390%
Malware/Breaches — ’05–’14
Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
73. “Anti-virus is
dead. It catches
only 45% of
cyber-attacks.” Brian Dye
SVP,
Symantec
71% of all breaches
are from the
endpoint!
The Endpoint Problem
§ Polymorphic
§ Targeted
§ …
Pattern Matching
§ Only known
§ Many ???
§ Costly remediation
Advanced Threats Ineffective Detection
5
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
74. § Polymorphic
§ Targeted
§ Zero Day
Pattern-Matching
§ Only known
§ Many false positives
§ Costly remediation
71% of all breaches
start on the
endpoint!
Advanced Threats Ineffective Detection The Endpoint Problem
Source: Verizon Data Breach Report
4
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
75. Advanced Attacks Evade Legacy Defenses
Threats
75
Network Detection Based
Firewall IPS Web & Email
Gateways
Endpoint Detection Based
PC
Firewall
PC
Anti-virus
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
76. 76
$25B
$20B
$15B
$10B
$5B
$0
Citigroup
Washington
Post
Restaurant
Depot
Scribd Ubuntu
Bethesda
Game
Studios
Michael’s
Stores
Virginia LexisNexis
Prescription
Monitoring
Sega
Program
Network
Solutions Betfair
University
of California
Berkeley
Heartland
TD
Ameritrade
Hannaford
Brothers
Supermarket
Monster.
com
Chain
TK/ TJ Maxx
University of
Wisconsin –
Milwaukee
Seacoast
Radiology,
PA
Three
Iranian
banks
KT Corp.
Ohio Medicaid
State
University
Yahoo
Puerto Rico
Department
of Health
Sony Online
Entertainment Southern
California
Medical-Legal
Consultants
Blizzard
RBS
Worldpay
Auction.
com.kr
Virginia
Dept. of
Health
Data
KDDI
Gawker
.com
Drupal
Sony
Pictures
US
Federal
Reserve
Bank of
Clevelan
d
Yahoo
Japan
Central
Hudson
Gas &
Electric
South
Africa
Police
Nintendo
Washington
State court
system
Sony
PSN
San
Francisco
Public
Utilities
Commission
Ankle &
Foot
Center of
Tampa Bay,
Cardsystems
Solutions Inc. Evernote
Writerspace
.com
RockYou!
Living Social
Processors
International
CheckFree
Corporation
Global
Payments
AT&T
Ubisoft
Inc.
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Target
AOL
AOL
NASDAQ
Twitter
Sutherland
Healthcare
Neiman
Marcus
Ebay
Aaron
Brothers
Mac
Rumou
rs
.Com
Neiman
Marcus
Home
Depot
America
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
n
Express
PF
Changs
Paytime
Adobe
Snapch
at
2013
614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
77. 77
$25B
$20B
$15B
$10B
$5B
$0
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Breaches
Starting from
the Endpoint
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
2013
614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
78. Bromium—Pioneer and Innovator
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
79. 79
Core Technology
Hardware isolates
each untrusted
Windows task
Lightweight, fast,
hidden, with an
unchanged native UX
Microvisor
Based on Xen with
a small, secure
code base
Industry-standard
desktop, laptop
hardware
Hardware
Virtualization
Hardware Security
Features
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
80. Isolate all end user tasks –
browsing, opening emails,
files…
Utilize micro-virtualization and
the CPU to hardware isolate
Across major threat vectors—
Web, email, USB, shares…
Seamless user experience
on standard PCs
80
How Bromium Solves The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
81. Bromium vSentry
OS
Anti-virus,
sandbox and
other security
tools
OS Kernel
§ Today’s signature
and behavioral
techniques miss
many attacks
§ They almost always
leave endpoints
corrupted, requiring
re-imaging
Hardware-isolated
Micro VMs
§ All user tasks and
malware are isolated
in a super-efficient
micro-VM
§ All micro-VMs
destroyed, elimi-nating
all traces of
malware with them
Hardware
Applications
tab
tab
OS Hardware
Traditional Endpoint Security
O
S
O
S
O
S
O
S
10
Different from Traditional Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
82. LAVA Understanding the Kill Chain
WHO
Is the Target
WHERE
Is the Attacker WHAT
Is the Goal
WHAT
WHAT
Is the Intent
Is the Technique
24 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
83. Java Legacy
App Support
Off Net Patching
Laptop Users
High Value
Targets
Threat
Intelligence
Secure
Browsing
12
Use Cases
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
84. 84
Why Customers Deploy Bromium
Defeat Attacks
§ Eliminate compromises on the endpoint
§ Deliver protection in the office or on the road
Streamline IT
§ Reduce operational costs
§ Dramatically increase IT productivity
Empower End Users
§ Remove the burden of security from users
§ Enable users to click on anything…
anywhere
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
85. Summary
The attack landscape has fundamentally changed;
perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective;
endpoint is the weakest link
Bromium is redefining endpoint
security with micro-virtualization
Enormous benefits in defeating attacks,
streamlining IT and empowering users
85 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
86. Beyond Compliance
Rob Stonehouse – Chief Security Architect
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 86
87. The Rush To Compliance
“We have to be compliant!”
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 87
88. What Do We Know?
• The Internet wants all your
information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on
anything
…It is going to get worse
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 88
89. 20+ Years of Monitoring
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 89
90. The Problem
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 90
91. What is The Answer?
Visibility
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 91
92. Get The Help You Need
You Can No Longer Do This Alone
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 92
93. Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 93
94. Scalar discovered what they overlooked.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 94
95. Changing Tactics
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 95
96. The way you look at security needs to change.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 96
97. SIEM
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
97
98. Improved Intelligence
Scalar has the tools and experience to manage security
The SIEM is the heart and brain of the SOC. It moves
data around in a quickly complex and technical analyses landscape.
it with continually
updated intelligence.
Users
Servers End Points
Firewalls IPS VS AV/AM/AS
SIEM SOC Tools
Scalar SOC
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 98
99. What is SIEM?
A solution which gathers, analyzes, and presents
security information.
• Log Management
• Security Event Correlation and Analysis
• Security Alerting & Reporting
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 99
100. Reporting
Quickly Identify Patterns of Activity, Traffic, and Attacks
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 100
101. Managed SIEM & Incident Response
Real-time security event monitoring and intelligent
incident response
• 24 x 7 Security Alert & System Availability Monitoring
• Security Incident Analysis & Response
• Infrastructure Incident, Change, Patch, and Configuration
Management
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 101
102. What should I look for in a provider?
• Breadth and Depth of Technical Capability
• Flexibility in Deployment, Reporting, and Engagement Options
• Experience with Customers in Diverse Industries
• A Partner Model
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 102
103. Getting Started
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
103
104. Proof of Value
4 Week Trial
• Dashboard for Real-time Data
• Weekly Security Report
• Detailed Final Summary Report
• Seamless Continuation into Full Service
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 104
105. You decide how we fit
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 105
106. Recap
• Reduce complexity – simplify
• Apply security at the infrastructure, applications and endpoint
• Augment technology with people and process
• Spend on security vs. compliance
• Gain visibility through effective security operations
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 106
107. What’s Next?
Looking for more information on security?
Rob Stonehouse, Scalar’s Chief Security Architect, discusses
security beyond our compliance on the Scalar blog here.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 107
108. Connect with Us!
@scalardecisions
facebook.com/scalardecisions
linkedin.com/company/scalar-decisions
slideshare.net/scalardecisions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
109. © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 109