Embed Size (px)
Citation preview
George Younan | Enterprise Solutions Architect
McAfee Threat Intelligence Exchange
.
McAfee Confidential3
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
World’s Biggest Data BreachesThe Resulting Impact
3Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
AOL24,000,000
Cardsystems Solutions Inc
40,000,000.
TK/TJ Maxx94,000,000
Action.co.kr18,000,000
Heartland130,000,000 KT
Corp
Target110,000,000
Scribd
Ubisoft“unknown”
Yahoo
Yahoo22,000,000
WashingtonStatecourt
system
Ubuntu
Nintendo
LivingSocial
50,000,000
SouthAfricapolice
CentralHudsonGas &
Electric
Drupal
Apple
Adobe152,000,000
SnapChat
NASDAQ
Ebay145,000,000
NeimanMarcus
MacRumors.com
LexisNexisKorea Credit Bureau20,000,000
Sony Online Entertainment
Blizzard14,000,000
RockYou!32,000,000
Medicaid
Sony PSN77,000,000
Evernote50,000,000
US Military76,000,000US Dept
of Defense
Universityof Utah
Hospitals& Clinics
T-MobileDeutscheTelecom17,000,000
Citigroup
Blue CrossBlue Shield
of Tennessee
BNY MellonShareowner
Services
South ShoreHospital,
Massachusetts
Triple-S Salud,
Inc.
JPMorganChase
EmergencyHealthcarePhysicians,
Ltd.
New YorkCity Health& Hospitals
Corp.
LincolnMedical& MentalHealthCenter
EducationalCredit
ManagementCorp
AdvocateMedicalGroup
HealthNet
CaliforniaDept. of Child
Support Services
UK Revenue& Customs25,000,000
NHS8,300,00
NemoursFoundation
MemorialHealthcare
System
HealthNetIBM
MorganStanleySmith
Barney
AOL92,000,000
Dai NipponPrinting
8,637,405
GS Caltex11,100,000
US Dept of Vet Affairs
26,500,000University of Miami
Starbucks
GapInc.
AT&T AvMed,Inc.
USNationalGuard
ColoradoGovernment
Tricare
FloridaCourts
CrescentHealth Inc.,Walgreens
StanfordUniversity
SutterMedical
Foundation
SpartanburgRegional
HealthcareSystem
EisenhowerMedicalCenter
US LawEnforcement
AOL24,000,000
ChileMinistry ofEducation
JeffersonCounty
Norwegian Tax
Authorities
YaleUniversity
State ofTexas
Militarysingles.com
Apple12,367,232
LinkedineHarmony
Last.fm
Formspring
Facebook6,000,000
TerraCom&YourTel
Stratfor
USArmy
Accidentally Published Hacked Inside Job Lost/Stolen Media Poor SecurityLost/Stolen Computer Unknown Virus
.
McAfee Confidential4
The Need for Adaptive Threat PreventionThe current model is broken
Problem• Products act in isolation• Integrations are slow and brittle• Intelligence is not shared• Too much white noise• Responses are not automated• Each product requires its own update• Vendor or 3rd party dependency
Solution: Threat Intelligence Exchange• Products work together• Intelligence is shared• Responses are immediate• Environment responds as a whole• Can immunize the environment immediately• Can take action without vendor involvement
.
McAfee Confidential5
McAfee Threat Intelligence ExchangeBringing adaptive threat prevention to your environment
Ultrafast, bi-directional messaging fabric that connects individual security products so they operate as one entity. Network, Gateway, endpoint and cloud countermeasures are connected through this fabric.
A new plugin to you’re your McAfee Agent. It examines files on execution and makes intelligent decisions to protect your entire environment. These decisions are driven by a behavioral rules engine that understands your environment and leverages your threat intelligence.
Dedicated server acts as a repository for all of your threat intelligence. This includes the latest threat information from: - McAfee Security Connected components such as ATD, MWG, NSP, etc. - McAfee Global Threat Intelligence and 3rd party sources (e.g. VirusTotal)- System level and enterprise level intelligence
.
McAfee Confidential13
Data Exchange Layer
.
McAfee Confidential14
Asset
Threat
Identity
Activity
BPM
Risk
Data
Location
Data Exchange LayerAn innovative, real-time, bi-directional communications fabric providing with product integration simplicity.
Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security.
THE SECURITY CONNECTED FRAMEWORKADAPTIVE SECURITY ARCHITECTURE
.
McAfee Confidential18
Signed with a revoked certificate
McAfeeVSE Threat Intelligence
Module
McAfeeVSE Threat Intelligence
Module
McAfeeePO
McAfeeATD
YES NO
McAfeeGlobal ThreatIntelligence
3rd PartyFeeds
Data Exchange Layer
McAfeeTIE Server
File age hidden
Created by an untrusted process
Threat Intelligence ExchangeWorkflow
.
McAfee Confidential19
McAfeeESM
McAfeeVSE Threat Intelligence
Module
McAfeeVSE Threat Intelligence
Module
McAfeeePO
McAfeeATD
McAfeeWeb Gateway
McAfeeEmail Gateway
McAfeeNGFW
McAfeeNSP
Data Exchange Layer
McAfeeGlobal ThreatIntelligence
3rd PartyFeeds
Gateways block access based on endpoint convictions
Security components
operate as one to immediately share relevant data between
endpoint, gateway, and other security
products
Proactively and efficiently protect your organization
as soon as a threat is revealed
McAfeeTIE Server
Threat Intelligence ExchangeWorkflow
.
McAfee Confidential20
McAfeeESM
McAfeeVSE Threat Intelligence
Module
McAfeeVSE Threat Intelligence
Module
McAfeeePO
McAfeeATD
McAfeeWeb Gateway
McAfeeEmail Gateway
McAfeeNGFW
McAfeeNSP
Data Exchange Layer
NOYES
McAfeeGlobal ThreatIntelligence
3rd PartyFeeds
Endpoints are protected based on gateway convictions
McAfeeTIE Server
Threat Intelligence ExchangeWorkflow
.
McAfee Confidential21
TIE Summary
21
You control what is good and bad in your environment
VirusTotal Integration for quick analysis
Identify patient zero in the case of a malware attack.
No more waiting for extra.dat files for malware that may be targeting your
environment.
You have Full visibility into every file executing in your environment
