Upload
mcafee
View
2.706
Download
0
Embed Size (px)
Citation preview
Evolving Your Internet Defense Strategy
Tim Roddy | Head of Product Management, Web Security
Web Security Challenges Organizations Face Today
2
THREATPROTECTION
Security teams can’t keep up with highly
sophisticated malware and targeted attacks that evade traditional
defenses.
EFFICIENT SECURITY OPERATIONS
Point products are not sharing threat
information between internal and external
sources, resulting in an inefficient and
expensive security practice.
PROTECTIONEVERYWHERE
It is expensive and often not possible to maintain consistent protection wherever an employee resides and on each of their
devices.
Identify all cloud applications including shadow IT, then control both access and functionality
Control regulated data with pre-built dictionaries and encryption for cloud storage
Increase efficacy and improve security operations through integration to sandbox, endpoint, threat intelligence exchange, SIEM, and more.
ePAnti-Malware
Security Integration
Data Protection
Application Visibility &
Control
Content Inspection
SSL Scanning
Web Protection Multi-layered Security
3
Enabling secure web connectivity for every device, user, and location
Stop both known and zero-day malware before it reaches its target
Gain visibility into encrypted traffic and prevent hidden threats
Filter unwanted URLs, categories, and media types
Rule
Engine
Outbound Traffic Inbound Traffic
4
Threat ProtectionReduce remediation costs through in-line detection of zero-day malware
URL Filtering and AV stop known threats, letting the rest hit endpoints and sandbox How Most Organizations Approach Web Threats
5
Filter Known Bad Sandbox (zero-day)
Web Gateways Sandbox
Dynamic Analysis
URL Category
AVURL Rep.
~.05ms
Input Quantity
Depth of Inspection
~.08ms ~8ms
~90s
(~80% detected) (~20% detected)
Speed and detection rates are test calculations. Actual figures will vary in each organization.
The Intel Security Approach – Erase Zero-Days
6
Zero-day threat emulation stops nearly 20% more malware
Filter Known BadSandbox / Reverse-engineering
(zero-day)Real-time Behavioral Emulation
(zero-day)
McAfee Web Protection McAfee ATD
Dynamic and Static Analysis
Gateway Anti-Malware
AV
Input Quantity
Depth of Inspection
~.05ms ~.08ms ~8ms
~5ms
~90s
(~80% detected) (~19.5% detected) (~0.5% detected)
Speed and detection rates are test calculations. Actual figures will vary in each organization.
URL Category
URL Rep.
AV-TEST Validation
7
AV-Test.orgPerformance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.
Malware detection
91%99% 99%
74%
94% 97%
25%
85%
71%
58%
91%
16%
0%
20%
40%
60%
80%
100%
McAfeeBlue CoatCiscoWebsense
• Cloud intelligence• Ability to open content and
inspect• Proactive scanning
• Signature-based protection• Worms, Trojans• PW stealing programs
• PDF exploits• Macros for MS Office• Malicious scripts
95%99%99%
Latest results• Web Gateway increases
Zero-Day protection to 95%• Other vendors invited to
participate - no response
Zero Day Protection Rate PE Malware Detection Non-PE Malware Detection
Intel Security: Integrated Platform
8
McAfeeWeb Protection
NetworkSecurity Platform
Endpoint Security
McAfee Advanced Threat Defense
McAfeeActive Response
McAfee Enterprise Security Manager (SIEM) McAfee ePO
McAfee Threat Intelligence Exchange/Data Exchange Layer
McAfeeActive Response
McAfee EnterpriseSecurity Manager (SIEM)
McAfee ePOMcAfee Threat Intelligence Exchange/Data Exchange Layer
Protect
DetectCorrect
McAfee Advanced Threat Defense
Threat Intelligence Exchange Data Protection McAfee ePO
SIA Partners
McAfee Advanced Threat Defense Integration
9
Elevate detection rates with dynamic and static code analysis
Analyze
Static Code AnalysisDynamic Analysis
Analyze
UnpackingDisassembly of CodeCalculate Latent CodeFamilial Resemblance
Run Time DLLs
Network Operations
File Operations
Process Operations
Delayed Execution
10
Protection EverywhereProtect users on and off-network with one unified solution
Protection For Web Connectivity EverywhereAny device, any location – all visible and secured
Main OfficeAppliance (vm/hw)
Remote OfficeAppliance (vm/hw)
Remote OfficeDirect-to-cloud
Mobile UserDirect-to-cloud
MPLS/VPN backhaul
Direct-to-cloudDirect-to-cloud
Equal protection everywhere• Single set of policies
between on-premises and cloud
• One management console
• One reporting interface• Multiple routing options• Dynamic routing to on-
premises or cloud based on user location
+
+
Client-Based Routing and Authentication
12
Maintain protection off-network with a pervasive connection at the endpoint
On-network
Off-network
MCP
MCP
Client Proxy Features• Browser agnostic,
port-level routing• Intelligent agent
knows when it’s on-network vs off-network
• Transparent authentication
• Lock-down or allow end user bypass
Gain Efficiency Through the Cloud
13
Tangible benefits of moving away from hardware
Lower TCO Global AccessHigher performance• Remove the cost of
hardware appliances
• No more resources used maintaining hw
• Remove entire process of patching and upgrading sw – always on the latest version
• 22+ datacenter locations WW
• Local web content for 20+ countries
• Connect anywhere in the world through pervasive connection to endpoint client
• High availability with elastic capacity increases in 15 minutes
• Immediate failover to closest, fastest point of presence
• Peering with internet exchanges often outperforms direct connection
14
Actively expanding cloud service Global Data Center Infrastructure
• 22+ datacenter locations • Routes to closest DC for low latency• Traffic processed in local region• High availability
15
Driving Efficiency in Security OperationsImprove threat detection and reduce incident response times by sharing threat intelligence in an integrated system
Time to Recover
Months -Weeks
Time to Discover
Years - Months
Current Reality for Web Threat Defense
16
High volume of successful intrusions and extended dwell time
=$$$ Catastrophic Impact $$$
Constant cleanup, manual process to utilize threat intelligence
=Overwhelmed Security Teams
Only 80% of malware defeated with URL Filtering + AV
=Minimal Adversarial Effort
Time to Compromise
Minutes
Time to Recover
Minutes
Time to Discover
HoursHours
Web Threat Defense in an Integrated ArchitectureIncrease prevention and compress incident response times
17
Immediate prevention by all countermeasures
=$ Minimized Impact $
Automated threat intelligence sharing
through TIE=
Optimized Security Teams
99.5% of malware including zero-days prevented
=Significant Adversarial Effort
Time to Compromise
Months
McAfeeESM
McAfeeTIE Endpoint
Module
McAfeeTIE Endpoint
Module
McAfeeATD
McAfeeWeb Protection
McAfeeNSP
Sharing the powerful zero-day detection capabilities of GAM Publishing to Threat Intelligence Exchange (TIE)
Data Exchange Layer
McAfeeGlobal ThreatIntelligence
McAfeeTIE Server Internet
Gateway Anti-Malware engine (GAM) detects zero-day malware in real-time using behavioral emulation
Web Protection publishes the new malware reputation to TIEEndpoints and other sensors are updated by TIE immediately, providing reputation for zero-day malware before a new DAT is published
Result: proactive and efficient protection for the organization as soon as a threat is discovered
?
McAfeeePO
3rd PartyFeeds
McAfeeESM
McAfeeTIE Endpoint
Module
McAfeeTIE Endpoint
Module
McAfeeePO
McAfeeATD
McAfeeWeb Protection
McAfeeNSP
Expanding the intelligence of Web Protection in real-time Consuming Threat Reputations from TIE
Data Exchange Layer
McAfeeGlobal ThreatIntelligence
3rd PartyFeeds
McAfeeTIE Server Internet
?
Third-party intelligence feed or security solution discovers new malware and sends file reputation to SIEM. SIEM shares with TIE.
The new file reputation is shared with Web Protection and the rest of the connected ecosystem, including endpoints
Result: more threats are stopped at both the gateway and endpoint through the expanded intelligence of immediate threat information sharing
McAfee Web Protection
20
THREATPROTECTION
Best-in class malware detection, full
coverage of web traffic including SSL
EFFICIENT SECURITYOPERATIONS
More effective threat detection, lower TCO,
and operational efficiency for web
security and the entire infrastructure
PROTECTIONEVERYWHERE
Feature parity between cloud and on-
premises, deployed to users efficiently
wherever they reside
www.mcafee.com/webprotection