Scalar Security Roadshow - Ottawa Presentation

Scalar Security Roadshow

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

Purpose of today’s session:

Provide insights on how Scalar and our partners address today’s complex

security challenges

2

Gartner report highlights

3

•  Security spend as % of IT budgets increased

•  Strong correlation between Security budget and maturity

•  Emphasis on network, applications and endpoint

•  Insufficient investment in people and process

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014

Scalar – brief overview

4 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014


10 Years

5


165 90 180


100% Vancouver Calgary

Toronto

Ottawa London

Montreal


#51 #1 #15

ICT Security Company

Top 250 ICT Companies

Top tier technical talent.


•  Engineers average 15 years of experience

•  World-class experts from some of the leading organizations in the industry

•  Dedicated teams: PMO, finance, sales and operations

•  Canadian Authorized Training Centres

•  We employ and retain top talent

Top awards.


•  Brocade Partner of the Year ~ Innovation

•  Cisco Partner of the Year ~ Data Centre & Virtualization

•  NetApp Partner of the Year ~ Central Canada

•  VMware Global Emerging Products Partner of the Year

•  F5 VAR Partner of the Year ~ North America

•  Palo Alto Networks Rookie of the Year


Putting our expertise into practice.

11


Integrating, securing and managing systems for the most technologically advanced games ever.

Our Focus

•  Protection of Data and Systems

•  High Performance Computing

•  Flexible Solutions


Our security partners


Partners here today


© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

SECURITY

Cisco-Sourcefire FirePOWER

Sylvain Levesque Security Consulting Systems Engineer [email protected] SECURITY


Agenda:

•  New Security Model and Global Intelligence •  The POWER in FirePOWER •  FirePOWER Appliance •  ASA with FirePOWER Services

SECURITY


The New Security Model

BEFORE Discover Enforce Harden

AFTER Scope

Contain Remediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect Block

Defend

DURING

Point in Time Continuous


Visibility Control

0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000

CiscoSecurity Intelligence Operation (SIO)

Cisco® SIO

WWW Email Web Devices

IPS Endpoints Networks

More Than 150 Million DEPLOYED ENDPOINTS

100 TB DATA RECEIVED PER DAY

1.6 Million GLOBAL SENSORS

40% WORLDWIDE EMAIL TRAFFIC

13 Billion WEB REQUESTS

Cloud AnyConnect® IPS

ESA WSA ASA WWW

3 to 5 MINUTE UPDATES

More Than 200 PARAMETERS TRACKED

More Than 5500 IPS SIGNATURES PRODUCED

More Than 8 Million RULES PER DAY

More Than 70 PUBLICATIONS PRODUCED

Information Actions

More Than 40 LANGUAGES

More Than 80 PH.D, CCIE, CISSP, MSCE

More Than $100 Million

SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT

24 Hours Daily OPERATIONS

More Than 800 ENGINEERS, TECHNICIANS,

AND RESEARCHERS


Collective Security Intelligence

IPS Rules

Malware Protection

Reputation Feeds

Vulnerability Database Updates

Sourcefire AEGIS™ Program

Private and Public

Threat Feeds Sandnets FireAMP™

Community Honeypots

Advanced Microsoft

and Industry Disclosures

SPARK Program Snort and ClamAV

Open Source Communities

File Samples (>380,000 per Day)

Sourcefire VRT®

(Vulnerability Research Team)

Sandboxing Machine Learning

Big Data Infrastructure

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

The POWER in FirePOWER

SECURITY


About Sourcefire

•  Founded in 2001 by Snort Creator, Martin Roesch, CTO

•  Headquarters: Columbia, MD

•  Focus on enterprise and government customers

•  Global Security Alliance ecosystem

•  NASDAQ: FIRE

Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise.

Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)


FireSIGHT™ Management Center: Full Stack Visibility

CATEGORIES

EXAMPLES

FirePOWER Services TYPICAL IPS

TYPICAL NGFW

Threats Attacks, Anomalies ✔ ✔ ✔

Users AD, LDAP, POP3 ✔ ✗ ✔

Web Applications Facebook Chat, Ebay ✔ ✗ ✔

Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔

File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔

Malware Conficker, Flame ✔ ✗ ✗

Command & Control Servers C&C Security Intelligence ✔ ✗ ✗

Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗

Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗

Operating Systems Windows, Linux ✔ ✗ ✗

Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗

Mobile Devices iPhone, Android, Jail ✔ ✗ ✗

Printers HP, Xerox, Canon ✔ ✗ ✗

VoIP Phones Cisco phones ✔ ✗ ✗

Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗

Contextual Awareness Information Superiority


Cisco FireSIGHT Simplifies Operations •  Impact Assessment and Recommended Rules Automate

Routine Tasks


Correlates all intrusion events to an impact of the attack against the target

Impact Assessment IMPACT FLAG

ADMINISTRATOR ACTION

WHY

Act Immediately, Vulnerable

Event corresponds to vulnerability mapped to host

Investigate, Potentially Vulnerable

Relevant port open or protocol in use, but no vuln mapped

Good to Know, Currently Not Vulnerable

Relevant port not open or protocol not in use

Good to Know, Unknown Target

Monitored network, but unknown host

Good to Know, Unknown Network

Unmonitored network


Visibility and Context


Visibility and Context

File Sent

File Received

File Executed

File Moved

File Quarantined


Indications of Compromise (IoCs)

IPS Events

Malware Backdoors

CnC Connections

Exploit Kits Admin

Privilege Escalations

Web App Attacks

SI Events

Connections to Known CnC

IPs

Malware Events

Malware Detections

Malware Executions

Office/PDF/Java

Compromises Dropper

Infections


FirePOWER Services: Application Control

•  Control access for applications, users and devices

•  “Employees may view Facebook, but only Marketing may post to it”

•  “No one may use peer-to-peer file sharing apps”

Over 3,000 apps, devices, and more!


…Yet Another Open Source Success Story

•  OpenAppID •  Open source application detection and control

Application-focused detection language tied to Snort engine Enhances coverage and efficacy and accelerates development of application detectors Empowers the community to share detectors for greater protection Already over 1300 OpenAppID Detectors

Ties into a Snort Pre-processor for maximum performance and integration


FirePOWER Services: URL Filtering

•  Block non-business-related sites by category

•  Based on user and user group


1) File Capture

FirePOWER Services: Advanced Malware

Malware Alert!

2) File Storage

4) Execution Report Available In Defense Center

Network Traffic

Collective Security Intelligence Sandbox

3) Send to Sandbox


Reduced Cost and Complexity

•  Multilayered protection in a single device

•  Highly scalable for branch, internet edge, and data centers

•  Automates security tasks o Impact assessment

o Policy tuning

o User identification

•  Integrate transparently with third-party security solutions through eStreamer API


FirePOWER Appliances

SECURITY


Setting the New Standard for Advanced Threat Protection

•  Industry-‐best Intrusion Preven1on

•  Real-‐1me Contextual Awareness

•  Full Stack Visibility

•  Intelligent Security Automa1on with FireSIGHT™

•  Unparalleled Performance and Scalability

•  Easily add Applica1on Control, URL Filtering and Advanced Malware Protec1on with op1onal subscrip1on licenses

Sourcefire FirePOWER™


IPS

Per

form

ance

and

Sca

labi

lity

Data Center Campus Branch Office SOHO Internet Edge

FirePOWER 7100 Series 500 Mbps – 1 Gbps

FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps

FirePOWER 8100/8200 2 Gbps - 10 Gbps

FirePOWER 8200 Series 10 Gbps – 40 Gbps

Platforms and Places in the Network

FirePOWER 7000 Series 50 Mbps – 250 Mbps

FirePOWER 8300 Series 15 Gbps – 60 Gbps

FirePOWER Feature Summary NGIPS

•  IPS Detection and Prevention •  Security Updates •  Reports, Alerts, and Dashboards •  Centralized Policy Management •  Custom IPS Rule Creation •  Automated Impact Assessment •  Automated Tuning •  FireSIGHT Network & User

Intelligence •  IT Policy Compliance Whitelists •  File Type Determination •  Network Behavior Analysis

You can ADD additional license •  Application Control •  User and User Group Control •  Stateful Firewall Inspection

Switching and Routing •  Network Address Translation •  URL Filtering •  File Blocking •  Advanced Malware Protection

Virtual Appliances for VMWare and XEN


ASA with FirePOWER Services

SECURITY


FirePOWER Services for ASA: Components

ASA 5585-X

FirePOWER Services Blade

•  Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X

•  SSD Drive Required •  FirePOWER Services Software Module •  Licenses and Subscriptions

•  Models: ASA 5585-X-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60

•  New FirePOWER Services Hardware Module Required

•  Licenses and Subscriptions


Superior Multilayered Protection •  World’s most widely deployed, enterprise-class ASA stateful firewall •  Granular Application Visibility and Control (AVC) •  Industry-leading FirePOWER Next-Generation IPS (NGIPS) •  Reputation- and category-based URL filtering •  Advanced malware protection

CISCO ASA

Identity-Policy Control & VPN

URL Filtering (subscription)

FireSIGHT Analytics & Automation

Advanced Malware

Protection (subscription)

Application Visibility &Control

Network Firewall Routing | Switching

Clustering & High Availability

WWW

Cisco Collective Security Intelligence Enabled

Built-in Network Profiling

Intrusion Prevention

(subscription)


ASA and FirePOWER Features •  IPS Detection and Prevention •  Security Updates •  Reports, Alerts, and Dashboards •  Centralized Policy Management •  Custom IPS Rule Creation •  Automated Impact Assessment •  Automated Tuning •  FireSIGHT Network & User Intelligence •  IT Policy Compliance Whitelists •  File Type Determination •  Network Behavior Analysis •  Application Control •  User and User Group Control •  Stateful Firewall Inspection Switching and

Routing •  Network Address Translation •  URL Filtering •  File Blocking •  Advanced Malware Protection •  Identity-Based Firewall for enhanced user ID

awareness.

•  Highly Secure remote access (IPSEC and SSL) •  Proactive, near-real-time protection against Internet threats • Integrates with other essential network security tech • Supports Cisco TrustSec security group tags (SGTs) and • Extensive stateful inspection engine, •  Site-to-site VPN, NAT, IPv6, •  Dynamic Routing (including BGP) •  HA, Clustering •  Protection from botnets •  Delivers high availability for high-resiliency application • Change of Authorization (CoA)

Q & A

The Perimeter is Dead, Long Live the Perimeter

Steve Hillier

Field Systems Engineer

What is The Perimeter?

pe·rim·e·ter 1.the continuous line forming the boundary of a closed geometric figure.

"the perimeter of a rectangle"

synonyms: circumference, outside, outer edge

"the perimeter of a circle"

the outermost parts or boundary of an area or object.

"the perimeter of the garden"

synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More

a defended boundary of a military position or base.

In Networking we call it…DMZ

Defense in Depth?

Defense in depth The principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system……Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it.

https://www.owasp.org/index.php/Defense_in_depth

Evolving Threat Landscape

F5 Agility 2014 50

Perimeter Security Technologies

Firewalls started out as proxies

Stateless filters accelerated firewalls, but

weakened security

Stateful firewalls added security with deep

inspection, but still fall short of proxies

F5 brings full proxy back to firewalls: highest

security matched by a high-scale and high-

performance architecture

A long time ago… and then… present day… and now with F5!

F5 Agility 2014 51

Protecting against Threats is challenging

Webification of apps Device proliferation

Evolving security threats Shifting perimeter

71% of internet experts predict most people will do work via web or mobile by 2020.

95% of workers use at least one personal device for work.

130 million enterprises will use mobile apps by 2014

58% of all e-theft tied to activist groups. 81% of breaches involved hacking

80% of new apps will target the cloud.

72% IT leaders have or will move applications to the cloud.

F5 Agility 2014 52

Evolving Security Threat Landscape

F5 Agility 2014 53

More sophisticated attacks are multi-layer

Application

SSL

DNS

Network

Its all about the Application.

F5 Agility 2014 55

BIG-IP Application Security Manager

Multiple deployment options

Visibility and analysis

Comprehensive protections

•  Standalone or ADC add-on •  Appliance or Virtual edition •  Manual or automatic policy

building •  3rd party DAST integration

•  Visibility and analysis •  High speed customizable syslog •  Granular attack details •  Expert attack tracking

and profiling •  Policy & compliance reporting •  Integrates with SIEM software •  Full HTTP/S request logging

•  Granular rules on every HTTP element

•  Client side parameter manipulation protection

•  Response checks for error & data leakage

•  AV integrations

BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.

F5 Agility 2014 56

L7 DDOS

Web Scraping

Web bot identification

XML filtering, validation & mitigation

ICAP anti-virus Integration

XML Firewall

Geolocation blocking

Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities

ASM

F5 Agility 2014 57

90% of security investment focused here Yet 75% of attacks are focused here

Network Threats Application Threats

Attack Vectors TCP SYN Flood

TCP Conn Flood

DNS Flood

HTTP GET Flood

Attack Vectors HTTP Slow Loris

DNS Cache Poison

SQL Injection

Cross Site Scripting

F5 Agility 2014 58

Unique full-proxy architecture

iRule

iRule

iRule

TCP

SSL

HTTP

TCP

SSL

HTTP

iRule

iRule

iRule

ICMP flood SYN flood

SSL renegotiation

Data leakage Slowloris attack XSS

Network Firewall

WAF WAF

Who are you? AAA

F5 Agility 2014 60

Who’s Requesting Access?

IT challenged to: •  Control access based on user-type and role •  Unify access to all applications (mobile, VDI, Web, client-server, SaaS) •  Provide fast authentication and SSO •  Audit and report access and application metrics

Manage access based on identity

Employees Partner Customer Administrator

F5 Agility 2014 61

Security at the Critical Point in the Network

Virtual

Physical

Cloud

Storage

Total Application Delivery Networking Services

Clients Remote access

SSL VPN

APP firewall

F5 Agility 2014 62

BIG-IP APM Use Cases

Accelerated Remote Access

Enterprise Data & Apps

Federation Cloud, SaaS, and Partner

Apps

Internet Secure Web Gateway Internet Apps

BIG-IP APM

App Access Management OAM VDI Exchange Sharepoint

F5 Agility 2014 63

Which Threat mitigation to use?

Content Delivery Network

Carrier Service Provider

Cloud-based DDoS Service

Cloud/Hosted Service

Network firewall with SSL inspection

Web Application Firewall

On-premise DDoS solution

Intrusion Detection/Prevention

On-Premise Defense

All of the above

F5 Agility 2014 65

Network

Session

Application

Web application

Physical

Client / Server

L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation

SSL inspection and SSL DDoS mitigation

HTTP proxy, HTTP DDoS and application security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web application

Physical

Client / Server

Full Proxy Security

F5 Agility 2014 66

F5 Provides Complete Visibility and Control Across Applications and Users

Intelligent Services Platform

Users

Securing access to applications from anywhere

Resources

Protecting your applications regardless of where they live

TMOS

Network Firewall

Protocol Security

DDoS Protection

Dynamic Threat Defense

DNS Web Access

F5 Agility 2014 67

PROTECTING THE DATA CENTER Use case

•  Consolidation of firewall, app security, traffic management

•  Protection for data centers and application servers

•  High scale for the most common inbound protocols

Before f5

with f5

Load Balancer

DNS Security

Network DDoS

Web Application Firewall

Web Access Management

Load Balancer & SSL

Application DDoS

Firewall/VPN

F5 Agility 2014 68

F5 Bringing deep application fluency to Perimeter security

One platform

SSL inspection

Traffic management

DNS security

Access control

Application security

Network firewall

EAL2+ EAL4+ (in process)

DDoS mitigation

How do I implement

perimeter Security with

F5?

F5 Agility 2014 70

Reference Architectures

DDoS Protection

S/Gi Network Simplification

Security for Service

Providers

Application Services

Migration to Cloud

DevOps

Secure Mobility

LTE Roaming

DNS

Cloud Federation

Cloud Bursting

F5 Agility 2014 71

Application attacks Network attacks Session attacks

OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods

SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks

BIG-IP ASM Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection

DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation

BIG-IP LTM and GTM High-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation

BIG-IP AFM SynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding. Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions.

F5 m

itiga

tion

tech

nolo

gies

Application (7) Presentation (6) Session (5) Transport (4) Network (3) Data Link (2) Physical (1)

Increasing difficulty of attack detection

F5 m

itiga

tion

tech

nolo

gies

OSI stack

OSI stack

DDoS MITIGATION

Solve the Endpoint Security Challenge with Isolation, not Detection


Chris Cram Security Solutions Architect

®

74

The Security Landscape

Bromium Overview

Use Cases and Benefits

Summary and Next Steps

Agenda


Security Spending — ’05–’14

Up 294% $30B No!

Up 390%

Are breaches going down?

Malware/Breaches — ’05–’14 Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014

3

The IT Security Paradox


The Endpoint Problem

71% of all breaches are from the

endpoint!

Ineffective Detection Advanced Threats

§  Polymorphic §  Targeted § …

Pattern Matching §  Only known § Many ??? §  Costly remediation

“Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye

SVP, Symantec

5

The Problem


The Endpoint Problem Ineffective Detection Advanced Threats

§  Polymorphic §  Targeted §  Zero Day

Pattern-Matching §  Only known § Many false positives §  Costly remediation

71% of all breaches start on the endpoint!

Source: Verizon Data Breach Report

4

The Problem


Threats

78

Firewall IPS Web & Email Gateways

Network Detection Based

PC Firewall

PC Anti-virus

Endpoint Detection Based


Advanced Attacks Evade Legacy Defenses

79

$0

$5B

$10B

$15B

$20B

$25B

Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%

Host Intrusion

Prevention

Endpoint Sandboxing

Application Whitelisting

Host Web Filtering

Cloud-based AV

detection

Network Sandboxing

2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013

Sega

Writerspace .com

RockYou!

Target

AOL

Living Social

Cardsystems Solutions Inc. Evernote

CheckFree Corporation

Heartland

TK/ TJ Maxx

Blizzard Auction. com.kr

Virginia Dept. of Health

AOL

Data Processors

International

KDDI

Gawker .com

Global Payments

RBS Worldpay

Drupal

Sony Pictures

Medicaid Ohio State

University

Network Solutions Betfair

US Federal Reserve Bank of Clevelan

d

Citigroup

Twitter

Seacoast Radiology,

PA

Restaurant Depot

Washington State court

system

University of California

Berkeley

AT&T

University of Wisconsin – Milwaukee

Central Hudson Gas & Electric

TD Ameritrade

Sony PSN

San Francisco

Public Utilities

Commission

Yahoo Japan

Ebay

Neiman Marcus

Mac Rumou

rs .Com

NASDAQ

Ubisoft

South Africa Police

Yahoo Monster.

com

Hannaford Brothers

Supermarket Chain

Washington Post

Three Iranian banks

KT Corp.

LexisNexis Virginia Prescription Monitoring Program

Ubuntu Scribd

Sony Online Entertainment Southern

California Medical-Legal Consultants

Neiman Marcus

Nintendo

Ankle & Foot

Center of Tampa Bay,

Inc.

Bethesda Game

Studios

Puerto Rico Department of Health

American

Express

PF Changs

Home Depot

Paytime

Aaron Brothers

Michael’s Stores

Sutherland Healthcare

Adobe

Snapchat

2013 614 reported breaches

91,982,172 records

Recent Security Timeline


80

$0

$5B

$10B

$15B

$20B

$25B

Host Intrusion

Prevention

Endpoint Sandboxing

Application Whitelisting

Host Web Filtering

Cloud-based AV

detection

Network Sandboxing

2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013

Breaches Starting from the Endpoint

Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%

2013 614 reported breaches

91,982,172 records

Recent Security Timeline


Redefining security with isolation technology

Transforming the legacy security model

Global, top investors, leaders of Xen

Top tier customers across every vertical

Bromium—Pioneer and Innovator

8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

82

Microvisor

Hardware isolates each untrusted Windows task

Lightweight, fast, hidden, with an

unchanged native UX

Based on Xen with a small, secure

code base

Industry-standard desktop, laptop

hardware

Hardware Virtualization

Hardware Security Features


Core Technology

Isolate all end user tasks – browsing, opening emails, files…

Utilize micro-virtualization and the CPU to hardware isolate

Across major threat vectors— Web, email, USB, shares…

Seamless user experience on standard PCs

83

How Bromium Solves The Problem


Bromium vSentry

OS

§  Today’s signature and behavioral techniques miss many attacks

§  They almost always leave endpoints corrupted, requiring re-imaging

§  All user tasks and malware are isolated in a super-efficient micro-VM

§  All micro-VMs destroyed, elimi-nating all traces of malware with them

Hardware OS Kernel

Anti-virus, sandbox and other security tools

Applications

OS Hardware

Hardware-isolated Micro VMs

Traditional Endpoint Security

OS

OS

tab

OS OS

tab

10

Different from Traditional Security


WHO Is the Target

WHERE Is the Attacker WHAT

Is the Goal WHAT

Is the Technique WHAT

Is the Intent


LAVA Understanding the Kill Chain

Java Legacy App Support

Patching Off Net Laptop Users

High Value Targets

Threat Intelligence

Secure Browsing

12

Use Cases


87

Defeat Attacks § Eliminate compromises on the endpoint § Deliver protection in the office or on the road

Streamline IT § Reduce operational costs § Dramatically increase IT productivity

Empower End Users § Remove the burden of security from users § Enable users to click on anything…anywhere


Why Customers Deploy Bromium

The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era

Current ‘detection’ defenses are ineffective; endpoint is the weakest link

Bromium is redefining endpoint security with micro-virtualization

Enormous benefits in defeating attacks, streamlining IT and empowering users


Summary

Beyond Compliance

Rob Stonehouse – Chief Security Architect


The Rush To Compliance


“We have to be compliant!”

What Do We Know?

•  The Internet wants all your information

•  Law is not a deterrent

•  Little risk for huge gains

•  Patience = Success

•  Users will still click on anything

…It is going to get worse


What have we seen?

-  Sophisticated malware

-  Teams of attackers

-  Persistence & Purpose

20+ Years of Monitoring


Technology

•  New strategies

•  Hard to realize the value

InfoSec is Expensive

•  Resource issues

The Problem


What is The Answer?


Visibility

Get The Help You Need


You Can No Longer Do This Alone

Managed Security Services

Jamie Hari – Product Manager, Infrastructure & Security



Scalar discovered what they overlooked.

Changing Tactics


The way you look at security needs to change.



SIEM

100

The SIEM is the heart and brain of the SOC. It moves data around quickly and analyses it with continually

updated intelligence.

Improved Intelligence


Scalar has the tools and experience to manage security in a complex technical landscape.

Scalar SOC

SIEM SOC Tools

Firewalls IPS VS AV/AM/AS

Servers End Points

Users

What is SIEM?

•  Log Management •  Security Event Correlation and Analysis •  Security Alerting & Reporting


A solution which gathers, analyzes, and presents security information.

Reporting


Quickly Identify Patterns of Activity, Traffic, and Attacks

Managed SIEM & Incident Response

•  24 x 7 Security Alert & System Availability Monitoring •  Security Incident Analysis & Response •  Infrastructure Incident, Change, Patch, and Configuration

Management


Real-time security event monitoring and intelligent incident response

What should I look for in a provider?

•  Breadth and Depth of Technical Capability •  Flexibility in Deployment, Reporting, and Engagement Options •  Experience with Customers in Diverse Industries •  A Partner Model



Getting Started

106

Proof of Value

4 Week Trial •  Dashboard for Real-time Data •  Weekly Security Report •  Detailed Final Summary Report •  Seamless Continuation into Full Service


You decide how we fit


Recap

•  Reduce complexity – simplify •  Apply security at the infrastructure, applications and endpoint •  Augment technology with people and process •  Spend on security vs. compliance •  Gain visibility through effective security operations


What’s Next?

Looking for more information on security?

Rob Stonehouse, Scalar’s Chief Security Architect, discusses security beyond our compliance on the Scalar blog here.


Connect with Us!


facebook.com/scalardecisions

@scalardecisions

linkedin.com/company/scalar-decisions

slideshare.net/scalardecisions
