Upload
scalar-decisions
View
224
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Scalar along with partners Cisco, F5 and Bromium presented the Top Security Priorities for the Remainder of 2014 in Ottawa, ON.
Citation preview
Scalar Security Roadshow
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Purpose of today’s session:
Provide insights on how Scalar and our partners address today’s complex
security challenges
2
Gartner report highlights
3
• Security spend as % of IT budgets increased
• Strong correlation between Security budget and maturity
• Emphasis on network, applications and endpoint
• Insufficient investment in people and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Scalar – brief overview
4 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
10 Years
5
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 6
165 90 180
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 7
100% Vancouver Calgary
Toronto
Ottawa London
Montreal
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 8
#51 #1 #15
ICT Security Company
Top 250 ICT Companies
Top tier technical talent.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 9
• Engineers average 15 years of experience
• World-class experts from some of the leading organizations in the industry
• Dedicated teams: PMO, finance, sales and operations
• Canadian Authorized Training Centres
• We employ and retain top talent
Top awards.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 10
• Brocade Partner of the Year ~ Innovation
• Cisco Partner of the Year ~ Data Centre & Virtualization
• NetApp Partner of the Year ~ Central Canada
• VMware Global Emerging Products Partner of the Year
• F5 VAR Partner of the Year ~ North America
• Palo Alto Networks Rookie of the Year
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Putting our expertise into practice.
11
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 12
Integrating, securing and managing systems for the most technologically advanced games ever.
Our Focus
• Protection of Data and Systems
• High Performance Computing
• Flexible Solutions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 13
Our security partners
14 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Partners here today
15 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
SECURITY
Cisco-Sourcefire FirePOWER
Sylvain Levesque Security Consulting Systems Engineer [email protected] SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Agenda:
• New Security Model and Global Intelligence • The POWER in FirePOWER • FirePOWER Appliance • ASA with FirePOWER Services
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
The New Security Model
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block
Defend
DURING
Point in Time Continuous
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Visibility Control
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000
CiscoSecurity Intelligence Operation (SIO)
Cisco® SIO
WWW Email Web Devices
IPS Endpoints Networks
More Than 150 Million DEPLOYED ENDPOINTS
100 TB DATA RECEIVED PER DAY
1.6 Million GLOBAL SENSORS
40% WORLDWIDE EMAIL TRAFFIC
13 Billion WEB REQUESTS
Cloud AnyConnect® IPS
ESA WSA ASA WWW
3 to 5 MINUTE UPDATES
More Than 200 PARAMETERS TRACKED
More Than 5500 IPS SIGNATURES PRODUCED
More Than 8 Million RULES PER DAY
More Than 70 PUBLICATIONS PRODUCED
Information Actions
More Than 40 LANGUAGES
More Than 80 PH.D, CCIE, CISSP, MSCE
More Than $100 Million
SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT
24 Hours Daily OPERATIONS
More Than 800 ENGINEERS, TECHNICIANS,
AND RESEARCHERS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Collective Security Intelligence
IPS Rules
Malware Protection
Reputation Feeds
Vulnerability Database Updates
Sourcefire AEGIS™ Program
Private and Public
Threat Feeds Sandnets FireAMP™
Community Honeypots
Advanced Microsoft
and Industry Disclosures
SPARK Program Snort and ClamAV
Open Source Communities
File Samples (>380,000 per Day)
Sourcefire VRT®
(Vulnerability Research Team)
Sandboxing Machine Learning
Big Data Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
The POWER in FirePOWER
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
About Sourcefire
• Founded in 2001 by Snort Creator, Martin Roesch, CTO
• Headquarters: Columbia, MD
• Focus on enterprise and government customers
• Global Security Alliance ecosystem
• NASDAQ: FIRE
Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise.
Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
FireSIGHT™ Management Center: Full Stack Visibility
CATEGORIES
EXAMPLES
FirePOWER Services TYPICAL IPS
TYPICAL NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔
Malware Conficker, Flame ✔ ✗ ✗
Command & Control Servers C&C Security Intelligence ✔ ✗ ✗
Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗
Mobile Devices iPhone, Android, Jail ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Cisco phones ✔ ✗ ✗
Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗
Contextual Awareness Information Superiority
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Cisco FireSIGHT Simplifies Operations • Impact Assessment and Recommended Rules Automate
Routine Tasks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Correlates all intrusion events to an impact of the attack against the target
Impact Assessment IMPACT FLAG
ADMINISTRATOR ACTION
WHY
Act Immediately, Vulnerable
Event corresponds to vulnerability mapped to host
Investigate, Potentially Vulnerable
Relevant port open or protocol in use, but no vuln mapped
Good to Know, Currently Not Vulnerable
Relevant port not open or protocol not in use
Good to Know, Unknown Target
Monitored network, but unknown host
Good to Know, Unknown Network
Unmonitored network
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Visibility and Context
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Visibility and Context
File Sent
File Received
File Executed
File Moved
File Quarantined
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Indications of Compromise (IoCs)
IPS Events
Malware Backdoors
CnC Connections
Exploit Kits Admin
Privilege Escalations
Web App Attacks
SI Events
Connections to Known CnC
IPs
Malware Events
Malware Detections
Malware Executions
Office/PDF/Java
Compromises Dropper
Infections
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
FirePOWER Services: Application Control
• Control access for applications, users and devices
• “Employees may view Facebook, but only Marketing may post to it”
• “No one may use peer-to-peer file sharing apps”
Over 3,000 apps, devices, and more!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
…Yet Another Open Source Success Story
• OpenAppID • Open source application detection and control
Application-focused detection language tied to Snort engine Enhances coverage and efficacy and accelerates development of application detectors Empowers the community to share detectors for greater protection Already over 1300 OpenAppID Detectors
Ties into a Snort Pre-processor for maximum performance and integration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
FirePOWER Services: URL Filtering
• Block non-business-related sites by category
• Based on user and user group
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
1) File Capture
FirePOWER Services: Advanced Malware
Malware Alert!
2) File Storage
4) Execution Report Available In Defense Center
Network Traffic
Collective Security Intelligence Sandbox
3) Send to Sandbox
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Reduced Cost and Complexity
• Multilayered protection in a single device
• Highly scalable for branch, internet edge, and data centers
• Automates security tasks o Impact assessment
o Policy tuning
o User identification
• Integrate transparently with third-party security solutions through eStreamer API
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
FirePOWER Appliances
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Setting the New Standard for Advanced Threat Protection
• Industry-‐best Intrusion Preven1on
• Real-‐1me Contextual Awareness
• Full Stack Visibility
• Intelligent Security Automa1on with FireSIGHT™
• Unparalleled Performance and Scalability
• Easily add Applica1on Control, URL Filtering and Advanced Malware Protec1on with op1onal subscrip1on licenses
Sourcefire FirePOWER™
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
IPS
Per
form
ance
and
Sca
labi
lity
Data Center Campus Branch Office SOHO Internet Edge
FirePOWER 7100 Series 500 Mbps – 1 Gbps
FirePOWER 7120/7125/8120 1 Gbps - 2 Gbps
FirePOWER 8100/8200 2 Gbps - 10 Gbps
FirePOWER 8200 Series 10 Gbps – 40 Gbps
Platforms and Places in the Network
FirePOWER 7000 Series 50 Mbps – 250 Mbps
FirePOWER 8300 Series 15 Gbps – 60 Gbps
FirePOWER Feature Summary NGIPS
• IPS Detection and Prevention • Security Updates • Reports, Alerts, and Dashboards • Centralized Policy Management • Custom IPS Rule Creation • Automated Impact Assessment • Automated Tuning • FireSIGHT Network & User
Intelligence • IT Policy Compliance Whitelists • File Type Determination • Network Behavior Analysis
You can ADD additional license • Application Control • User and User Group Control • Stateful Firewall Inspection
Switching and Routing • Network Address Translation • URL Filtering • File Blocking • Advanced Malware Protection
Virtual Appliances for VMWare and XEN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
ASA with FirePOWER Services
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
FirePOWER Services for ASA: Components
ASA 5585-X
FirePOWER Services Blade
• Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X
• SSD Drive Required • FirePOWER Services Software Module • Licenses and Subscriptions
• Models: ASA 5585-X-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60
• New FirePOWER Services Hardware Module Required
• Licenses and Subscriptions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Superior Multilayered Protection • World’s most widely deployed, enterprise-class ASA stateful firewall • Granular Application Visibility and Control (AVC) • Industry-leading FirePOWER Next-Generation IPS (NGIPS) • Reputation- and category-based URL filtering • Advanced malware protection
CISCO ASA
Identity-Policy Control & VPN
URL Filtering (subscription)
FireSIGHT Analytics & Automation
Advanced Malware
Protection (subscription)
Application Visibility &Control
Network Firewall Routing | Switching
Clustering & High Availability
WWW
Cisco Collective Security Intelligence Enabled
Built-in Network Profiling
Intrusion Prevention
(subscription)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
ASA and FirePOWER Features • IPS Detection and Prevention • Security Updates • Reports, Alerts, and Dashboards • Centralized Policy Management • Custom IPS Rule Creation • Automated Impact Assessment • Automated Tuning • FireSIGHT Network & User Intelligence • IT Policy Compliance Whitelists • File Type Determination • Network Behavior Analysis • Application Control • User and User Group Control • Stateful Firewall Inspection Switching and
Routing • Network Address Translation • URL Filtering • File Blocking • Advanced Malware Protection • Identity-Based Firewall for enhanced user ID
awareness.
• Highly Secure remote access (IPSEC and SSL) • Proactive, near-real-time protection against Internet threats • Integrates with other essential network security tech • Supports Cisco TrustSec security group tags (SGTs) and • Extensive stateful inspection engine, • Site-to-site VPN, NAT, IPv6, • Dynamic Routing (including BGP) • HA, Clustering • Protection from botnets • Delivers high availability for high-resiliency application • Change of Authorization (CoA)
Q & A
The Perimeter is Dead, Long Live the Perimeter
Steve Hillier
Field Systems Engineer
What is The Perimeter?
pe·rim·e·ter 1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ
Defense in Depth?
Defense in depth The principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system……Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth
Evolving Threat Landscape
F5 Agility 2014 50
Perimeter Security Technologies
Firewalls started out as proxies
Stateless filters accelerated firewalls, but
weakened security
Stateful firewalls added security with deep
inspection, but still fall short of proxies
F5 brings full proxy back to firewalls: highest
security matched by a high-scale and high-
performance architecture
A long time ago… and then… present day… and now with F5!
F5 Agility 2014 51
Protecting against Threats is challenging
Webification of apps Device proliferation
Evolving security threats Shifting perimeter
71% of internet experts predict most people will do work via web or mobile by 2020.
95% of workers use at least one personal device for work.
130 million enterprises will use mobile apps by 2014
58% of all e-theft tied to activist groups. 81% of breaches involved hacking
80% of new apps will target the cloud.
72% IT leaders have or will move applications to the cloud.
F5 Agility 2014 52
Evolving Security Threat Landscape
F5 Agility 2014 53
More sophisticated attacks are multi-layer
Application
SSL
DNS
Network
Its all about the Application.
F5 Agility 2014 55
BIG-IP Application Security Manager
Multiple deployment options
Visibility and analysis
Comprehensive protections
• Standalone or ADC add-on • Appliance or Virtual edition • Manual or automatic policy
building • 3rd party DAST integration
• Visibility and analysis • High speed customizable syslog • Granular attack details • Expert attack tracking
and profiling • Policy & compliance reporting • Integrates with SIEM software • Full HTTP/S request logging
• Granular rules on every HTTP element
• Client side parameter manipulation protection
• Response checks for error & data leakage
• AV integrations
BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.
F5 Agility 2014 56
L7 DDOS
Web Scraping
Web bot identification
XML filtering, validation & mitigation
ICAP anti-virus Integration
XML Firewall
Geolocation blocking
Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities
ASM
F5 Agility 2014 57
90% of security investment focused here Yet 75% of attacks are focused here
Network Threats Application Threats
Attack Vectors TCP SYN Flood
TCP Conn Flood
DNS Flood
HTTP GET Flood
Attack Vectors HTTP Slow Loris
DNS Cache Poison
SQL Injection
Cross Site Scripting
F5 Agility 2014 58
Unique full-proxy architecture
iRule
iRule
iRule
TCP
SSL
HTTP
TCP
SSL
HTTP
iRule
iRule
iRule
ICMP flood SYN flood
SSL renegotiation
Data leakage Slowloris attack XSS
Network Firewall
WAF WAF
Who are you? AAA
F5 Agility 2014 60
Who’s Requesting Access?
IT challenged to: • Control access based on user-type and role • Unify access to all applications (mobile, VDI, Web, client-server, SaaS) • Provide fast authentication and SSO • Audit and report access and application metrics
Manage access based on identity
Employees Partner Customer Administrator
F5 Agility 2014 61
Security at the Critical Point in the Network
Virtual
Physical
Cloud
Storage
Total Application Delivery Networking Services
Clients Remote access
SSL VPN
APP firewall
F5 Agility 2014 62
BIG-IP APM Use Cases
Accelerated Remote Access
Enterprise Data & Apps
Federation Cloud, SaaS, and Partner
Apps
Internet Secure Web Gateway Internet Apps
BIG-IP APM
App Access Management OAM VDI Exchange Sharepoint
F5 Agility 2014 63
Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
All of the above
F5 Agility 2014 65
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
SSL inspection and SSL DDoS mitigation
HTTP proxy, HTTP DDoS and application security
Application health monitoring and performance anomaly detection
Network
Session
Application
Web application
Physical
Client / Server
Full Proxy Security
F5 Agility 2014 66
F5 Provides Complete Visibility and Control Across Applications and Users
Intelligent Services Platform
Users
Securing access to applications from anywhere
Resources
Protecting your applications regardless of where they live
TMOS
Network Firewall
Protocol Security
DDoS Protection
Dynamic Threat Defense
DNS Web Access
F5 Agility 2014 67
PROTECTING THE DATA CENTER Use case
• Consolidation of firewall, app security, traffic management
• Protection for data centers and application servers
• High scale for the most common inbound protocols
Before f5
with f5
Load Balancer
DNS Security
Network DDoS
Web Application Firewall
Web Access Management
Load Balancer & SSL
Application DDoS
Firewall/VPN
F5 Agility 2014 68
F5 Bringing deep application fluency to Perimeter security
One platform
SSL inspection
Traffic management
DNS security
Access control
Application security
Network firewall
EAL2+ EAL4+ (in process)
DDoS mitigation
How do I implement
perimeter Security with
F5?
F5 Agility 2014 70
Reference Architectures
DDoS Protection
S/Gi Network Simplification
Security for Service
Providers
Application Services
Migration to Cloud
DevOps
Secure Mobility
LTE Roaming
DNS
Cloud Federation
Cloud Bursting
F5 Agility 2014 71
Application attacks Network attacks Session attacks
OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods
SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks
BIG-IP ASM Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection
DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation
BIG-IP LTM and GTM High-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation
BIG-IP AFM SynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding. Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions.
F5 m
itiga
tion
tech
nolo
gies
Application (7) Presentation (6) Session (5) Transport (4) Network (3) Data Link (2) Physical (1)
Increasing difficulty of attack detection
F5 m
itiga
tion
tech
nolo
gies
OSI stack
OSI stack
DDoS MITIGATION
Solve the Endpoint Security Challenge with Isolation, not Detection
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 73
Chris Cram Security Solutions Architect
®
74
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps
Agenda
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Security Spending — ’05–’14
Up 294% $30B No!
Up 390%
Are breaches going down?
Malware/Breaches — ’05–’14 Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint Problem
71% of all breaches are from the
endpoint!
Ineffective Detection Advanced Threats
§ Polymorphic § Targeted § …
Pattern Matching § Only known § Many ??? § Costly remediation
“Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye
SVP, Symantec
5
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
The Endpoint Problem Ineffective Detection Advanced Threats
§ Polymorphic § Targeted § Zero Day
Pattern-Matching § Only known § Many false positives § Costly remediation
71% of all breaches start on the endpoint!
Source: Verizon Data Breach Report
4
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Threats
78
Firewall IPS Web & Email Gateways
Network Detection Based
PC Firewall
PC Anti-virus
Endpoint Detection Based
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Advanced Attacks Evade Legacy Defenses
79
$0
$5B
$10B
$15B
$20B
$25B
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
Host Intrusion
Prevention
Endpoint Sandboxing
Application Whitelisting
Host Web Filtering
Cloud-based AV
detection
Network Sandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013
Sega
Writerspace .com
RockYou!
Target
AOL
Living Social
Cardsystems Solutions Inc. Evernote
CheckFree Corporation
Heartland
TK/ TJ Maxx
Blizzard Auction. com.kr
Virginia Dept. of Health
AOL
Data Processors
International
KDDI
Gawker .com
Global Payments
RBS Worldpay
Drupal
Sony Pictures
Medicaid Ohio State
University
Network Solutions Betfair
US Federal Reserve Bank of Clevelan
d
Citigroup
Seacoast Radiology,
PA
Restaurant Depot
Washington State court
system
University of California
Berkeley
AT&T
University of Wisconsin – Milwaukee
Central Hudson Gas & Electric
TD Ameritrade
Sony PSN
San Francisco
Public Utilities
Commission
Yahoo Japan
Ebay
Neiman Marcus
Mac Rumou
rs .Com
NASDAQ
Ubisoft
South Africa Police
Yahoo Monster.
com
Hannaford Brothers
Supermarket Chain
Washington Post
Three Iranian banks
KT Corp.
LexisNexis Virginia Prescription Monitoring Program
Ubuntu Scribd
Sony Online Entertainment Southern
California Medical-Legal Consultants
Neiman Marcus
Nintendo
Ankle & Foot
Center of Tampa Bay,
Inc.
Bethesda Game
Studios
Puerto Rico Department of Health
American
Express
PF Changs
Home Depot
Paytime
Aaron Brothers
Michael’s Stores
Sutherland Healthcare
Adobe
Snapchat
2013 614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
80
$0
$5B
$10B
$15B
$20B
$25B
Host Intrusion
Prevention
Endpoint Sandboxing
Application Whitelisting
Host Web Filtering
Cloud-based AV
detection
Network Sandboxing
2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 2003 2013
Breaches Starting from the Endpoint
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%
2013 614 reported breaches
91,982,172 records
Recent Security Timeline
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
Bromium—Pioneer and Innovator
8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
82
Microvisor
Hardware isolates each untrusted Windows task
Lightweight, fast, hidden, with an
unchanged native UX
Based on Xen with a small, secure
code base
Industry-standard desktop, laptop
hardware
Hardware Virtualization
Hardware Security Features
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Core Technology
Isolate all end user tasks – browsing, opening emails, files…
Utilize micro-virtualization and the CPU to hardware isolate
Across major threat vectors— Web, email, USB, shares…
Seamless user experience on standard PCs
83
How Bromium Solves The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Bromium vSentry
OS
§ Today’s signature and behavioral techniques miss many attacks
§ They almost always leave endpoints corrupted, requiring re-imaging
§ All user tasks and malware are isolated in a super-efficient micro-VM
§ All micro-VMs destroyed, elimi-nating all traces of malware with them
Hardware OS Kernel
Anti-virus, sandbox and other security tools
Applications
OS Hardware
Hardware-isolated Micro VMs
Traditional Endpoint Security
OS
OS
tab
OS OS
tab
10
Different from Traditional Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
WHO Is the Target
WHERE Is the Attacker WHAT
Is the Goal WHAT
Is the Technique WHAT
Is the Intent
24 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
LAVA Understanding the Kill Chain
Java Legacy App Support
Patching Off Net Laptop Users
High Value Targets
Threat Intelligence
Secure Browsing
12
Use Cases
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
87
Defeat Attacks § Eliminate compromises on the endpoint § Deliver protection in the office or on the road
Streamline IT § Reduce operational costs § Dramatically increase IT productivity
Empower End Users § Remove the burden of security from users § Enable users to click on anything…anywhere
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Why Customers Deploy Bromium
The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective; endpoint is the weakest link
Bromium is redefining endpoint security with micro-virtualization
Enormous benefits in defeating attacks, streamlining IT and empowering users
88 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Summary
Beyond Compliance
Rob Stonehouse – Chief Security Architect
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 89
The Rush To Compliance
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 90
“We have to be compliant!”
What Do We Know?
• The Internet wants all your information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on anything
…It is going to get worse
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 91
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose
20+ Years of Monitoring
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 92
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues
The Problem
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 93
What is The Answer?
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 94
Visibility
Get The Help You Need
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 95
You Can No Longer Do This Alone
Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 96
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 97
Scalar discovered what they overlooked.
Changing Tactics
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 98
The way you look at security needs to change.
99 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
SIEM
100
The SIEM is the heart and brain of the SOC. It moves data around quickly and analyses it with continually
updated intelligence.
Improved Intelligence
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 101
Scalar has the tools and experience to manage security in a complex technical landscape.
Scalar SOC
SIEM SOC Tools
Firewalls IPS VS AV/AM/AS
Servers End Points
Users
What is SIEM?
• Log Management • Security Event Correlation and Analysis • Security Alerting & Reporting
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 102
A solution which gathers, analyzes, and presents security information.
Reporting
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 103
Quickly Identify Patterns of Activity, Traffic, and Attacks
Managed SIEM & Incident Response
• 24 x 7 Security Alert & System Availability Monitoring • Security Incident Analysis & Response • Infrastructure Incident, Change, Patch, and Configuration
Management
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 104
Real-time security event monitoring and intelligent incident response
What should I look for in a provider?
• Breadth and Depth of Technical Capability • Flexibility in Deployment, Reporting, and Engagement Options • Experience with Customers in Diverse Industries • A Partner Model
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 105
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
Getting Started
106
Proof of Value
4 Week Trial • Dashboard for Real-time Data • Weekly Security Report • Detailed Final Summary Report • Seamless Continuation into Full Service
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 107
You decide how we fit
108 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014
Recap
• Reduce complexity – simplify • Apply security at the infrastructure, applications and endpoint • Augment technology with people and process • Spend on security vs. compliance • Gain visibility through effective security operations
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 109
What’s Next?
Looking for more information on security?
Rob Stonehouse, Scalar’s Chief Security Architect, discusses security beyond our compliance on the Scalar blog here.
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 110
Connect with Us!
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
facebook.com/scalardecisions
@scalardecisions
linkedin.com/company/scalar-decisions
slideshare.net/scalardecisions
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 112