1 / 23

Applying Next Generation Security Principles to Today’s Changing Networks

Applying Next Generation Security Principles to Today’s Changing Networks. Every 18 Months, the Amount of Data on the Planet Doubles. But to Your Network Team, It Probably Feels Like the Data Doubles Every Few Weeks…. 2010. Facebook : 400M+ users, 52K apps

barbara
Download Presentation

Applying Next Generation Security Principles to Today’s Changing Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applying Next Generation Security Principles to Today’s Changing Networks

  2. Every 18 Months, the Amount of Data on the Planet Doubles But to Your Network Team, It Probably Feels Like the Data Doubles Every Few Weeks…

  3. 2010. Facebook: 400M+ users, 52K apps 2010: 2.1M salesforce.com subscriptions June 2010 3 billion iPhone apps downloaded 1 Day: 148K machines infected w/ Bots (Hourly botnet rental: $9) 1 Day: 1M victims of scareware scams 1 Day: 33K+ malware samples analyzed by McAfee 2004. No Facebook 2006: 440K salesforce.com subscriptions June 2008 No iPhone apps

  4. How Do These Facts Impact Us? 1% 45 8% Average incidents per year, large co (Bloor) IT security product sales growth Avg 2008-9 (IDC) 2006-10 Avg GDP Growth (USDL) 10% $772K 58% 2009-10 Growth, Network Security appliances and sw (Infonetics) Average cost of large incident 2010, large co (Bloor) Growth in unique malware samples, last 6 months (McAfee)

  5. How Do These Facts Impact Us? 1% 45 8% Average incidents per year, large co (Bloor) IT security product sales growth Avg 2008-9 (IDC) 2006-10 Avg GDP Growth (USDL) 10% $772K 58% 2009-10 Growth, Network Security appliances and sw (Infonetics) Average cost of large incident 2010, large co (Bloor) Growth in unique malware samples, last 6 months (McAfee)

  6. Key Challenges We Face in Architecting Next Generation Security Open & Agile Networks. Targeted Threats, APTs Operational Efficiency • Apps over port 80, on- premise, SaaS, Web 2.0, lack of visibility, control • Consumerization of IT • Perimeter disappearing; Must extend trust model • Difficult to enforce policies • Advanced and targeted attacks • Insider Threats & data loss concerns, needle in haystack • MalApps the new reality; must detect and prevent • Spending controls (Opex, Capex), resource re-allocation • “Enable business” (data centers, consolidation, segmentation, virtualization • Streamline compliance reporting

  7. Recent Customer Conversations… “…I need to spend time deploying more apps…not time on controlling them…” “…For my datacenter upgrade – give me world-class protection… cut costs 40%…don’t slow me down… “…To beat competitors to market, I want to extend trust boundaries for collaboration with partners & contractors…” “…Advanced Persistent Threats? Show me the ‘needle in the haystack’ without human analysis…” “Borderless network… Effectively extend trust boundaries? “100’s of new applications…See & control use?” “Advanced Threats (APTs, Botnets, Insider Risk)… Best practice prevention?” “Data center project… Improve protection…Consolidate vendors?” “Network security shouldn’t be the ‘brakes on the car’ that hold us back…it should be like the stability control enabling us to take the twists and turns faster…but safer…

  8. Conventional Approach to Network Security Ticket Oriented Resolution Protection Focused on Identifying Attack Packets How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire Configuration Focused on Features Multi-Vendor Strategies 1011011000100101110101 11100010101 How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’d products.

  9. Conventional Gets Obsolete Fast…How Fast We Forget…

  10. Sometimes, Optimization is the Only Answer

  11. RISK OPTIMIZATION Optimized Network Security Adapts to Change REACTIVE & MANUAL Tools Based Applying tools and technologies to assist people in reacting faster Point products for System, network and data COMPLIANT PROACTIVE OPTIMIZED Optimized spend ~4% Very low risk • Multi-layered, correlated solutions • Predictive threat protection • Policy-based control • Proactive management • Extensible architecture • Automated compliance • Integrated tools • IPS (threats) • SI/EM (events) • Automatic updates • Automated firewall rule mgmt • Centralized consoles/mgmt • Streamlined compliance reports • Point products • IDS (compliance) • SI/EM (logs) • Structured firewall rule management • Standard configurations • Distributed consoles/mgmt • Tedious audit preparation • Reactive tools • Firewalls • Log analysis • Trouble tickets • Ineffective change control • Ad hoc firewall rules • Audit findings DYNAMIC Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for response Compliant/Proactive spend ~8% of IT budget on security Medium risk McAfee ePO integrated products, plus GRC and GTI REACTIVE and Manual People only. No tools or processes. “Putting out fires” Reactive spend ~3% of IT budget on securityHigh risk Why has it been so challenging to reduce risk? 11 11

  12. New Requirements for Optimized Network Security Ticket Oriented Resolution Proactive Management Protection Focused on Identifying Attack Packets Predictive Threat Protection Turn days of process into clicks Characterize future threats today Configuration Focused on Features Policy-Based Control Multi-Vendor Strategies Extensible Architecture Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities

  13. Consider Optimized Network Security Solutions GLOBAL THREAT INTELLIGENCE RiskAdvisor Web NDLP Email ePO NAC Firewall IPS NBA SIA Network IPS: must be best performing Firewall: must have next gen features NAC: now is the time NBA: emerging visibility tool NDLP: more important than ever

  14. Protecting Critical Data Center from ZeuS Malware Predictive Threat Protection with NSP + GTI Malware infects websites Malware infects, McAfee Labs IDs, updates website reputations… Malware hits network …Threat dissected, analyzed… Wait on signature …Predictive action stops threat Apply signature, update signature Future variants covered Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Protection meets (and beats) hacker’s timelines, reduces alerts

  15. Controlling Google Calendar Use Before a Merger Policy-Based Control with Next Gen Firewall Identify M&A team User directory auto-imports groups… Profiler sees similar rule. 1 click to add. Avoid duplicate Map users to network address Create new rule (duplicate?) Hours or days to review, deploy Weeks to review, test, deploy. Repeat? New M&A members automatically added Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: No need to map network topology to user, protects critical data

  16. Blocking Bot Command and Control Traffic Proactive Management in Action See Bot activity on network Right click to get details from management console Right click to scan and patch Hours: open ticket w/ system team Days: open ticket to plan outage/upgrade Visual view of traffic and connections Weeks: detailed review of network events Have a second cup of coffee Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Eliminates days and weeks of effort while improving time to resolution

  17. Move Customer Portal to Cloud Data Center Policy-Based Control with Next Gen Firewall Identify portal admins User directory auto-imports groups; admins assigned to group Create rule: use SSH only for remote admin Map users to network address Open SSH/port 22 for services Future admins automatically added Constantly maintain as team, network change Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: No need to map network topology to user, eliminates SSH blind spot

  18. Enabling IM, But Controlling IM Fileshare Policy-Based Control with Next Gen Firewall How would you do this today? Admin sees similar rule exists for finance Adds all other groups to that rule with a few clicks Bob from finance tries to upload a file. File is blocked. Bob is notified of policy Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Users enabled with IM, but risk reduced w/o file share; Rule reduction

  19. Example: Extensible Management PlatformSecurity Innovation Alliance (SIA) Delivers a Rich Security Ecosystem Associate Partner Technology Partner(McAfee Compatible) Authentication and Encryption Other Security, IT & Services Theft and Forensics Single Sign-On Security Event andLog Management Application andDatabase Security Risk and Compliance SIA ePO 19

  20. Example: Global Threat IntelligenceWhat it is and what it means for our customers Risk Advisor IPS Firewall NBA NAC NDLP Other feeds & analysis Appliances Endpoints Firewalls Servers McAfee Labs File Reputation Engine Web Reputation Engine Network Threat Information IP and Sender Reputation Engine Vulnerability Information ePO MFE Products Global Threat Intelligence NSM

  21. Optimized: Relieves Pressure Points, Reduces Risk Data Center Consolidation Virtualized IPS and Firewalls collapse security OpEx, scale to 10G+ Network Upgrade Next Gen Firewall simplifies policy management, scales to 10G+ APT Threat IPS, NBA, NTR detect reconnaissance, anomalies, targeted malware; NDLP finds data at risk Enabling Apps Next Gen Firewall user and application aware, both grouped and fine grain policy enforcement Vulnerability Management IPS, Vulnerability Manager pinpoint ‘at risk’ systems, IPS acts as ‘pre-patch shield’

  22. While We’ve Been Chatting… Eliminated 64 trouble tickets and 8 critical escalations for our customers 69,000 attacks were stopped by McAfee IPS across all our customers Our global sensor grid characterized 229 unique pieces of malicious or unknowncode, based on: 570,000 file reputation queries 460,000 IP reputation queries

  23. sdfafasd

More Related