1 / 36

Revolutionizing Advanced Threat Protection

Revolutionizing Advanced Threat Protection. a New, modern approach. Sr Systems Engineer. `. Christopher Williams, CISSP. landscape Advanced Threats Counter measures. Threat Landscape: modern threats. Targeted Attacks. Nation States. Advanced Malware. Data Theft. DDOS. APTs.

betsy
Download Presentation

Revolutionizing Advanced Threat Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Revolutionizing Advanced Threat Protection a New, modern approach Sr Systems Engineer ` Christopher Williams, CISSP

  2. landscape Advanced Threats Counter measures

  3. Threat Landscape:modern threats Targeted Attacks Nation States Advanced Malware Data Theft DDOS APTs Zero Day Threats SIEM IPs Web Gateway Next Gen Firewall Visibility Context Ransom and Fraud Adv. Threat Protection Today’sAdvancedThreatLandscape Today’s Security Gap Hacktivists Email Security URL Filtering Inside Threats Integrity Availability Host Firewall DLP Confidentiality AntiSpam Encryption VPN NAC Cybercriminals

  4. Advanced Persistent Threats

  5. advanced:Improved Sophisticated threats Rootkits Virtual machine Detection Line-by-line debugger detection Fuzzing Re-writes host file Reverse Engineering Multi-packed, one time, encrypted Smarter | Faster | Stronger Code Auditing

  6. persistent: Time and the window of opportunity Initial Attack to Compromise Initial Compromise to Discovery Minutes 1% Months 1% weeks2% Years4% Hours9% Seconds11% Days13% Days11% Minutes13% Months62% Weeks12% Hours60% 84% 78%

  7. Proof of the problem: Breach Undetected for Five Months Only 28% of breaches are detected with forensic tools 15% are notified by law enforcement 9% are detected accidently Ponemon Institute Report

  8. Threats:Stealthy and undetectable Threats we can’t see… 20-70% of Traffic is Encrypted Majority of APTs Operate Over SSL

  9. Post-prevention security gap NGFW IDS / IPS Host AV Web Gateway SIEM Email Gateway DLP Web Application Firewall • Advanced Threat Protection • Content • Detection • Analytics • Context • Visibility • Analysis • Intelligence ThreatActors TraditionalThreats AdvancedThreats Known Threats Known Malware Known Files Known IPs/URLs Novel Malware Zero-Day Threats Targeted Attacks Modern TTPs Nation States Cybercriminals Hactivists Insider-Threats Signature-based Defense-in-Depth Tools

  10. ModernCounter-measures

  11. Mapping the Adaptive Protection Process to the LifeCycleof an Attack Source: Gartner (February 2014)

  12. ADVANCED THREAT PROTECTION Blue Coat Lifecycle Defense 3 Fortify &Operationalize 1 Unknown Event Escalation • IncidentResolutionInvestigate & Remediate Breach • Threat Profiling& Eradication OngoingOperations Detect & Protect Block AllKnown Threats ADVANCED THREAT PROTECTION Lifecycle Defense Retrospective Escalation Global IntelligenceNetwork 2 Incident ContainmentAnalyze & Mitigate Novel ThreatInterpretation

  13. ADVANCED THREAT PROTECTION Lifecycle Defense 3 Fortify &Operationalize 2 1 3 1 Unknown Event Escalation • IncidentResolutionInvestigate & Remediate Breach • Threat Profiling& Eradication OngoingOperations Detect & Protect Block AllKnown Threats IncidentContainment IncidentResolution OngoingOperations ADVANCED THREAT PROTECTION Lifecycle Defense Retrospective Escalation Global IntelligenceNetwork 2 Incident ContainmentAnalyze & Mitigate Novel ThreatInterpretation

  14. Stage 1: Detect & Protect Block All Known Threats 2 1 3 IncidentContainment IncidentResolution OngoingOperations Accurate Web Filtering and Categorization Identify and Block Malnets Robust Application and Policy Controls Proactive Threat Prevention across all users, networks and devices

  15. Stage 1: Detect & Protect Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 1 2 3 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic Proactive Threat Prevention across all users, networks and devices

  16. Stage 1: Detect & Protect Policy Based SSL Visibility 2 1 3 IncidentContainment IncidentResolution OngoingOperations Granular Policy Management Feed Multiple Security Systems Industry-leading Performance Full visibility into encrypted traffic and threats

  17. Stage 1: Detect & Protect Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 3 1 2 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic Copy of Decrypted Traffic Secure ICAP Forensics / Compliance / IDS DLPSolution Full visibility into encrypted traffic and threats

  18. ENHANCES EXISTING CUSTOMER SECURITY Solutions Forensics / Compliance / IDS Inline IPS, XPS, Malware Copy Network In Network Out Decrypt once - Feed many !

  19. Stage 1: Detect & Protect SSL Visibility Appliance Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 1 3 2 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic InlineDecrypted Traffic Copy of Decrypted Traffic Forensics / Compliance / IDS Inline IPS, XPS, Malware Full visibility into encrypted traffic and threats

  20. Stage 1: Detect & Protect Advanced AV/Malware Inspection 2 1 3 IncidentContainment IncidentResolution OngoingOperations Increased Malware Analysis and Blocking Higher Detection Accuracy Sandboxing Optimization Block known threats and analyze the unknown for Advanced Threat Protection at the perimeter

  21. Stage 1: Detect & Protect SSL Visibility Appliance Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 1 2 3 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic Higher Detection Accuracy Increased Malware Analysis and Blocking CONTENT ANALYSIS SYSTEM Block known threats and analyze the unknown for Advanced Threat Protection at the perimeter

  22. Stage 1: Detect & Protect SSL Visibility Appliance Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 1 3 2 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic Application Whitelisting Non Blue CoatSandbox Malware Signature Databases Blue CoatSandbox CONTENT ANALYSIS SYSTEM Block known threats and analyze the unknown for Advanced Threat Protection at the perimeter

  23. ADVANCED THREAT PROTECTION Lifecycle Defense 3 Fortify &Operationalize 1 2 3 1 Unknown Event Escalation • IncidentResolutionInvestigate & Remediate Breach • Threat Profiling& Eradication OngoingOperations Detect & Protect Block AllKnown Threats IncidentContainment IncidentResolution OngoingOperations ADVANCED THREAT PROTECTION Lifecycle Defense Retrospective Escalation Global IntelligenceNetwork 2 Incident ContainmentAnalyze & Mitigate Novel ThreatInterpretation

  24. Stage 2: analyze & Mitigate Contain and Analyze The Unknown 01010 10101 00101 10010 3 1 2 IncidentContainment IncidentResolution OngoingOperations PC Emulator Virtual Machine Dual-Detection Hybrid Analysis of Suspicious Samples Closely Replicates Customer’s Gold Configurations Automated Risk Scoring and Rich Analysis Quickly analyze and prioritize advanced and zero-day threats for remediation and continuous security improvement

  25. Stage 1: Detect & Protect SSL Visibility Appliance Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 3 1 2 3 1 2 Internet IncidentContainment IncidentContainment IncidentResolution IncidentResolution OngoingOperations OngoingOperations Encrypted & Unencrypted User Traffic Higher Detection Accuracy Increased Malware Analysis and Blocking Blue CoatSandbox CONTENT ANALYSIS SYSTEM Block known threats and analyze the unknown for Advanced Threat Protection at the perimeter

  26. Intelligent Defense in Depth Block Known Web Threats ProxySG Block all known sources/malnets and threats before they are on the network Block Known Web Threats ProxySG Allow Known Good Content Analysis System with Application Whitelisting Allow Known Good Content Analysis System with Application Whitelisting Free up resources to focus on advanced threat analysis Block Known Bad Downloads Content Analysis System with Malware Scanning Block Known Bad Downloads Content Analysis System with Malware Scanning Reduce threats for incident containment and resolution Analyze Unknown Threats Malware Analysis Appliance AnalyzeUnknown Threats Malware Analysis Appliance Discover new threats and then update you gateways

  27. ADVANCED THREAT PROTECTION Lifecycle Defense 3 Fortify &Operationalize 3 1 2 1 Unknown Event Escalation • IncidentResolutionInvestigate & Remediate Breach • Threat Profiling& Eradication OngoingOperations Detect & Protect Block AllKnown Threats IncidentContainment IncidentResolution OngoingOperations ADVANCED THREAT PROTECTION Lifecycle Defense Retrospective Escalation Global IntelligenceNetwork 2 Incident ContainmentAnalyze & Mitigate Novel ThreatInterpretation

  28. Stage 3: Investigate & Remediate Security Analytics 1 2 3 IncidentContainment IncidentResolution OngoingOperations Full Security Visibility of All Network Traffic Forensic Details Before, During and After an Alert Reduce Time-to-Resolution and Breach Impact The Security Camera for Your Network

  29. Security Camera for your Network • Know what happened before, during and after an alert, with complete, clear supporting evidence • Multiple sources for real-time integrity & reputation of URL, IP address, file hash or email address • Trace back and discover Tactics, Techniques & Procedures and identify Indicators of Compromise • Integrated workflows with leading network security tools to add context and improve effectiveness 1 2 3 IncidentContainment IncidentResolution OngoingOperations Forensic Details Before, During and After an Alert

  30. Security Camera for your Network 1 2 3 IncidentContainment IncidentResolution OngoingOperations

  31. Stage 3: Investigate & Remediate SSL Visibility Appliance Blue Coat Global Intelligence Network • ProxySG Application Whitelisting 3 1 2 Internet IncidentContainment IncidentResolution OngoingOperations Encrypted & Unencrypted User Traffic Security AnalyticsPlatform Higher Detection Accuracy Increased Malware Analysis and Blocking Blue CoatSandbox The Security Camera for Your Network

  32. global intelligence network +75 Million users Anti-virus AV scanning Malware experts +1 Billion daily categorized web requests Central cloud database Effective Advanced Threat Protection Dynamic Real-Time Rating +3.3 Millionthreats blocked daily Quality checks Malware detection 3rd party feeds +84 categories Sandboxing 55 languages Real-time Cloud-based Zero-day Response Performance and Scalablity Community-based Blocks 3.3 million threats per day

  33. More on Advanced Threat Protection BLUE COAT EXCLUSIVE Get Your Copy! bluecoat.com/atplifecycle

  34. Thank You! Christopher Williams chris.williams@bluecoat.com http://www.linkedin.com/in/christopherswilliams/

More Related