2 Recent Customer Conversations… “Borderless network… Effectively extend trust boundaries?“100’s of new applications… See & control use?”“Data center project…Improve protection… Consolidate vendors?”“Advanced Threats (APTs, Botnets, Insider Risk) … Best practice prevention?”“…Upgrading the data center…”“…Consumerization of IT…”“…Targeted attacks & Advanced Persistent Threats…”“…Visibility & control of applications…”“…Need more accurate IPS/IDS…”“…Guest & contractor access…”“…My firewall is EOL…”“…Security shouldn’t be the brakes…”
3 Network Security Isn’t Adapting to Change SymptomsIncident costs increasingData center security under-performingAdvanced Persistent Threats a concernSecurity policy hard to enforceExcessive IDS/IPS alertsFirewall rules hinder change managementFrequent refresh of security hardware
7 Anatomy of an attackDate: Tue, 10 Dec :58: (PDT) From: John Doe To: Subject: 7th Annual U.S. Defense Conference 7th Annual U.S. Defense Conference 1-2 Jan 2009 Ronald Reagan Building and International Trade Center Washington, DC Download 2009 Conference Preliminary Program (PDF) Download 2009 Conference Registration Form (PDF) Contact: John Doe Contractor Information Systems (703)
8 Conventional Approach to Network Security Ticket Oriented ResolutionProtection Focused on Identifying Attack PacketsHow to get to resolution? File tickets. Wait.How to protect? Find attack packets on wireConfiguration Focused on FeaturesMulti-Vendor StrategiesHow to implement policy? Rely on product features.Defense in Depth? Manage multiple silo’d products.
9 The Maturity Model of Enterprise Security REACTIVE(~3% of IT Budget on Security)COMPLIANT/PROACTIVE(~8% of IT Budget on Security)OPTIMIZED(~4% of IT Budget on Security)TCOSecurity PostureSECURITY OPTIMIZATION
10 Optimized Network Security Adapts to Change Optimized spend ~4% Very low riskReactive toolsFirewallsLog analysisTrouble ticketsIneffective change controlAd hoc firewall rulesAudit findingsREACTIVE & MANUALPoint productsIDS (compliance)SI/EM (logs)Structured firewall rule managementStandard configurationsDistributed consoles/mgmtTedious audit preparationCOMPLIANTIntegrated toolsIPS (threats)SI/EM (events)Automatic updatesAutomated firewall rule mgmtCentralized consoles/mgmtStreamlined compliance reportsPROACTIVEMulti-layered, correlated solutionsPredictive threat protectionPolicy-based controlProactive managementExtensible architectureAutomated complianceOPTIMIZEDTools BasedApplying tools and technologies to assist people in reacting fasterPoint products forSystem, network and dataOPTIMIZATIONRISKCompliant/Proactive spend ~8% of IT budget on securityMedium riskDYNAMICPredictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for responseMcAfeeePO integrated products, plus GRC and GTIREACTIVE and ManualPeople only. No tools or processes. “Putting out fires”Reactive spend ~3% of IT budget on security High riskWhy has it been so challenging to reduce risk?10101010
11 New Requirements for Optimized Network Security Ticket Oriented ResolutionProactive ManagementProtection Focused on Identifying Attack PacketsPredictive Threat ProtectionTurn days of process into clicksCharacterize future threats todayConfiguration Focused on FeaturesPolicy-Based ControlExtensible ArchitectureMulti-Vendor StrategiesFocus on real organization, people, applications, usageIntegrated, collaborative, easily add new capabilities
12 Protecting Critical Data Center from ZeuS Malware Predictive Threat Protection with IPS + GTIMalware infects websitesMalware infects, McAfee Labs IDs, updates website reputations…Malware hits network…Threat dissected, analyzed…Wait on signature…Predictive action stops threatApply signature, update signatureFuture variants coveredNot OptimizedHigh Effort, High RiskWhen OptimizedLow Effort, Low RiskBenefit: Protection meets (and beats) hacker’s timelines, reduces alerts
13 Controlling Google Calendar Use Before a Merger Policy-Based Control with Next Gen FirewallIdentify M&A teamUser directory auto-imports groups…Map users to network addressProfiler sees similar rule. 1 click to add. Avoid duplicateCreate new rule (duplicate?)Hours or days to review, deployWeeks to review, test, deploy. Repeat?New M&A members automatically addedNot OptimizedHigh Effort, High RiskWhen OptimizedLow Effort, Low RiskBenefit: No need to map network topology to user, protects critical data
14 Blocking Bot Command and Control Traffic Proactive Management in ActionSee Bot activity on networkRight click to get details from management consoleHours: open ticket w/ system teamRight click to scan and patchDays: open ticket to plan outage/upgradeVisual view of traffic and connectionsWeeks: detailed review of network eventsHave a second cup of coffeeNot OptimizedHigh Effort, High RiskWhen OptimizedLow Effort, Low RiskBenefit: Eliminates days and weeks of effort while improving time to resolution
15 McAfee: Optimized Network Security Solutions GLOBALTHREATINTELLIGENCERisk AdvisorNDLPWebePOFirewallIPSNACNBASIANetwork IPS: Top selling, best performingFirewall: Most secure, new next gen featuresNAC: integrated with IPSNBA: cost-effective network visibilityNDLP: more important than ever15
16 What It Takes to Make An Organization Safe Global Threat Intelligence ReputationGTINetwork ActivityGeo-locationPorts / ProtocolApplicationWeb Reputation.File ReputationAffiliationsIP AddressDomainURLData ActivitySender ReputationWeb ActivityDNS ServerMail ActivityAddressNetwork IPSFirewallWeb GatewayHost AVMail GatewayHost IPS3rd Party Feed300M IPS Attacks/Mo.2B Botnet C&C IP Reputation Queries/Mo.20B Message Reputation Queries/Mo.2.5B Malware Reputation Queries/Mo.Geo Location Feeds
17 Optimized = Lower Total Cost of Ownership Summary of Financial ResultsRisk-AdjustedReturn on Investment (ROI)142%Payback PeriodWithin 5 MonthsTotal Costs (Present Value)($244,659)Total Cost Savings and Benefits (PV)$593,276Total (Net Present Value)$348,617Full Forrester TEI report based on McAfee customer data available here.
18 Optimized Network Security: Solves Root Issues, Symptoms Disappear ResultsIncident costs decreasingData center security lower costAdvanced Persistent Threat protectionPolicy in business terms, easy to enforceIPS alerts minimized, staff re-allocatedFirewall rules streamline change managementLong life reduces CapEx for security hardware
19 While We’ve Been Chatting… Our global sensor grid characterized 229 unique pieces of malicious or unknown code, based on:570,000 file reputation queries460,000 IP reputation queries69,000 attacks were stopped by McAfee IPS across all our customersEliminated 64 trouble tickets and 8 critical escalations for our customers
20 Email email@example.com Thank you for your timeQuestions?More info at: