Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next Generation Network Security

Similar presentations

Presentation on theme: "Next Generation Network Security"— Presentation transcript:

1 Next Generation Network Security
Andrew Hoerner, Director, Product Marketing Understanding McAfee Network Security Platform (formerly IntruShield) – Featuring the 10GigE Channel Partners and McAfee Sales © 2007 McAfee, Inc.

2 Recent Customer Conversations…
“Borderless network… Effectively extend trust boundaries? “100’s of new applications… See & control use?” “Data center project… Improve protection… Consolidate vendors?” “Advanced Threats (APTs, Botnets, Insider Risk) … Best practice prevention?” “…Upgrading the data center…” “…Consumerization of IT…” “…Targeted attacks & Advanced Persistent Threats…” “…Visibility & control of applications…” “…Need more accurate IPS/IDS…” “…Guest & contractor access…” “…My firewall is EOL…” “…Security shouldn’t be the brakes…”

3 Network Security Isn’t Adapting to Change
Symptoms Incident costs increasing Data center security under-performing Advanced Persistent Threats a concern Security policy hard to enforce Excessive IDS/IPS alerts Firewall rules hinder change management Frequent refresh of security hardware

4 Changes Create Pressure Points, Complications Create Risk
Projects Impacting Network Complications SaaS (Agility) 15% 32% Outsource (Reduce CapEx) Targeted and Advanced Persistent Threats (APTs) Virtualization (Reduce OpEx) 30% 49% Hosting (Better Quality) Consumerization of IT Mobile Web (Improve Productivity) 200% Severe Economic Constraints

5 Evolving Threats “Outside Attacker Initiated” “Insider Initiated”
Active Layered Attack: exploit targeted vulnerability Scan/Exploit - Server/vulnerability Infect , C&C Upgrade Propagate “Outside Attacker Initiated” Passive Layered Attack: exploit via drive-by-download Exploit, Infect Data leak C & C execute Propagate “Insider Initiated” Download Download SPAM, Search, Social Network, etc. Social Engineering: follow link to malicious site “Insider Initiated” 5

6 Anatomy of an attack

7 Anatomy of an attack Date: Tue, 10 Dec :58: (PDT) From: John Doe To: Subject: 7th Annual U.S. Defense Conference 7th Annual U.S. Defense Conference 1-2 Jan 2009 Ronald Reagan Building and International Trade Center Washington, DC Download 2009 Conference Preliminary Program (PDF) Download 2009 Conference Registration Form (PDF) Contact: John Doe Contractor Information Systems (703)

8 Conventional Approach to Network Security
Ticket Oriented Resolution Protection Focused on Identifying Attack Packets How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire Configuration Focused on Features Multi-Vendor Strategies How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’d products.

9 The Maturity Model of Enterprise Security
REACTIVE (~3% of IT Budget on Security) COMPLIANT/PROACTIVE (~8% of IT Budget on Security) OPTIMIZED (~4% of IT Budget on Security) TCO Security Posture SECURITY OPTIMIZATION

10 Optimized Network Security Adapts to Change
Optimized spend ~4% Very low risk Reactive tools Firewalls Log analysis Trouble tickets Ineffective change control Ad hoc firewall rules Audit findings REACTIVE & MANUAL Point products IDS (compliance) SI/EM (logs) Structured firewall rule management Standard configurations Distributed consoles/mgmt Tedious audit preparation COMPLIANT Integrated tools IPS (threats) SI/EM (events) Automatic updates Automated firewall rule mgmt Centralized consoles/mgmt Streamlined compliance reports PROACTIVE Multi-layered, correlated solutions Predictive threat protection Policy-based control Proactive management Extensible architecture Automated compliance OPTIMIZED Tools Based Applying tools and technologies to assist people in reacting faster Point products for System, network and data OPTIMIZATION RISK Compliant/Proactive spend ~8% of IT budget on security Medium risk DYNAMIC Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for response McAfee ePO integrated products, plus GRC and GTI REACTIVE and Manual People only. No tools or processes. “Putting out fires” Reactive spend ~3% of IT budget on security High risk Why has it been so challenging to reduce risk? 10 10 10 10

11 New Requirements for Optimized Network Security
Ticket Oriented Resolution Proactive Management Protection Focused on Identifying Attack Packets Predictive Threat Protection Turn days of process into clicks Characterize future threats today Configuration Focused on Features Policy-Based Control Extensible Architecture Multi-Vendor Strategies Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities

12 Protecting Critical Data Center from ZeuS Malware
Predictive Threat Protection with IPS + GTI Malware infects websites Malware infects, McAfee Labs IDs, updates website reputations… Malware hits network …Threat dissected, analyzed… Wait on signature …Predictive action stops threat Apply signature, update signature Future variants covered Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Protection meets (and beats) hacker’s timelines, reduces alerts

13 Controlling Google Calendar Use Before a Merger
Policy-Based Control with Next Gen Firewall Identify M&A team User directory auto-imports groups… Map users to network address Profiler sees similar rule. 1 click to add. Avoid duplicate Create new rule (duplicate?) Hours or days to review, deploy Weeks to review, test, deploy. Repeat? New M&A members automatically added Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: No need to map network topology to user, protects critical data

14 Blocking Bot Command and Control Traffic
Proactive Management in Action See Bot activity on network Right click to get details from management console Hours: open ticket w/ system team Right click to scan and patch Days: open ticket to plan outage/upgrade Visual view of traffic and connections Weeks: detailed review of network events Have a second cup of coffee Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Eliminates days and weeks of effort while improving time to resolution

15 McAfee: Optimized Network Security Solutions
GLOBAL THREAT INTELLIGENCE Risk Advisor NDLP Web ePO Firewall IPS NAC NBA SIA Network IPS: Top selling, best performing Firewall: Most secure, new next gen features NAC: integrated with IPS NBA: cost-effective network visibility NDLP: more important than ever 15

16 What It Takes to Make An Organization Safe Global Threat Intelligence
Reputation GTI Network Activity Geo-location Ports / Protocol Application Web Reputation . File Reputation Affiliations IP Address Domain URL Data Activity Sender Reputation Web Activity DNS Server Mail Activity Address Network IPS Firewall Web Gateway Host AV Mail Gateway Host IPS 3rd Party Feed 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. 20B Message Reputation Queries/Mo. 2.5B Malware Reputation Queries/Mo. Geo Location Feeds

17 Optimized = Lower Total Cost of Ownership
Summary of Financial Results Risk-Adjusted Return on Investment (ROI) 142% Payback Period Within 5 Months Total Costs (Present Value) ($244,659) Total Cost Savings and Benefits (PV) $593,276 Total (Net Present Value) $348,617 Full Forrester TEI report based on McAfee customer data available here.

18 Optimized Network Security: Solves Root Issues, Symptoms Disappear
Results Incident costs decreasing Data center security lower cost Advanced Persistent Threat protection Policy in business terms, easy to enforce IPS alerts minimized, staff re-allocated Firewall rules streamline change management Long life reduces CapEx for security hardware

19 While We’ve Been Chatting…
Our global sensor grid characterized 229 unique pieces of malicious or unknown code, based on: 570,000 file reputation queries 460,000 IP reputation queries 69,000 attacks were stopped by McAfee IPS across all our customers Eliminated 64 trouble tickets and 8 critical escalations for our customers

20 Email
Thank you for your time Questions? More info at:

21 21

Download ppt "Next Generation Network Security"

Similar presentations

Ads by Google