Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Threat Management (ETM): Bringing Security Together Through Intelligence David Thomason Director of Security Engineering.

Published byReese Farrow Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Threat Management (ETM): Bringing Security Together Through Intelligence David Thomason Director of Security Engineering."— Presentation transcript:

1 Enterprise Threat Management (ETM): Bringing Security Together Through Intelligence David Thomason Director of Security Engineering

2 2 X X X X X X X X X Insider Accidental Attacks In an FBI Computer Crime Survey released on 1/11/07, 44% of participants said they were attacked from within their own organizations. Outsider Attacks According to the 2006 Ponemon Data Breach Study, those surveyed who experienced data theft in the last year spent an average of $660,000 to notify customers, business partners, and regulators. Compliance Enforcement According to John Hagerty of AMR Research, “…it [automated compliance] also comes down to an issue of visibility. Where do I have problems? Where do I have exposure? That’s when it starts to become a more strategic issue because management is asking for an overall view of this.” Insider Malicious Attacks In a survey jointly done by ASIS International and the U.S. Chamber of Commerce, 138 executives of Fortune 1000 companies reported losses between $53 billion and $59 billion due to insider attacks. Undetected Attacks According to ComputerWorld Magazine, the TJX security breach, that was reported in mid-December of 2006 and could put the credit and debit card data of more than 40 million customers at risk, was not detected for seven months. Look Familiar? The Agony of Today’s Network Security Unknown Connections The most recent CSI/FBI Crime Computer and Security Survey reports that 66% of the security incidents that caused the greatest organizational losses were unauthorized access and theft of proprietary information.

3 3 Current Security Spending Trends: Unsustainable Growth Security spending is dramatically growing as a percentage of the overall IT budget… Source: 2006 CIO/CSO/PWC State of Info Security Survey Yet the threats and vulnerabilities keep coming! In fact, it is growing twice as fast as overall IT spending (12% vs. 6%)…

4 4 What’s Going on Here? The awareness of the problem is there Billions of dollars have been spent on IT security The security problem is getting worse as attackers become more motivated. Today’s professional hacker does not want his work to be noticed. The TJX security breach (T.J. Maxx stores) – disclosed in 12/06 – was one of the largest in retail history and went undetected for seven months! How is it possible for so many security technologies to be defeated? The silo approach of “see a threat, buy a box” is no longer feasible.

5 5 Key Flaws in Current Network Security Network security technology operates with virtually no knowledge about what it’s protecting Virtually all network security technology is driven solely by people These factors combine to lead to network defenses that are misconfigured, porous, and static “By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses. The threat environment is changing — financially motivated, targeted attacks are increasing, and automated malware-generation kits allow simple creation of thousands of variants quickly — but our security processes and technologies haven't kept up.” Gartner's Top Predictions for IT Organizations and users, 2007 and Beyond

6 6 Security Events Must Have Context Is this guy a threat? Or a valued customer? Is he holding a gun? Or an iPod? Is it summer in Sydney? Or winter in New York? Do you reach to set off the alarm? Or to shake his hand? Unfortunately, the majority of network solutions today lack the ability to integrate intelligence into the real-time analysis of potential threats.

7 7 Introducing Enterprise Threat Management (ETM) IntrusionPrevention VulnerabilityAssessment NetworkBehavior Analysis (NBA) NetworkAccess Control (NAC) Threat Endpoint Network Intelligence Threat Endpoint Network Intelligence

8 8 Worms Trojans Port scans Buffer overflow attacks Spyware Protocol anomalies Malformed traffic Invalid headers Zero-day attacks Protection Against The Role of Intrusion Prevention Vulnerability-based Intrusion Prevention First line of ETM defense IPS rules should address the “vulnerability”—not the “exploit” Protection against zero-day attacks IPS events should be correlated against endpoint intelligence IPS is just one part of an effective ETM strategy

9 9 The Role of Vulnerability Assessment “Active” Endpoint Intelligence Popular source for obtaining endpoint and vulnerability intelligence Provides a rich “snapshot” of endpoint assets and vulnerabilities Intelligence degrades in between active scans Active scanning can be “harmful” to some hosts Scan occurs Accuracy decay Time Quality t - Coherence time t

10 10 The Role of Network Behavior Analysis (NBA) “Passive” Endpoint Intelligence Compliments “rich” intelligence gained by active scanning 24x7 monitoring for endpoint assets and vulnerabilities Analogous to passive SONAR—learn by listening Network Anomaly Detection Create a baseline of “normal” network behavior Identify propagation of attacks that “walked” through the front door

11 11 The Role of Network Access Control (NAC) Pre-connect NAC Dominated by Cisco Network Admission Control (CNAC) & Microsoft Network Access Protection (MNAP) standards Useful for determining “who” can get on the ride Post-connect NAC Useful for determining “what” you can do once you’re on the ride Set compliance policies related to usage of operating systems, services, apps, resources, etc. Identifies policy and regulatory non- compliance

12 12 Tying It All Together Integrated ETM Console Monitor for security events originating from both inside and outside the organization Correlate threat, endpoint, and network intelligence Threat intelligence from IPS Endpoint intelligence from VA & NBA Network intelligence from NBA Drastically reduce false positives and negatives Monitor for compliance with IT policies related to company, industry and/or government regulatory compliance Compliance monitoring through post-connect NAC

13 13 ETM—Before, During & After the Attack BEFORE AN ATTACK Everything on the network Policy Violations and Vulnerabilities By Hardening Assets DURING AN ATTACK The Attack The Impact By Blocking and Alerting AFTER AN ATTACK Where the Attack Occurred What Action to Take By Minimizing the Impact

14 14 Sourcefire 3D System™ INTELLIGENCE LAYER BEFORE AN ATTACK Everything on the network Policy Violations and Vulnerabilities By Hardening Assets DURING AN ATTACK The Attack The Impact By Blocking and Alerting AFTER AN ATTACK Where the Attack Occurred What Action to Take By Minimizing the Impact D I S C O V E R D E T E R M I N E D E F E N D Sourcefire’s Approach to ETM “Providing endpoint and network intelligence to network security products significantly improves their capabilities...” Use Endpoint Intelligence to Improve Security Defenses Report

15 15 ETM—a Better, More Efficient Process Organizations need systems that can analyze security information and apply context automatically and holistically. Most security technologies are driven by a man-in-the loop process. How do you know when to update your access control configuration? How do you know when a new vulnerability is relevant to your environment? How do you know when there is an active, high priority security event occurring in your environment? How do you know when the patch management system needs to address a new host? This information is then turned into response manually Persistent, automatic intelligence generation and analysis driving network security to: REAL-TIME, UNIFIED, NETWORK DEFENSE

16 16 ETM Benefits Summary Enjoy continuous protection through an integrated approach. The whole truly is greater than the sum of the parts—reduce number of vendors, reduce cost of ownership Get faster and more accurate response from threat, endpoint, and network intelligence—the keys to driving next-generation security technologies that are automated and adaptive Take advantage of consolidated reporting and management views Enforce compliance of security policies and industry regulations as part of overall network protection

17 17 ETM Take-away ETM leverages real-time intelligence about the network environment and drives it into network security technologies for a more effective and efficient security solution.

18 Questions?

Download ppt "Enterprise Threat Management (ETM): Bringing Security Together Through Intelligence David Thomason Director of Security Engineering."

Similar presentations

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in e-mails Integrated.

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
Streamline your supply chain communications with portal and dashboard visibility We bring order to your orders. Date: December 6, 2006.

Streamline your supply chain communications with portal and dashboard visibility We bring order to your orders. Date: December 6, 2006.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Similar presentations

Ads by Google