Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

Published byTaylor Kitchin Modified over 9 years ago

Similar presentations

Presentation on theme: "The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example."— Presentation transcript:

1 The Threat Within September 2004

2 Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A

3 Copyright © 2004 Q1 Labs. All Rights Reserved Insider Threats Are Growing US CERT study of cyber crimes in Financial Services: –78 percent of events caused by insiders Gartner: –Insiders responsible for 70 percent of security incidents that cause loss Network boundaries are disappearing

4 Copyright © 2004 Q1 Labs. All Rights Reserved Perimeter Defenses Leave External Security Holes Signature based systems are limited –Sophisticated attackers –Historical view 65% of all security incidents are the result of mis-configuration (Gartner) Worms fast moving threats continue to plague enterprises

5 Copyright © 2004 Q1 Labs. All Rights Reserved Policy And Compliance Policy compliance –Example: IM, P2P usage –Security exposure –Legal exposure –Wastage Industry regulation –SOX –HIPAA –GLB –etc, etc

6 Copyright © 2004 Q1 Labs. All Rights Reserved Tomorrow: Distributed Enforcement Enforcement Domain Is Becoming Distributed Blurred network boundaries, internal concerns demand distributed enforcement IPS Functions being built into many products –Firewalls, Switches, Routers, OS Today: Perimeter Enforcement

7 Copyright © 2004 Q1 Labs. All Rights Reserved Today: Perimeter Enforcement Enterprise-wide Threat Analysis, Detection And Response Needed

8 Copyright © 2004 Q1 Labs. All Rights Reserved An Analogy: Airport Security Check rules Block Check behavior Block Enforcement Total Security Surveillance

9 Copyright © 2004 Q1 Labs. All Rights Reserved Network Surveillance And Behavior Enforcement Profiles network behavior of systems, applications –Analyzes network flows –Models behavior Identifies anomalies –External threats: Worms, Trojans, DOS –Internal threats: Insider attacks, stealthy scans –Policy violation: P2P, IM, network misuse –Compliance violation: HIPAA Identifies corrective measures –Real-time and historical view –Months of network activity stored –Application level details and data capture –Comprehensive search mechanisms TAKE ACTION!

10 Copyright © 2004 Q1 Labs. All Rights Reserved Stealthy activity Worm activity Addressing Internal And External Risks

11 Copyright © 2004 Q1 Labs. All Rights Reserved Increasing Operational Efficiency Rapid time-to-resolve Instant access to activity database ensures rapid event resolution without additional staff –Complete audit of network activity - no transaction is lost –Instant real-time access to terabytes of data - very granular Ability to pivot data on demand ensures rapid identification of problem source –Network, protocol, ports and application views of data –Local, remote and geographic views of data –Threat views Problem easily isolated to specific machines, network segments Security event data integration Hierarchical multi-user and role-based access

12 Copyright © 2004 Q1 Labs. All Rights Reserved Example Compliance: HIPAA StandardSectionImplementation SpecificationsR/AR/AQRadar Relevance Security Management Process §164.308 (a) (1)Risk analysis Risk management Information system activity review RRRRRR XXXXXX Information Access Management §164.308 (a) (4)Access managementAX Security Awareness And Training §164.308 (a) (5)Protection from malicious software Log-in monitoring AAAA XXXX Security Incident Procedures §164.308 (a) (6)Response and reportingRX Evaluation §164.308 (a) (8)EvaluationRX Audit Controls §164.312 (b)Audit ControlsRX Behavioral Enforcement addresses key provisions of the Security Rule

13 Copyright © 2004 Q1 Labs. All Rights Reserved Q1 Labs Solution: Real-time Anomaly Detection And Resolution

14 Copyright © 2004 Q1 Labs. All Rights Reserved Borgess Case Study 140 sites of care 65 satellite clinics 3500 hosts 100 applications Environment: –Main frame –AS400 –Unix –Windows –Linux

15 Copyright © 2004 Q1 Labs. All Rights Reserved Borgess And QRadar Success Story Before QRadar: May 2003, Lovegate infection –Over 2000 hosts were infected –Clean-up took several weeks –There were significant service disruptions After QRadar: May 2004, MyDoom infection –Three hosts were infected –Clean-up took 1 hour QRadar also used to identify policy violations –Cleartext passwords QRadar key element of HIPAA compliance

16 Copyright © 2004 Q1 Labs. All Rights Reserved Summary Security gaps persist –Internal threats –External threats –policy and compliance enforcement Industry is reshaping to address gaps A new security architecture emerges –Behavior analytics and enforcement is at the core QRadar is a leading behavioral enforcement platform –Analytics –Surveillance –Enforcement

17 Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs

Download ppt "The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.

1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Department Of Computer Engineering

Department Of Computer Engineering
Network security policy: best practices

Network security policy: best practices
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google