We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTaylor Kitchin
Modified about 1 year ago
The Threat Within September 2004
Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A
Copyright © 2004 Q1 Labs. All Rights Reserved Insider Threats Are Growing US CERT study of cyber crimes in Financial Services: –78 percent of events caused by insiders Gartner: –Insiders responsible for 70 percent of security incidents that cause loss Network boundaries are disappearing
Copyright © 2004 Q1 Labs. All Rights Reserved Perimeter Defenses Leave External Security Holes Signature based systems are limited –Sophisticated attackers –Historical view 65% of all security incidents are the result of mis-configuration (Gartner) Worms fast moving threats continue to plague enterprises
Copyright © 2004 Q1 Labs. All Rights Reserved Policy And Compliance Policy compliance –Example: IM, P2P usage –Security exposure –Legal exposure –Wastage Industry regulation –SOX –HIPAA –GLB –etc, etc
Copyright © 2004 Q1 Labs. All Rights Reserved Tomorrow: Distributed Enforcement Enforcement Domain Is Becoming Distributed Blurred network boundaries, internal concerns demand distributed enforcement IPS Functions being built into many products –Firewalls, Switches, Routers, OS Today: Perimeter Enforcement
Copyright © 2004 Q1 Labs. All Rights Reserved Today: Perimeter Enforcement Enterprise-wide Threat Analysis, Detection And Response Needed
Copyright © 2004 Q1 Labs. All Rights Reserved An Analogy: Airport Security Check rules Block Check behavior Block Enforcement Total Security Surveillance
Copyright © 2004 Q1 Labs. All Rights Reserved Network Surveillance And Behavior Enforcement Profiles network behavior of systems, applications –Analyzes network flows –Models behavior Identifies anomalies –External threats: Worms, Trojans, DOS –Internal threats: Insider attacks, stealthy scans –Policy violation: P2P, IM, network misuse –Compliance violation: HIPAA Identifies corrective measures –Real-time and historical view –Months of network activity stored –Application level details and data capture –Comprehensive search mechanisms TAKE ACTION!
Copyright © 2004 Q1 Labs. All Rights Reserved Stealthy activity Worm activity Addressing Internal And External Risks
Copyright © 2004 Q1 Labs. All Rights Reserved Increasing Operational Efficiency Rapid time-to-resolve Instant access to activity database ensures rapid event resolution without additional staff –Complete audit of network activity - no transaction is lost –Instant real-time access to terabytes of data - very granular Ability to pivot data on demand ensures rapid identification of problem source –Network, protocol, ports and application views of data –Local, remote and geographic views of data –Threat views Problem easily isolated to specific machines, network segments Security event data integration Hierarchical multi-user and role-based access
Copyright © 2004 Q1 Labs. All Rights Reserved Example Compliance: HIPAA StandardSectionImplementation SpecificationsR/AR/AQRadar Relevance Security Management Process §164.308 (a) (1)Risk analysis Risk management Information system activity review RRRRRR XXXXXX Information Access Management §164.308 (a) (4)Access managementAX Security Awareness And Training §164.308 (a) (5)Protection from malicious software Log-in monitoring AAAA XXXX Security Incident Procedures §164.308 (a) (6)Response and reportingRX Evaluation §164.308 (a) (8)EvaluationRX Audit Controls §164.312 (b)Audit ControlsRX Behavioral Enforcement addresses key provisions of the Security Rule
Copyright © 2004 Q1 Labs. All Rights Reserved Q1 Labs Solution: Real-time Anomaly Detection And Resolution
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess Case Study 140 sites of care 65 satellite clinics 3500 hosts 100 applications Environment: –Main frame –AS400 –Unix –Windows –Linux
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess And QRadar Success Story Before QRadar: May 2003, Lovegate infection –Over 2000 hosts were infected –Clean-up took several weeks –There were significant service disruptions After QRadar: May 2004, MyDoom infection –Three hosts were infected –Clean-up took 1 hour QRadar also used to identify policy violations –Cleartext passwords QRadar key element of HIPAA compliance
Copyright © 2004 Q1 Labs. All Rights Reserved Summary Security gaps persist –Internal threats –External threats –policy and compliance enforcement Industry is reshaping to address gaps A new security architecture emerges –Behavior analytics and enforcement is at the core QRadar is a leading behavioral enforcement platform –Analytics –Surveillance –Enforcement
Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 2 Network Security Basics.
KFSensor Honeypot and Intrusion Detection System Sunil Gurung [60-475] Security and Privacy on the Internet.
Module 11: Designing Security for Network Perimeters.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Network security policy: best practices Ref: document ID
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
1. INTRUSION Intrusion Detection system Intrusion Preventation system 2.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
1 Telstra in Confidence Managing Security for our Mobile Technology.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Module 14: Configuring Server Security Compliance.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Vantage Report 3.0 Product Sales Guide Yvonne Wu Product Marketing & Management Network Security & Application Division ZyXEL Communications Corp. Sept.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Protection from internal threats: Evolution of DLP or Who sets trends.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Security Controls – What Works Southside Virginia Community College: Security Awareness.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Brian Bradley. Data is any type of stored digital information. Security is about the protection of assets. Prevention: measures taken to protect.
By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Stephen S. Yau CSE , Fall Security Strategies.
The Most Analytical and Comprehensive Defense Network in a Box.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
The ProactiveWatch Monitoring Service. Are These Problems For You? Your business gets disrupted when your IT environment has issues Your employee and.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
COEN 252 Computer Forensics Collecting Network-based Evidence.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Go Back in Time On Your Network Get Faster Problem Resolution.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Copyright 2009 Trend Micro Inc. Harish Agastya, Director Server Security Product Marketing Server Security Press Presentation.
Note1 (Admi1) Overview of administering security.
© 2017 SlidePlayer.com Inc. All rights reserved.