We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTaylor Kitchin
Modified over 3 years ago
The Threat Within September 2004
Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A
Copyright © 2004 Q1 Labs. All Rights Reserved Insider Threats Are Growing US CERT study of cyber crimes in Financial Services: –78 percent of events caused by insiders Gartner: –Insiders responsible for 70 percent of security incidents that cause loss Network boundaries are disappearing
Copyright © 2004 Q1 Labs. All Rights Reserved Perimeter Defenses Leave External Security Holes Signature based systems are limited –Sophisticated attackers –Historical view 65% of all security incidents are the result of mis-configuration (Gartner) Worms fast moving threats continue to plague enterprises
Copyright © 2004 Q1 Labs. All Rights Reserved Policy And Compliance Policy compliance –Example: IM, P2P usage –Security exposure –Legal exposure –Wastage Industry regulation –SOX –HIPAA –GLB –etc, etc
Copyright © 2004 Q1 Labs. All Rights Reserved Tomorrow: Distributed Enforcement Enforcement Domain Is Becoming Distributed Blurred network boundaries, internal concerns demand distributed enforcement IPS Functions being built into many products –Firewalls, Switches, Routers, OS Today: Perimeter Enforcement
Copyright © 2004 Q1 Labs. All Rights Reserved Today: Perimeter Enforcement Enterprise-wide Threat Analysis, Detection And Response Needed
Copyright © 2004 Q1 Labs. All Rights Reserved An Analogy: Airport Security Check rules Block Check behavior Block Enforcement Total Security Surveillance
Copyright © 2004 Q1 Labs. All Rights Reserved Network Surveillance And Behavior Enforcement Profiles network behavior of systems, applications –Analyzes network flows –Models behavior Identifies anomalies –External threats: Worms, Trojans, DOS –Internal threats: Insider attacks, stealthy scans –Policy violation: P2P, IM, network misuse –Compliance violation: HIPAA Identifies corrective measures –Real-time and historical view –Months of network activity stored –Application level details and data capture –Comprehensive search mechanisms TAKE ACTION!
Copyright © 2004 Q1 Labs. All Rights Reserved Stealthy activity Worm activity Addressing Internal And External Risks
Copyright © 2004 Q1 Labs. All Rights Reserved Increasing Operational Efficiency Rapid time-to-resolve Instant access to activity database ensures rapid event resolution without additional staff –Complete audit of network activity - no transaction is lost –Instant real-time access to terabytes of data - very granular Ability to pivot data on demand ensures rapid identification of problem source –Network, protocol, ports and application views of data –Local, remote and geographic views of data –Threat views Problem easily isolated to specific machines, network segments Security event data integration Hierarchical multi-user and role-based access
Copyright © 2004 Q1 Labs. All Rights Reserved Example Compliance: HIPAA StandardSectionImplementation SpecificationsR/AR/AQRadar Relevance Security Management Process §164.308 (a) (1)Risk analysis Risk management Information system activity review RRRRRR XXXXXX Information Access Management §164.308 (a) (4)Access managementAX Security Awareness And Training §164.308 (a) (5)Protection from malicious software Log-in monitoring AAAA XXXX Security Incident Procedures §164.308 (a) (6)Response and reportingRX Evaluation §164.308 (a) (8)EvaluationRX Audit Controls §164.312 (b)Audit ControlsRX Behavioral Enforcement addresses key provisions of the Security Rule
Copyright © 2004 Q1 Labs. All Rights Reserved Q1 Labs Solution: Real-time Anomaly Detection And Resolution
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess Case Study 140 sites of care 65 satellite clinics 3500 hosts 100 applications Environment: –Main frame –AS400 –Unix –Windows –Linux
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess And QRadar Success Story Before QRadar: May 2003, Lovegate infection –Over 2000 hosts were infected –Clean-up took several weeks –There were significant service disruptions After QRadar: May 2004, MyDoom infection –Three hosts were infected –Clean-up took 1 hour QRadar also used to identify policy violations –Cleartext passwords QRadar key element of HIPAA compliance
Copyright © 2004 Q1 Labs. All Rights Reserved Summary Security gaps persist –Internal threats –External threats –policy and compliance enforcement Industry is reshaping to address gaps A new security architecture emerges –Behavior analytics and enforcement is at the core QRadar is a leading behavioral enforcement platform –Analytics –Surveillance –Enforcement
Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.
The Most Analytical and Comprehensive Defense Network in a Box.
Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.
© 2019 SlidePlayer.com Inc. All rights reserved.