We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTaylor Kitchin
Modified over 2 years ago
The Threat Within September 2004
Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A
Copyright © 2004 Q1 Labs. All Rights Reserved Insider Threats Are Growing US CERT study of cyber crimes in Financial Services: –78 percent of events caused by insiders Gartner: –Insiders responsible for 70 percent of security incidents that cause loss Network boundaries are disappearing
Copyright © 2004 Q1 Labs. All Rights Reserved Perimeter Defenses Leave External Security Holes Signature based systems are limited –Sophisticated attackers –Historical view 65% of all security incidents are the result of mis-configuration (Gartner) Worms fast moving threats continue to plague enterprises
Copyright © 2004 Q1 Labs. All Rights Reserved Policy And Compliance Policy compliance –Example: IM, P2P usage –Security exposure –Legal exposure –Wastage Industry regulation –SOX –HIPAA –GLB –etc, etc
Copyright © 2004 Q1 Labs. All Rights Reserved Tomorrow: Distributed Enforcement Enforcement Domain Is Becoming Distributed Blurred network boundaries, internal concerns demand distributed enforcement IPS Functions being built into many products –Firewalls, Switches, Routers, OS Today: Perimeter Enforcement
Copyright © 2004 Q1 Labs. All Rights Reserved Today: Perimeter Enforcement Enterprise-wide Threat Analysis, Detection And Response Needed
Copyright © 2004 Q1 Labs. All Rights Reserved An Analogy: Airport Security Check rules Block Check behavior Block Enforcement Total Security Surveillance
Copyright © 2004 Q1 Labs. All Rights Reserved Network Surveillance And Behavior Enforcement Profiles network behavior of systems, applications –Analyzes network flows –Models behavior Identifies anomalies –External threats: Worms, Trojans, DOS –Internal threats: Insider attacks, stealthy scans –Policy violation: P2P, IM, network misuse –Compliance violation: HIPAA Identifies corrective measures –Real-time and historical view –Months of network activity stored –Application level details and data capture –Comprehensive search mechanisms TAKE ACTION!
Copyright © 2004 Q1 Labs. All Rights Reserved Stealthy activity Worm activity Addressing Internal And External Risks
Copyright © 2004 Q1 Labs. All Rights Reserved Increasing Operational Efficiency Rapid time-to-resolve Instant access to activity database ensures rapid event resolution without additional staff –Complete audit of network activity - no transaction is lost –Instant real-time access to terabytes of data - very granular Ability to pivot data on demand ensures rapid identification of problem source –Network, protocol, ports and application views of data –Local, remote and geographic views of data –Threat views Problem easily isolated to specific machines, network segments Security event data integration Hierarchical multi-user and role-based access
Copyright © 2004 Q1 Labs. All Rights Reserved Example Compliance: HIPAA StandardSectionImplementation SpecificationsR/AR/AQRadar Relevance Security Management Process §164.308 (a) (1)Risk analysis Risk management Information system activity review RRRRRR XXXXXX Information Access Management §164.308 (a) (4)Access managementAX Security Awareness And Training §164.308 (a) (5)Protection from malicious software Log-in monitoring AAAA XXXX Security Incident Procedures §164.308 (a) (6)Response and reportingRX Evaluation §164.308 (a) (8)EvaluationRX Audit Controls §164.312 (b)Audit ControlsRX Behavioral Enforcement addresses key provisions of the Security Rule
Copyright © 2004 Q1 Labs. All Rights Reserved Q1 Labs Solution: Real-time Anomaly Detection And Resolution
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess Case Study 140 sites of care 65 satellite clinics 3500 hosts 100 applications Environment: –Main frame –AS400 –Unix –Windows –Linux
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess And QRadar Success Story Before QRadar: May 2003, Lovegate infection –Over 2000 hosts were infected –Clean-up took several weeks –There were significant service disruptions After QRadar: May 2004, MyDoom infection –Three hosts were infected –Clean-up took 1 hour QRadar also used to identify policy violations –Cleartext passwords QRadar key element of HIPAA compliance
Copyright © 2004 Q1 Labs. All Rights Reserved Summary Security gaps persist –Internal threats –External threats –policy and compliance enforcement Industry is reshaping to address gaps A new security architecture emerges –Behavior analytics and enforcement is at the core QRadar is a leading behavioral enforcement platform –Analytics –Surveillance –Enforcement
Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
IS3220 Information Technology Infrastructure Security
Honeypot and Intrusion Detection System
Module 11: Designing Security for Network Perimeters.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Network security policy: best practices
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Department Of Computer Engineering
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
1 Telstra in Confidence Managing Security for our Mobile Technology.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Module 14: Configuring Server Security Compliance
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Vantage Report 3.0 Product Sales Guide
© 2017 SlidePlayer.com Inc. All rights reserved.