Presentation is loading. Please wait.

Presentation is loading. Please wait.

Layer Zero: Enabling The Security Stack Brandon Hoffman CTO, Lumeta © 2015 Lumeta Corporation.

Published bySamuel Paxson Modified over 9 years ago

Similar presentations

Presentation on theme: "Layer Zero: Enabling The Security Stack Brandon Hoffman CTO, Lumeta © 2015 Lumeta Corporation."— Presentation transcript:

1 Layer Zero: Enabling The Security Stack Brandon Hoffman CTO, Lumeta © 2015 Lumeta Corporation

2 The Security Stack SSO, IAM, Entitlements Identity WAF, AppSec Analyzers, Application Testers Application DLP, Encryption, Session Managers, Proxies Data HBFW, HIDS, Vuln Scanners, Agents/Shims, MDM Host/Device Router ACLs, Firewalls, IPS.IDS, NAC, Modelers Network Cloud NGFWs APT/ATA Controls No single device or product will provide full security. A security stack is needed.

3 The Security Stack Cloud NGFWs APT/ATA Controls These devices leverage data and metadata generated or analyzed by devices in other layers. In most cases they need this data to be effective.

4 The Security Stack: Missing Links The challenge is that all of these devices need other data that is not available from any of these sources. Cloud NGFWs APT/ATA Controls Needed:  Real time index of all network devices  Validation of zone/segment access  Shadow IT identification  Perimeter validation  Leak paths  Unknown connected networks Needed:  Real time index of all network devices  Validation of zone/segment access  Shadow IT identification  Perimeter validation  Leak paths  Unknown connected networks Needed:  Real time index of all attached devices  Full device profiling  Multi homed host identification  Unmanaged/unscanned hosts (agent/scan discrepancy) Needed:  Real time index of all attached devices  Full device profiling  Multi homed host identification  Unmanaged/unscanned hosts (agent/scan discrepancy) Needed:  Invalid/self-signed/unmanaged certificates  Traffic behind NAT/Proxies  Historic data asscoiation  Real time index of port usage  HTTP(s) banner enumeration  File share accessibility Needed:  Invalid/self-signed/unmanaged certificates  Traffic behind NAT/Proxies  Historic data asscoiation  Real time index of port usage  HTTP(s) banner enumeration  File share accessibility

5 The Security Stack: Layer Zero Foundational intelligence to enable the security stack Cloud NGFWs APT/ATA Controls Network Situational Awareness via Recursive Network Indexing

6 The Security Stack: Layer Zero Network Situational Awareness Steps Cloud NGFWs APT/ATA Controls Network Situational Awareness via Recursive Network Indexing INDEX COMPREHEND PREDICT

7 Network Situational Awareness Foundational intelligence to enable the security stack. INDEX COMPREHEND PREDICT Network Situational Awareness via Recursive Network Indexing INDEXING: Identify all devices that comprise the network and all devices attached Identify certificates Identify all ports in use Identify all banners and file shares Profile all devices Identify Shadow IT INDEXING: Identify all devices that comprise the network and all devices attached Identify certificates Identify all ports in use Identify all banners and file shares Profile all devices Identify Shadow IT COMPREHEND: Determine unscanned hosts Determine agentless/unmanaged hosts Determine multi-homed hosts Validate zone/segment access Determine leak paths Determine unknown/unmanaged networks COMPREHEND: Determine unscanned hosts Determine agentless/unmanaged hosts Determine multi-homed hosts Validate zone/segment access Determine leak paths Determine unknown/unmanaged networks PREDICT: Identify C2 leak paths Correlate vulnerabilities/malware to inappropriate access Feed automated patching Enhance asset inventory systems Trend data for historic association and review Close asset management gaps PREDICT: Identify C2 leak paths Correlate vulnerabilities/malware to inappropriate access Feed automated patching Enhance asset inventory systems Trend data for historic association and review Close asset management gaps

8 Recursive Network Indexing INDEXING: Identify all devices that comprise the network and all devices attached Identify certificates Identify all ports in use Identify all banners and file shares Profile all devices Identify Shadow IT INDEXING: Identify all devices that comprise the network and all devices attached Identify certificates Identify all ports in use Identify all banners and file shares Profile all devices Identify Shadow IT COMPREHEND: Determine unscanned hosts Determine agentless/unmanaged hosts Determine multi-homed hosts Validate zone/segment access Determine leak paths Determine unknown/unmanaged networks COMPREHEND: Determine unscanned hosts Determine agentless/unmanaged hosts Determine multi-homed hosts Validate zone/segment access Determine leak paths Determine unknown/unmanaged networks PREDICT: Identify C2 leak paths Correlate vulnerabilities/malware to inappropriate access Feed automated patching Enhance asset inventory systems Trend data for historic association and review Close asset management gaps PREDICT: Identify C2 leak paths Correlate vulnerabilities/malware to inappropriate access Feed automated patching Enhance asset inventory systems Trend data for historic association and review Close asset management gaps Cloud NGFWs APT/ATA Controls Network Situational Awareness via Recursive Network Indexing Get the data you need for the security you demand!

Download ppt "Layer Zero: Enabling The Security Stack Brandon Hoffman CTO, Lumeta © 2015 Lumeta Corporation."

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.

CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.

1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Securing Exchange Server 2003. Session Goals: Introduce you to the concepts and mechanisms for securing Exchange 2003. Examine the techniques and tools.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

Similar presentations

Ads by Google