Presentation is loading. Please wait.

Presentation is loading. Please wait.

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003."— Presentation transcript:

1

2 ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003

3 The Problem Constant New Threats and Vulnerabilities Current Solutions Not Sufficient Reactive Solutions Incur False Positives Reactive Solutions Miss Unknown Attacks Do not allow for automatic action Inherent Window of Vulnerability High Maintenance and TCO

4 A New Approach to Network Security Proven IntentAnalysisPolicy Protect By.. Key Issues Identify attacker intent Stop attacker from reaching network Proactive Pattern recognition By Anomaly Forensics Reactive Access list by services offered Characteristics Low Cost Low Complexity Dynamic High Cost To Update To Manage Low Cost Defined Policy Static Cost to Maintain Accurate Confident to act. If ActiveScout identifies a Bad Guy: It’s a BAD GUY! False Positives Not confident to take automatic action Accurate Does exactly what you told it to do! Accuracy (False Positives) ActiveScoutIDS / IPSFirewall Product

5 Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Email Server Web Server Reconnaissance 20 types Precedes Majority of Attacks

6 Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Email Server Web Server Reconnaissance 20 types Precedes Majority of Attacks

7 Most network attacks are preceded by reconnaissance activity to determine available services and network resources. AttackerInternetRouter FirewallEnterprise Typical Attack Process

8 The network sends information about available hosts and services in response to the reconnaissance. AttackerInternetRouter FirewallEnterprise Typical Attack Process

9 With this information, the attacker utilizes existing or new exploits to break into the network. AttackerInternetRouter FirewallEnterprise Typical Attack Process

10 ActiveScout Intrusion Prevention ActiveScout identifies all reconnaissance used by a potential attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager

11 ActiveScout watches the network’s response, and sends its own unique information to the potential attacker. This unique information, or ‘mark’, is not distinguishable from the network’s legitimate response. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention

12 When the attacker uses the mark to launch an exploit, ActiveScout accurately identifies it and can actively block the attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention

13 Growing Risk of Unknown Attacks Q1 thru Q3 Only Vulnerability increase of 5000% from 1995 to 2001 Source: CERT Coordination Center, 2002 New Vulnerabilities 89% of corporations successfully attacked had firewalls, 60% had Legacy IDSes. Source: CSI/FBI 2002 Report

14 The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Blocks Unknown Attacks Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block)

15 The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block) Blocks Unknown Attacks

16 Time to Prevention Without ActiveScout Protection available New vulnerabilities (hundreds/month) Exploit is known to security community Spida spreads Spida detected Protection offered Time New Vulnerabilities Window of Vulnerability Time to Protection – Days/Weeks/Months/Never?

17 Time Spida spreads Spida detected Protection offered Protection available Exploit is known to security community New Vulnerabilities New vulnerabilities (hundreds/month) Time to Protection – Immediate Window of Vulnerability – Zero Instantaneous Prevention With ActiveScout

18 State of Security Today Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

19 State of Security Today Firewall Intranet Security Internet Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

20 Firewall ActiveScout ActiveScout Prevents intrusions from known and unknown threats in front of the firewall Intranet Security Instantaneous Prevention Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus) Internet

21 The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention Blocks Unknown Attacks 100% Accurate (no false positives, confidence to block)

22 ActiveScout Minimal Cost of Prevention Legacy Systems ActiveScout Action Analysis of alerts Correlation analysis Policy tuning Fix the damage Installation Software updates Signature updates Write your own signature $$$$$$$$$$Investment

23 The ActiveScout Difference False Alarm RateTime to PreventionCost of Prevention 30%-60% 0% Days, Months, Years $$$$$$$ 0% $ Conventional Systems Conventional Systems Conventional Systems ActiveScout

24 ForeScout’s Intrusion Prevention Solutions ActiveScout Site Solution Precisely identifies and then blocks attackers at a single internet access point with zero false alarms. ActiveScout Enterprise Solution Precisely identifies and then blocks attackers with zero false alarms across a large enterprise. Enterprise Manager ׀Provides centralized management of all Scouts deployed Enterprise Heads-Up ׀Thwarts the rapid spread of attacks from one internet access point to the next.

25 . Internet Scout Site Manager Router Enterprise Firewall ActiveScout Site Solution Intrusion Prevention for Each Internet Access Point

26 ActiveScout Enterprise Solution Protects an entire enterprise Centralized viewing of all attack activity around the world Centralized management of groups of Scouts Ability to push new software updates to remote Scouts

27 Internet Scout Management Server Enterprise Manager Site Manager ActiveScout Enterprise Solution Intrusion Prevention for Multiple Internet Access Points Scout

28 Enterprise Heads-Up Enterprise deployments only Immediate sharing of threat information across multiple Scouts to assure proactive prevention across the enterprise Provides the fastest way to protect from new attacks traversing the internet

29 Enterprise Heads-Up Step 3. San Francisco Scout ready to block attacker Step 1. Attacker detected by New York Scout Step 2. Attack information immediately sent to Management Server New York San Francisco Management Server

30 Summary Accurate Identification Zero False Positives Block Known and Unknown Attacks Instantaneous Prevention Minimal Cost of Prevention

31 ForeScout Technologies, Inc. 2755 Campus Drive, Suite 115 San Mateo, CA 94403 (650) 358-5580 www.forescout.com Ayelet Steinitz Product Manager, ActiveScout Tel. (650)358-5586 asteinitz@forescout.com

Download ppt "ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
CN 8822. Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Solidcore Harness the Power of Change John Sebes CTO Solidcore Systems, Inc. Case Study:

Solidcore Harness the Power of Change John Sebes CTO Solidcore Systems, Inc. Case Study:
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Department Of Computer Engineering

Department Of Computer Engineering
Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Similar presentations

Ads by Google