Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next Step in Cyber Defense & Response Len Rosenberg, VP of Systems Engineering.

Published byAnnice Flowers Modified over 7 years ago

Similar presentations

Presentation on theme: "Next Step in Cyber Defense & Response Len Rosenberg, VP of Systems Engineering."— Presentation transcript:

1 Next Step in Cyber Defense & Response Len Rosenberg, VP of Systems Engineering

2 Agenda Who is Winning Survey Says Change the Rules

3 The Threat Landscape: 5 Major Trends 1. Highly Targeted Attacks 2.5x Increase in losses from targeted attacks yoy 80% Global 2000 hit by targeted attacks

4 The Threat Landscape: 5 Major Trends 1.Highly Targeted Attacks 2. Credential Theft https://www.rapid7.com/docs/Rapid7-IDR-Survey-Report.pdf http://www.cyberark.com/blog/what-percentage-of-your-windows-network-is-exposed-to-credential-theft-attacks/ 40% Windows hosts with high-risk credentials for pivot points 60% Can’t catch credential thieves today

5 The Threat Landscape: 5 Major Trends 1.Highly Targeted Attacks 2.Credential Theft 3. Insider Element 33% Enterprises that give partners privileged network access 41% Breaches caused by trusted partners Protiviti 2014 IT Security and Privacy Survey and 2015 PwC Information Security Breach Study

6 The Threat Landscape: 5 Major Trends 1.Highly Targeted Attacks 2.Credential Theft 3.Insider Element 4. Hijacked Security Layers 70 % Cloud applications impacted by Heartbleed SSL flaw 26k Netscreen Firewalls with malicious backdoor http://www.securityweek.com/juniper-firewall-backdoor-password-found-6-hours http://www.csoonline.com/article/3016788/security/junipers-backdoor-password-disclosed-likely-added-in-late-2013.html

7 The Threat Landscape: 5 Major Trends 1.Highly Targeted Attacks 2.Credential Theft 3.Insider Element 4.Hijacked Security Layers 5. New Threat Vectors 17 % Android apps that are malware 5 out of 6 large companies is hit with targeted attacks today 70 % IoT devices shipping with known vulnerabilities https://www.symantec.com/security_response/publications/threatreport.jsp http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.VvLFhpMrK-Y

8 Internet of Things PC BYOD IoT 199020152020 0 5 Billion 30 Billion

9 1 2 “Survey Says” Change the Rules

10 How Many Network Security Incidents? 72% The percentage of networks that had 5 or security incidents with the past 12 months. Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

11 Which type of devices had 5 or more security incidents in the last 12 months? Which Devices are Secure? BYOD – Bring your own device IoT = Internet of Things Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

12 Got Blind Spots? Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

13 What is your confidence level that agents are installed and working properly on your computers? Do Agents Provide the Security You Need? MDM = Mobile Device Management Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

14 Can Agents Do It All? IoT = Internet of Things Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

15 Would your security product benefit if it could automatically invoke a set of predetermined security controls? Ready for Automation? MDM = Mobile Device Management SIEM = Security and Event Management Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2016

16 1 2 “Survey Says” Change the Rules

17 1010011010001 1101001001 001101 00101101101 110010101101 1010011010001 1101001001 011001001101 1010011010001 1101001001 011001001101 110010101101 1010011010001 1101001001 00101101101 011001001101 00101101101 110010101101 1010011010001 110010101101 00101101101 SEE Assess Clarify Classify

18 Employee Partner Contractor Guest Who are you? Corporate BYOD Rogue Who owns your device? Windows, Mac iOS, Android VM Non-user devices, IoT What type of device? Switch/ Port/PoE Wireless/Controller VPN IP, MAC VLAN Where/how are you connecting? Configuration Software Services Patches Security Agent What is the device hygiene? Answers to Your Questions Reference Acronym Glossary at the end of presentation

19 Restrict Conform Notify Less Privileged Access Guest Network Corporate Network Quarantine Data Center Control

20 Control Your Endpoints Update application Configure Registry Start required application Stop blacklisted or legacy application Trigger external remediation system Applications/OS Self-remediation –Send email –Send to web page –Communicate policies Open help desk ticket User Communications Install agent Start agent Update agent Update configuration Trigger external remediation service Security Agents VLAN Assignment ACL Assignment Virtual Firewall Switch port block WLAN role Network Action Alert administrator Alert user about non-compliance Disable peripheral Disable USB ports Peripherals Reference Acronym Glossary at end of presentation

21 ATD SIEM VA EMM Custom Orchestrate

22 Break Down Security Silos - Orchestrate Action ATD Insight SIEM VA EMM Custom

23 432 Advanced Threat Detection Use Case BYOD DevicesRogue DevicesIoT Devices Internet Managed Devices Wireless LAN Controller 1 ATD system notifies ForeScout of an infected endpoint and threat profile ForeScout policy based on threat classification restricts network access of endpoint ForeScout initiates managed endpoint remediation actions using details from the ATD system and removes network access restrictions on endpoint ForeScout scans other managed endpoints on the network for the IOC and initiates remediation actions 1234 Switch 1 123 432 4 ATD 3 5 ForeScout scans endpoints for IOCs as new endpoints attempt to connect to the network 5 1 5 5 ForeScout CounterACT ® Reference Acronym Glossary at the end of presentation

24 432 Endpoint Protection Use Case Reference Acronym Glossary at the end of presentation BYOD DevicesRogue DevicesIoT Devices Internet Managed Devices Wireless LAN Controller 1 ForeScout discovers an endpoint connecting to the network ForeScout determines that it is a managed endpoint If ForeScout verifies based on the policy that EPP client is not installed or working, the endpoint is placed in restricted access and EPP client is installed If ForeScout verifies EPP is installed and running, then ForeScout provides endpoint appropriate network access 1234 Switch 1 123 43 Endpoint 34 2 ForeScout CounterACT ®

25 ?

26 THANK YOU!

27 Acronym Glossary ACL Access Control List ARP Address Resolution Protocol ATD Advanced Threat Detection BYOD Bring Your Own Device CEF Cisco Express Forwarding CoA Course of Action DHCP Dynamic Host Configuration Protocol DHCP Dynamic Host Configuration Protocol DNS Domain Name Server EMM Enterprise Mobility Management FERCFederal Energy Regulatory Commission FW Firewall GUI Graphical User Interface HIPAA Health Insurance Portability and Accountability Act HITECH Health Information for Technology for Economic and Clinical Health IDIdentification IM Instant Messaging IoC Indicators of Compromise iOSApple operating system for mobile devices IoT Internet of Things IP Internet Protocol NANot Applicable NAC Network Access Control NERC North American Electric Reliability Corporation NetbiosNetwork Basic Input/Output System 27 NICNetwork Interface Card NIMAPP Network Mapper NIST National Institute of Standards and Technology nmapnetwork mapper OS Operating System P2 Peer to Peer PCI Payment Card Industry PKI Private Key Infrastructure pxGrid Cisco Platform Exchange Grid RADIUS Remote Authentication Dial-In User Service Reauth Reauthorization RTURemote Terminal Unit SCADASupervisory Control and Data Acquisition SDK Software Developer Kit SGT Security Group Tags (Cisco) SIEM Security Information and Event Management SNMP Simple Network Management Protocol SOX Sarbanes Oxley SQL SQL Server SSID Service Set Identifider syslogstandard for messaging logging TACAS Terminal Access Controller Access Control TCO Total Cost Ownership USBUniversal Serial Bus VA Vulnerability Assessment VLAN Virtual Local Area Network VPN Virtual Private Network VPN Virtual Private Network XMPP Extensible Messaging and Presence Protocol

Download ppt "Next Step in Cyber Defense & Response Len Rosenberg, VP of Systems Engineering."

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.

© 2012 ForeScout Technologies, Page 1 Bob Reny, Sr. Systems Engineer Do you know NAC? Data Connectors - Vancouver 4/25/2013.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Wireless Network Security

Wireless Network Security
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
It’s Not Your Father’s NAC: Next-generation NAC

It’s Not Your Father’s NAC: Next-generation NAC
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
May 2015 Toni Buhrke, Director Systems Engineering.

May 2015 Toni Buhrke, Director Systems Engineering.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Implementing Network Access Protection

Implementing Network Access Protection
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance

Similar presentations

Ads by Google