Presentation is loading. Please wait.

Presentation is loading. Please wait.

McAfee Security Connected – Next Generation Security

Published byAubrie Malone Modified over 5 years ago

Similar presentations

Presentation on theme: "McAfee Security Connected – Next Generation Security"— Presentation transcript:

1 McAfee Security Connected – Next Generation Security
Barna Tamás CISSP, Security+ Security Systems Engineer/Eastern Europe September 20, 2018

2 Next Generation Security
Threats & Trends Security Connected Next Generation Security 2 2

3 Threats & Trends September 20, 2018

4 Threats & Trends The growth in the number of new malware continues unabated. McAfee Labs identifies approximately 60,000 pieces of new malware each day. At its current pace the total number of malware samples in the McAfee “zoo” will reach 75 million by the end of 2011 For the first six months of 2011 new malware detections increased 22% over same period in 2010.

5 Threats & Trends

6 Threats & Trends

7 Unique Rootkit Malware
Stealth Landscape Rootkit Family Binaries % %rootkit% 2,119,705 100.00% Koutodoor 452,042 21.33% TDSS 389,216 18.36% Farfli 167,895 7.92% *MBR* 162,605 7.67% Caxnet 106,860 5.04% Prosti 80,887 3.82% DNS Changer 74,010 3.49% Cutwail 32,560 1.54% LDPinch 18,590 0.88% Unique Rootkit Malware 250,000 200,000 150,000 100,000 50,000 Q107 Q207 Q307 Q407 Q108 Q208 Q308 Q408 Q109 Q209 Q309 Q409 Q110 Q210 Q310 Q410 Q111 Q211 Q311 Q411 Q112 September 20, 2018

8 Threats & Trends

9 Threats & Trends

10 Threats & Trends

11 Threats & Trends

12 Threats Continue to Move Down the Stack
Traditional attacks—and defenses—focused primarily on the application layer Applications/RDBMS Attack and disable security products and hence all protection AV HIPS Infect OS with APT’s resulting in threats hidden from security products Operating System Compromise virtual machine and hence all guest machines within Virtual Machine Rogue peripherals & firmware bypassing all other security measures I/O Memory Disk Network Display This single slide talks about what most people think of as security in the chip. If you look at the operating system and virtual machine layer, in today’s world everything McAfee does runs on top of that layer. Antivirus, HIPS, all our security technology sits on top of that layer. What we’re doing is bringing security beyond the operating system. Why? Because threats are already there. There is stealth malware that hides itself below the operating system that can compromise the OS and cause it to report incorrect information to the security software running on top of the OS which makes it very challenging for security software to detect and remove. A lot of this new malware circumvents security. There is a need for a new vantage point – for security beyond the OS to determine, isolate, and remove a threat that is compromising the OS. Compare it to a battle at sea, where the ships on the water can see what’s at their level and what’s above them, but it they can get attacked easily by submarines and torpedoes. You need to have sensors underneath to see what’s attacking you there. Also, going beneath the operating system will improve security performance. Running a blacklist of millions of malware pieces in a security application is not sustainable. Utilizing hardware in the security model offers an alternative. We are developing security technology that sits below the operating and interacts with existing features in the silicon. Malware/rootkits target Storage Devices gain Unauthorized control “Ultimate APT’s” compromise devices below OS, either before or after shipment BIOS CPU

13 Intel + McAfee Strategy Security = Third Pillar of Computing
BETTER SECURITY SOLUTIOINS AND PRODUCTS Power Efficient Performance Internet Connectivity Security Secure Mobile Devices Secure Embedded Devices Next Generation Endpoint Security Cloud Security Platform Active Silicon Features September 20, 2018

14 What It Takes to Make An Organization SAFE
WHAT WE MUST KNOW… Who Am I Dealing With What Is the Purpose What Data Is Accessed Evaluate Risk Continuous Monitoring Learning and Intelligence Datacenter

15 Technology Architecture for Security
How Connected Is Your Security? DLP Agent Host IPS Agent Encryption Antivirus Agent NAC One area that you've embraced and we can continue to embrace further is understanding your architecture around the endpoint. Clearly every solution we deploy has an agent, if you look at your typical environment, you're non-optimized environment; you're going to see an agent for auditing, an agent for DLP, an agent for NAC and another one for encryption. For every agent we have out there we pick up a console to manage that agent and as you know every console ends up requiring a server to sit on and every server has to connect to some data storage an OS database. Now we need the people to patch and manage that. Where does it end? When we look at that costs structure of simply that environment it starts to get outrageous. Audit Agent Systems Management Agent EVERY SOLUTION HAS AN AGENT EVERY AGENT HAS A CONSOLE EVERY CONSOLE REQUIRES A SERVER EVERY SERVER REQUIRES AN OS/DB EVERY OS/DB REQUIRES PEOPLE, MAINTENANCE, PATCHING WHERE DOES IT END?

16 Technology Architecture for Security
How Connected Is Your Security? McAfee ePO Server (AV, DLP, NAC, Encryption, PA, Site Advisor) What we've worked with TNB on is the first phase and getting that down to a single agent and single console. We still have a little more work to do, but you're starting to see the benefits of that reduced TCO, additionally you're started to get real tangible security benefits as well. One of the areas we'd like to work on together next is improving how the work flow that supports these solutions occurs. SINGLE AGENT SINGLE CONSOLE

17 Vulnerability Information
Automation – GTI Threat Intelligence Feeds Other feeds and analysis Endpoints Appliances Servers Firewalls File Reputation Engine Reputation Engine Web Reputation Engine Network Reputation Engine DeepSAFE will make Global Threat Intelligence more effective because it will help expose new unknown threats (i.e. Rootkits, viruses, etc.). As DeepSAFE detects these new threats it will send that information back to the GTI cloud. Once these threats are detected the protection will then be added to the DAT file so that other endpoints can be protected. Vulnerability Information Browser Firewall Web AV HIPS AWL Mobile 17

18 McAfee Solution Platform
NETWORK SECURITY Next Generation Firewall Intrusion Prevention Access Control Network User Behavior Analysis ENDPOINT SECURITY Malware Protection Device Encryption Application Whitelisting Desktop Firewall Device Control Protection & Anti-Spam Network Access Control Server & Database Protection Smartphone and Tablet Protection Virtual Machine and VDI Protection On Chip (Silicon-Based) Security Embedded Device Protection GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY GLOBAL THREAT INTELLIGENCE McAfee Security Management ENDPOINT SECURITY NETWORK SECURITY CLOUD SECURITY CLOUD SECURITY Security Web Security Data Loss Prevention Encryption SECURITY MANAGEMENT ePolicy Orchestrator (ePO) Policy Auditing & Management Vulnerability Management Risk Management Compliance SIA COMMUNITY McAfee Connected Global Strategic Alliance Partners Security Innovation Alliance

19 McAfee’s Extensible Platform for Security Risk Management Industry Leadership to Drive Better Protection, Greater Compliance, and Lower TCO SIA Associate Partner SIA Technology Partner (McAfee Compatible) 19

20

Download ppt "McAfee Security Connected – Next Generation Security"

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Is technology ubiquity a chance to re-connect security? Greg Day Director of Security Strategy.

Is technology ubiquity a chance to re-connect security? Greg Day Director of Security Strategy.
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.

© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Solution Briefing Flexible Workstyle. Solution Briefing work-life blur more mobile tech savvy multiple devices digital generation fast paced Consumerization.

Solution Briefing Flexible Workstyle. Solution Briefing work-life blur more mobile tech savvy multiple devices digital generation fast paced Consumerization.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.

Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Similar presentations

Ads by Google