Download presentation
Presentation is loading. Please wait.
Published byTaylor Kitchin Modified over 9 years ago
1
The Threat Within September 2004
2
Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A
3
Copyright © 2004 Q1 Labs. All Rights Reserved Insider Threats Are Growing US CERT study of cyber crimes in Financial Services: –78 percent of events caused by insiders Gartner: –Insiders responsible for 70 percent of security incidents that cause loss Network boundaries are disappearing
4
Copyright © 2004 Q1 Labs. All Rights Reserved Perimeter Defenses Leave External Security Holes Signature based systems are limited –Sophisticated attackers –Historical view 65% of all security incidents are the result of mis-configuration (Gartner) Worms fast moving threats continue to plague enterprises
5
Copyright © 2004 Q1 Labs. All Rights Reserved Policy And Compliance Policy compliance –Example: IM, P2P usage –Security exposure –Legal exposure –Wastage Industry regulation –SOX –HIPAA –GLB –etc, etc
6
Copyright © 2004 Q1 Labs. All Rights Reserved Tomorrow: Distributed Enforcement Enforcement Domain Is Becoming Distributed Blurred network boundaries, internal concerns demand distributed enforcement IPS Functions being built into many products –Firewalls, Switches, Routers, OS Today: Perimeter Enforcement
7
Copyright © 2004 Q1 Labs. All Rights Reserved Today: Perimeter Enforcement Enterprise-wide Threat Analysis, Detection And Response Needed
8
Copyright © 2004 Q1 Labs. All Rights Reserved An Analogy: Airport Security Check rules Block Check behavior Block Enforcement Total Security Surveillance
9
Copyright © 2004 Q1 Labs. All Rights Reserved Network Surveillance And Behavior Enforcement Profiles network behavior of systems, applications –Analyzes network flows –Models behavior Identifies anomalies –External threats: Worms, Trojans, DOS –Internal threats: Insider attacks, stealthy scans –Policy violation: P2P, IM, network misuse –Compliance violation: HIPAA Identifies corrective measures –Real-time and historical view –Months of network activity stored –Application level details and data capture –Comprehensive search mechanisms TAKE ACTION!
10
Copyright © 2004 Q1 Labs. All Rights Reserved Stealthy activity Worm activity Addressing Internal And External Risks
11
Copyright © 2004 Q1 Labs. All Rights Reserved Increasing Operational Efficiency Rapid time-to-resolve Instant access to activity database ensures rapid event resolution without additional staff –Complete audit of network activity - no transaction is lost –Instant real-time access to terabytes of data - very granular Ability to pivot data on demand ensures rapid identification of problem source –Network, protocol, ports and application views of data –Local, remote and geographic views of data –Threat views Problem easily isolated to specific machines, network segments Security event data integration Hierarchical multi-user and role-based access
12
Copyright © 2004 Q1 Labs. All Rights Reserved Example Compliance: HIPAA StandardSectionImplementation SpecificationsR/AR/AQRadar Relevance Security Management Process §164.308 (a) (1)Risk analysis Risk management Information system activity review RRRRRR XXXXXX Information Access Management §164.308 (a) (4)Access managementAX Security Awareness And Training §164.308 (a) (5)Protection from malicious software Log-in monitoring AAAA XXXX Security Incident Procedures §164.308 (a) (6)Response and reportingRX Evaluation §164.308 (a) (8)EvaluationRX Audit Controls §164.312 (b)Audit ControlsRX Behavioral Enforcement addresses key provisions of the Security Rule
13
Copyright © 2004 Q1 Labs. All Rights Reserved Q1 Labs Solution: Real-time Anomaly Detection And Resolution
14
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess Case Study 140 sites of care 65 satellite clinics 3500 hosts 100 applications Environment: –Main frame –AS400 –Unix –Windows –Linux
15
Copyright © 2004 Q1 Labs. All Rights Reserved Borgess And QRadar Success Story Before QRadar: May 2003, Lovegate infection –Over 2000 hosts were infected –Clean-up took several weeks –There were significant service disruptions After QRadar: May 2004, MyDoom infection –Three hosts were infected –Clean-up took 1 hour QRadar also used to identify policy violations –Cleartext passwords QRadar key element of HIPAA compliance
16
Copyright © 2004 Q1 Labs. All Rights Reserved Summary Security gaps persist –Internal threats –External threats –policy and compliance enforcement Industry is reshaping to address gaps A new security architecture emerges –Behavior analytics and enforcement is at the core QRadar is a leading behavioral enforcement platform –Analytics –Surveillance –Enforcement
17
Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.