Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

Published byRoxanne Williamson Modified over 9 years ago

Similar presentations

Presentation on theme: "“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14."— Presentation transcript:

1 “Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14

2 ISACA June Training Seminar Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

3 ISACA June Training Seminar Today’s Threat Landscape Organized Attackers Increasing Volume Sophisticated Remediation is broken Must prevent attacks across perimeter, cloud and mobile Limited correlation across disjointed security technologies. Limited security expertise CSO challenges

4 ISACA June Training Seminar SaaS - Apps are moving off the network

5 ISACA June Training Seminar CLOUD + VIRTUALIZATION Servers are moving to private and public clouds BETA Verizon Cloud

6 ISACA June Training Seminar Over 27% of applications can use SSL encryption Which represents nearly 25% of enterprise bandwidth ENCRYPTION Traffic is increasingly being encrypted

7 ISACA June Training Seminar MOBILITY Users are moving off the network Over 300 new malicious Android APKs discovered per week by our Threat Research Team

8 ISACA June Training Seminar Known threats Enterprise risk Zero-day exploits/Vulnerabilities Unknown & polymorphic malware Evasive command-and-control Lateral movement TODAY’S APTBEFORE Sophisticated & multi-threaded SSL encryption Changing application environment Clear-text Limited or known protocols Known malware & exploits Known vulnerabilities Known command-and-control COMMODIZATION OF THREATS Advanced tools available to all

9 ISACA June Training Seminar Tectonic Shifts Create the Perfect Storm SOCIAL + CONSUMERIZATION SaaS CLOUD + VIRTUALIZATION MOBILITY + BYOD ENCRYPTION Massive opportunity for cyber attackers COMMODIZATION OF THREATS

10 ISACA June Training Seminar Target data breach – APTs in action Maintain access Spear phishing third-party HVAC contractor Moved laterally & installed POS Malware Exfiltrated data C&C servers over FTP Recon on companies Target works with Breached Target with stolen payment credentials

11 ISACA June Training Seminar Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

12 ISACA June Training Seminar Definition of a Next Generation Firewall (NGFW) From the Gartner IT Glossary, a NGFW is a: Deep-packet inspection firewall, Moves beyond port/protocol inspection and blocking, Adds application-level inspection, Adds intrusion prevention, and Brings intelligence from outside the firewall.

13 ISACA June Training Seminar Definition of a Next Generation Firewall (NGFW) Should not be confused with: A stand-alone network intrusion prevention system (IPS), which includes a commodity or non- enterprise firewall, or A firewall and IPS in the same appliance that are not closely integrated.

14 ISACA June Training Seminar Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

15 ISACA June Training Seminar 20 Years of Security Technology Sprawl Enterprise Network Ports and IP addresses aren’t reliable anymore More stuff has become the problem Too many policies, limited integration Lacks context across individual products URL AV IPS DLP Sandbox Proxy UTM Internet

16 ISACA June Training Seminar Sample of a True Next Generation Architecture Single Pass Identifies applications User/group mapping Threats, viruses, URLs, confidential data One policy to manage Correlates all security information to Apps and Users

17 ISACA June Training Seminar Firewall Next Generation vs. Legacy Firewalls App-IDLegacy Firewalls Firewall Rule: ALLOW SMTPFirewall Rule: ALLOW Port 25 SMTP=SMTP: Packet on Port 25: Allow ✔ ✔ SMTP Bittorrent ✗ Bittorrent≠SMTP: Visibility: Bittorrent detected and blocked Deny Bittorrent ✔ Packet on Port 25:Allow Visibility: Port 25 allowed Bittorrent

18 ISACA June Training Seminar App IPS Firewall Next Generation vs. Legacy Firewall + App IPS App-IDLegacy Firewalls Firewall Rule: ALLOW SMTPFirewall Rule: ALLOW Port 25 SMTP=SMTP: Packet on Port 25: Allow ✔ ✔ SMTP Bittorrent ✗ Bittorrent ≠ SMTP: Visibility: Bittorrent detected and blocked Deny Bittorrent ✔ Bittorrent: Deny Visibility: Bittorrent detected and blocked ✔ SMTP Bittorrent ✗ Application IPS Rule: Block Bittorrent

19 ISACA June Training Seminar App IPS Firewall App-IDLegacy Firewalls Firewall Rule: ALLOW SMTPFirewall Rule: ALLOW Port 25 SMTP=SMTP: Packet on Port 25: Allow ✔ ✔ SMTP ✗ Bittorrent ✔ Visibility: Packets on Port 25 allowed ✔ SMTP Bittorrent ✗ Application IPS Rule: Block Bittorrent Bittorrent ✗ ✔ ✔ Packet ≠ Bittorrent: Allow Visibility: each app detected and blocked DenySkype≠SMTP: SSH≠SMTP: Ultrasurf≠SMTP: Deny SSH, Skype, Ultrasurf Next Generation vs. Legacy Firewall + App IPS

20 ISACA June Training Seminar Firewall App-IDLegacy Firewalls Firewall Rule: ALLOW SMTPFirewall Rule: ALLOW Port 25 SMTP=SMTP: Packet on Port 25: Allow ✔ ✔ SMTP C & C ✗ Command & Control ≠ SMTP: Visibility: Unknown traffic detected and blocked Deny Bittorrent ✔ Visibility: Packet on Port 25 allowed ✔ SMTP Bittorrent ✗ Application IPS Rule: Block Bittorrent Bittorrent ✗ C & C ✔ ✔ C & C ≠ Bittorrent: Allow App IPS Next Generation vs. Legacy Firewall + App IPS

21 ISACA June Training Seminar Next Generation Closes the Loop for Threats Scan ALL applications, including SSL – Reduces attack surface, and Provides context for forensics Prevent attacks across ALL attack vectors – Exploits, Malwares, DNS, Command & Control, and URLs Detect zero day malware – Turn unknown into known, and update the firewall

22 ISACA June Training Seminar Sandboxing for Turning Unknown into Known

23 ISACA June Training Seminar Security Context from Next Generation Policies: Allowing 10.1.2.4 to 148.62.45.6 on port 80  does not provide context. Allowing Sales Users on Corporate LAN to access Salesforce.com but look for threats and malware inside the decrypted SSL tunnel, and easily seeing you have done so  is context. Threats: Seeing you had 10 tunneling apps, 15 IPS hits, and 4 visits to malware sites  no context. Seeing Dave Smith visited a malware site, downloaded 0-day Malware, and his device is visiting other known malware sites, and using tunneling apps  that is context.

24 ISACA June Training Seminar Next Generation and the Attack Kill-chain Attack kill-chain Initial compromise Deliver malware and communicate with attacker Move laterally and infect additional hosts Steal intellectual property Prevent attacks by stopping one step in the kill-chain EXFILTRATE DATA ENDPOINT OPERATIONS DELIVER MALWARE BREACH PERIMETER

25 ISACA June Training Seminar Security Use Cases for Next Generation Security Mobile/BYOD Devices Internet Offload Identify & Control Violators Zero Day Protection Securing Microsoft Apps Audit & Compliance Zero Trust Networks Flexible HR Policies Virtual Desktops & Apps Application Visibility DNS Sinkhole Data Center Virtualization Targeted Attacks Emergency Networks SCADA Networks Windows & Mac Laptops Contractors / Partners Denial of Service Attacks Network Segmentation Window XP Protection M&A / Divestitures / JV’s Traffic Control/QoS

26 ISACA June Training Seminar Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

27 ISACA June Training Seminar 20 Things Your Next Gen Security Must Do 1. Control applications and components regardless of Port or IP 2. Identify users regardless of IP address 3. Protect real-time against threats and exploits 4. Identify Circumventors (Tor, Ultrasurf, proxy, anonymizers) 5. Decrypt SSL Traffic 6. Packet shape traffic to Prioritize Critical Applications or De- Prioritize Unproductive applications 7. Visualize Application Traffic 8. Block Zero Day Malware, Botnets, C&C and APT’s 9. Block Peer-to-Peer 10. Manage Bandwidth for a group of Users

28 ISACA June Training Seminar 20 Things Your Next Gen Security Must Do 11. Prevent or Monitor Data Leakage 12. Single Pass Inspection 13. Same security at mobile end-point 14. Central management console with relay logs & events 15. Policy for unknown traffic 16. Be cost effective by combining multiple functionalities 17. Deliver protection today, tomorrow, and in the future by being firmware upgradeable 18. Interface with other end-point solutions to have a consistent protection 19. Sinkhole DNS capabilities 20. Block base on URL

29 ISACA June Training Seminar Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

Download ppt "“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14."

Similar presentations

Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.

Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
An Analysis of Recent Cyber Attacks WADE WILLIAMSON.

An Analysis of Recent Cyber Attacks WADE WILLIAMSON.
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Expose The Underground Advanced Persistent Threats

Expose The Underground Advanced Persistent Threats
About Palo Alto Networks

About Palo Alto Networks
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google