Revolutionizing Advanced Threat Protection

  • 1,806 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,806
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
3
Comments
0
Likes
7

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist
  • 2. EVOLVING LANDSCAPE OF MODERN THREATS TODAY’S ADVANCED THREAT LANDSCAPE
  • 3. ADVANCED THREATS
  • 4. IMPROVED Smarter | Faster | Stronger Rootkits Virtual machine Detection Line-by-line debugger detection Re-writes host file Multi-packed, one time, encrypted Fuzzing Reverse Engineering Code Auditing
  • 5. THE INVISIBLE THREATS Majority of APTs Operate Over SSL 20-70% of Traffic is Encrypted Threats we can’t see…
  • 6. TOTAL NUMBER OF NEW TABLET DEVICES RELEASED IN 2013
  • 7. Average Number of Personal Mobile Devices Used for Work By Enterprise Employees. TODAY’S ENTERPRISE USER
  • 8. TODAY’S SURFACE AREA
  • 9. WHY A MODERN APPROACH
  • 10. POST-PREVENTION SECURITY GAP Threat Actors Nation States Cybercriminals Hactivists Insider-Threats HostAV NGFW IDS/IPS Signature-based Security Picket Fence DLP SIEM EmailGateway WebApplicationFirewall WebGateway Traditional Threats Known Threats Known Malware Known Files Known IPs/URLs Advanced Threats Novel Malware Zero-Day Threats Targeted Attacks Modern TTPs Modern, Post- Prevention Security • Context • Content • Visibility • Detection • Intelligence
  • 11. THE WINDOW OF OPPORTUNITY Hours 60% Days 13% weeks 2%Seconds 11% Minutes 13% 84% Initial Attack to Compromise Months 62% Weeks 12% 78% Initial Compromise to Discovery Days 11% Hours 9% Years 4%
  • 12. Proof of the Problem
  • 13. CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational Silos Limit Current Defenses
  • 14. DREADED QUESTIONS FROM CISO Who did this to us? How did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again?
  • 15. PROTECTING AGAINST ADVANCED THREATS WITH CRIME ‘CRIME’ METHODOLOGY • Faster time-to-action • Faster time-to- react/respond • Greater ability to reduce/minimize/elim inate impact! ERADICATION CONTEXT MITIGATION ROOT CAUSE IMPACT
  • 16. Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by 2020. — Gartner 2013 SECURITY SHIFTS TO SWIFT RESPONSE
  • 17. ADVANCED THREAT PROTECTION USE CASES Who? When? What?Where? How? Target(s)? Who Else? Is It Over? What Else? How Long? Continuous Monitoring Situational Awareness Incident Response Data Loss Monitoring & Analysis Policy Compliance Cyber Threat Protection
  • 18. MODERN COUNTER- MEASURES
  • 19. SITUATION BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100 0 01 00011 11 01 101101 101 00101101 1 001 1 0 01 0001101 10 0 01 0 0 01 00 WHAT KEPT US SECURE – Has stopped working GOOD OR BAD SECURITY – Is irrelevant with an attacker’s resources & motivation MODERN ADVANCED THREAT PROTECTION – Is the new imperative
  • 20. POSITION “ ”— General George S. Patton Fixed fortifications are monuments to man’s stupidity.
  • 21. BUSINESS ASSURANCE TECHNOLOGY Web Gateway & Orchestration(SWG) Web & Network Protection SSL Interception Security & Policy Enforcement Center Web Gateway Mobile Expander Mobile Protection Mobility Empowerment Center Application Management Business Application Enablement Trusted Applications Center WAN/Video Optimization Cache optimization Shaping Performance Center Vulnerability Expertise Services Case Analyst Workflow Reporting and Management Resolution Center Cloud Mobility Security Analytics Platform by Solera (formerly DeepSee) • Cloud • 15,000 Customers • 80M Users • VM, Appliance, X-Beam platforms Business Assurance Platform • 33 Worldwide PoP’s • 84% of Fortune 500, 90% FedGov ThreatBLADES Blue Coat Advanced Threat Protection WebThreat MailThreat FileThreat ATP Suite Custom Analytics Malware Analysis SSL Visibility Content Analysis System
  • 22. MODERN ADVANCED THREAT PROTECTION Complete Web Control Web Security, Content Analysis, Real-time Blocking Advanced Malware Detection White/Blacklists, Sandboxing, Feeds Visual Insight Context, Real-time Awareness, IOCs, Alerts Full Packet Capture Layer 2 – 7 Indexing & Classification Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer
  • 23. MODERN ADVANCED THREAT PROTECTION Security Visibility Security Visibility • Full packet capture • Layers 2-7 indexing • Deep packet inspection • Session reconstruction • Scalability and performance • Single pane-of-glass
  • 24. Security Visibility Big Data Security Analytics Big Data Security Analytics • Heuristic detection • Statistical analysis • Inferential reporting • Context-aware analysis • IOC’s & TTP’s • Visual insight MODERN ADVANCED THREAT PROTECTION
  • 25. Threat Intelligence Security Visibility Big Data Security Analytics Threat Intelligence • Real-time white/black lists • Sandbox detonation • On-premises or cloud-based • External data enrichment • Dynamic Intelligence Cloud • Machine-learning architecture MODERN ADVANCED THREAT PROTECTION
  • 26. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Blocking and Enforcement • Scan, block and cache • Inline AV with feedback loop • Obscure sensitive data or block • Web and application controls • Best-of-breed perimeter blocking • Granular customization MODERN ADVANCED THREAT PROTECTION
  • 27. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer Network Effect and Integration Deliver: • Security Ecosystem • Context-Aware Security • Adaptive Security • Enhance existing investments • Integrated workflow automation MODERN ADVANCED THREAT PROTECTION
  • 28. Real-time & Retrospective Analysis & Resolution Simple, Flexible & Extensible BLUE COAT ADVANCED THREAT PROTECTION THE SECURITY CAMERA FOR YOUR NETWORK Turing Complexity into Context Full Visibility: Before, During & After the Attack Big Data Security Analytics: Collect, Analyze & Store Threat Intelligence: Web, File, Email & Malware Reputation
  • 29. Advanced Threat Protection Improving Real-World Use Cases INTEGRATED ECOSYSTEM Situational Awareness Incident Response Policy & ITGRC Data Loss Monitoring & Analysis Advanced Malware Detection Continuous Monitoring ANALYTICS AND INTELLIGENCE • Collect & Warehouse • Investigate • Alert & Report ENRICHMENT • Technology Partners • File Analysis & IP Reputation • Malware Sandboxing FLEXIBLE FORM FACTORS • Hardware • Software • Virtual Machines Web Control and Security Enforcement
  • 30. Three new ThreatBLADES for unbeatable Advanced Threat Protection… BLUE COAT THREATBLADES
  • 31. WEB, MAIL & FILE THREAT IDENTIFICATION If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis Malware Analysis Appliance WebThreat BLADE inspects all HTTP or HTTPS traffic and identifies malicious communications and files FileThreat BLADE inspects all FTP and SMB traffic for malicious communications and files MailThreat BLADE inspects all SMTP, POP3 and IMAP traffic for malicious communications and files
  • 32. SIEM SIEM = PHONE BILL
  • 33. IPS IPS = SINGLE FRAME 9A
  • 34. Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE GLOBAL INTELLIGENCE NETWORK Security & Policy Enforcement Center ProxySG & SG-VA Web Security Service WebFilter Content Analysis Malware Analysis SSL Visibility Content Analysis, DLP FW/IDS on X-Series Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Now known threats blocked at gateway Fewer threats to contain and resolve Increased system performance through fewer malware scans More robust threat analysis with fewer false positives
  • 35. USE CASES
  • 36. OVERSTOCK.COM …using root cause analysis from Solera Networks, we were able to pinpoint how the exploit occurred, understand the full scope of the problem, and completely prevent that exploit from ever happening again.... – Overstock.com “ ” • Identify attacks that passed preventative controls • Remediate all infected systems quickly • Ensure that preventative controls are working REQUIREMENTS • Deployed various Solera Security Analytics form factors • Built an IR process around Solera Security Analytics • Integrated Solera with log management and IPS SOLUTION • Identified nefarious activity sourced from inside and outside the network • Pinpointed “all” compromised systems through root cause analysis • Conducted assurance testing on preventative controls by replaying malicious packets on a shadow network VALUE
  • 37. US COAST GUARD • Enhance threat detection • Reduce threat acquisition window • Improve team effectiveness REQUIREMENTS • Integrated with existing McAfee NSM (IPS) solution • Employed 100% data capture • Built custom reports for rapid analysis SOLUTION • Reduced threat identification time by 60% • Reduced threat remediation time by 75% • Allowed for more unified threat management across disparate, internal teams through the use of reporting VALUE
  • 38. JEFFERIES GLOBAL INVESTMENT BANKING • Streamline monitoring of a dozen international locations • Provide workflow that supports multiple analysts • Integrate with FireEye and Blue Coat ProxySG, WebPulse & SSL Visibility REQUIREMENTS • Consolidated incident detection and response • Supported several months of packet and metadata retention • Improved ROI & ROSI through integration SOLUTION • Improved incident responder workflow with reduced response times • Leveraged fewer FTEs for tactical analysis: strategically repurpose other FTEs • Achieved holistic visibility across network traffic, users and data (files, IM, voice, etc.) VALUE
  • 39. US AIR FORCE • Monitor all major Internet gateways • Support over 50 concurrent analysts with disparate privileges/visibility • Use APIs to integrate with COTS, GOTS, and open source security solutions REQUIREMENTS • Provided tiered, centralized management • Supported lossless capture on multiple 10 gigabit networks • Integrated with 3rd party solutions such as ArcSight SOLUTION • Deployed with 100% situational awareness with a small (green) footprint • Utilized RBAC via LDAP for granular access control • Passed multiple, stringent military testing and certification criteria • Replaced incumbent solution based on scalability, capability and footprint VALUE
  • 40. GET YOUR COPY! www.bluecoat.com/atplifecycle READING
  • 41. Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund LinkedIn: http://www.linkedin.com/in/grantasplund/ THANK YOU!