REVOLUTIONIZING
ADVANCED THREAT PROTECTION
A NEW, MODERN APPROACH
Blue Coat Advanced Threat Protection Group
GRANT ASPLUND...
EVOLVING LANDSCAPE OF MODERN THREATS
TODAY’S
ADVANCED
THREAT
LANDSCAPE
ADVANCED
THREATS
IMPROVED
Smarter | Faster | Stronger
Rootkits
Virtual machine
Detection
Line-by-line debugger
detection
Re-writes
host fil...
THE INVISIBLE THREATS
Majority of APTs
Operate Over SSL
20-70% of Traffic is
Encrypted
Threats we can’t see…
TOTAL NUMBER OF NEW TABLET
DEVICES RELEASED IN 2013
Average Number of
Personal Mobile Devices
Used for Work By
Enterprise Employees.
TODAY’S ENTERPRISE USER
TODAY’S SURFACE AREA
WHY A
MODERN
APPROACH
POST-PREVENTION SECURITY GAP
Threat Actors
Nation States
Cybercriminals
Hactivists
Insider-Threats
HostAV
NGFW
IDS/IPS
Sig...
THE WINDOW OF OPPORTUNITY
Hours
60%
Days
13%
weeks
2%Seconds
11%
Minutes
13%
84%
Initial Attack to
Compromise
Months
62%
W...
Proof of the Problem
CURRENT SOLUTIONS OPERATE IN SILOS
Technology and Organizational Silos
Limit Current Defenses
DREADED QUESTIONS FROM CISO
Who did this to us?
How did they do it?
What systems and data were affected?
Can we be sure it...
PROTECTING AGAINST ADVANCED
THREATS WITH CRIME
‘CRIME’
METHODOLOGY
• Faster time-to-action
• Faster time-to-
react/respond...
Percentage of Enterprise IT
Security Budgets Allocated to
Rapid Response Approaches
by 2020. — Gartner 2013
SECURITY SHIFT...
ADVANCED THREAT PROTECTION USE CASES
Who? When? What?Where? How?
Target(s)?
Who
Else?
Is It Over? What Else? How Long?
Con...
MODERN
COUNTER-
MEASURES
SITUATION
BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100
0 01 00011
11 01 101101
101 00101101 1 001 1
0 ...
POSITION
“
”— General George S. Patton
Fixed fortifications
are monuments
to man’s stupidity.
BUSINESS ASSURANCE TECHNOLOGY
Web Gateway &
Orchestration(SWG)
Web & Network
Protection
SSL Interception
Security &
Policy...
MODERN ADVANCED THREAT PROTECTION
Complete Web Control
Web Security, Content Analysis,
Real-time Blocking
Advanced Malware...
MODERN ADVANCED THREAT PROTECTION
Security
Visibility
Security Visibility
• Full packet capture
• Layers 2-7 indexing
• De...
Security
Visibility
Big Data
Security
Analytics
Big Data Security Analytics
• Heuristic detection
• Statistical analysis
•...
Threat
Intelligence
Security
Visibility
Big Data
Security
Analytics
Threat Intelligence
• Real-time white/black lists
• Sa...
Threat
Intelligence
Security
Visibility
Big Data
Security
Analytics
Blocking and
Enforcement
Blocking and Enforcement
• Sc...
Threat
Intelligence
Security
Visibility
Big Data
Security
Analytics
Blocking and
Enforcement
Network
Effect
Integration
La...
Real-time & Retrospective Analysis & Resolution
Simple, Flexible & Extensible
BLUE COAT ADVANCED THREAT PROTECTION
THE SEC...
Advanced Threat Protection
Improving Real-World Use Cases
INTEGRATED
ECOSYSTEM
Situational Awareness
Incident
Response
Pol...
Three new ThreatBLADES for unbeatable
Advanced Threat Protection…
BLUE COAT THREATBLADES
WEB, MAIL & FILE THREAT IDENTIFICATION
If no clear verdict on content, suspicious files are delivered to a hybrid sandbox ...
SIEM
SIEM
=
PHONE
BILL
IPS
IPS
=
SINGLE
FRAME
9A
Resolution
Center
Reporter SW
Reporter Service
Intelligence Center
Advanced Threat Protection
Appliance
Incident
Resolutio...
USE
CASES
OVERSTOCK.COM
…using root cause
analysis from Solera
Networks, we were able
to pinpoint how the exploit
occurred, understa...
US COAST GUARD
• Enhance threat detection
• Reduce threat acquisition window
• Improve team effectiveness
REQUIREMENTS
• I...
JEFFERIES GLOBAL INVESTMENT BANKING
• Streamline monitoring of a dozen international locations
• Provide workflow that sup...
US AIR FORCE
• Monitor all major Internet gateways
• Support over 50 concurrent analysts with disparate privileges/visibil...
GET YOUR COPY!
www.bluecoat.com/atplifecycle
READING
Grant Asplund
206-612-8652
grant.asplund@bluecoat.com
Twitter: @gasplund
LinkedIn: http://www.linkedin.com/in/grantasplund...
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Upcoming SlideShare
Loading in...5
×

Revolutionizing Advanced Threat Protection

2,283

Published on

Published in: Technology
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,283
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide

Revolutionizing Advanced Threat Protection

  1. 1. REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist
  2. 2. EVOLVING LANDSCAPE OF MODERN THREATS TODAY’S ADVANCED THREAT LANDSCAPE
  3. 3. ADVANCED THREATS
  4. 4. IMPROVED Smarter | Faster | Stronger Rootkits Virtual machine Detection Line-by-line debugger detection Re-writes host file Multi-packed, one time, encrypted Fuzzing Reverse Engineering Code Auditing
  5. 5. THE INVISIBLE THREATS Majority of APTs Operate Over SSL 20-70% of Traffic is Encrypted Threats we can’t see…
  6. 6. TOTAL NUMBER OF NEW TABLET DEVICES RELEASED IN 2013
  7. 7. Average Number of Personal Mobile Devices Used for Work By Enterprise Employees. TODAY’S ENTERPRISE USER
  8. 8. TODAY’S SURFACE AREA
  9. 9. WHY A MODERN APPROACH
  10. 10. POST-PREVENTION SECURITY GAP Threat Actors Nation States Cybercriminals Hactivists Insider-Threats HostAV NGFW IDS/IPS Signature-based Security Picket Fence DLP SIEM EmailGateway WebApplicationFirewall WebGateway Traditional Threats Known Threats Known Malware Known Files Known IPs/URLs Advanced Threats Novel Malware Zero-Day Threats Targeted Attacks Modern TTPs Modern, Post- Prevention Security • Context • Content • Visibility • Detection • Intelligence
  11. 11. THE WINDOW OF OPPORTUNITY Hours 60% Days 13% weeks 2%Seconds 11% Minutes 13% 84% Initial Attack to Compromise Months 62% Weeks 12% 78% Initial Compromise to Discovery Days 11% Hours 9% Years 4%
  12. 12. Proof of the Problem
  13. 13. CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational Silos Limit Current Defenses
  14. 14. DREADED QUESTIONS FROM CISO Who did this to us? How did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again?
  15. 15. PROTECTING AGAINST ADVANCED THREATS WITH CRIME ‘CRIME’ METHODOLOGY • Faster time-to-action • Faster time-to- react/respond • Greater ability to reduce/minimize/elim inate impact! ERADICATION CONTEXT MITIGATION ROOT CAUSE IMPACT
  16. 16. Percentage of Enterprise IT Security Budgets Allocated to Rapid Response Approaches by 2020. — Gartner 2013 SECURITY SHIFTS TO SWIFT RESPONSE
  17. 17. ADVANCED THREAT PROTECTION USE CASES Who? When? What?Where? How? Target(s)? Who Else? Is It Over? What Else? How Long? Continuous Monitoring Situational Awareness Incident Response Data Loss Monitoring & Analysis Policy Compliance Cyber Threat Protection
  18. 18. MODERN COUNTER- MEASURES
  19. 19. SITUATION BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100 0 01 00011 11 01 101101 101 00101101 1 001 1 0 01 0001101 10 0 01 0 0 01 00 WHAT KEPT US SECURE – Has stopped working GOOD OR BAD SECURITY – Is irrelevant with an attacker’s resources & motivation MODERN ADVANCED THREAT PROTECTION – Is the new imperative
  20. 20. POSITION “ ”— General George S. Patton Fixed fortifications are monuments to man’s stupidity.
  21. 21. BUSINESS ASSURANCE TECHNOLOGY Web Gateway & Orchestration(SWG) Web & Network Protection SSL Interception Security & Policy Enforcement Center Web Gateway Mobile Expander Mobile Protection Mobility Empowerment Center Application Management Business Application Enablement Trusted Applications Center WAN/Video Optimization Cache optimization Shaping Performance Center Vulnerability Expertise Services Case Analyst Workflow Reporting and Management Resolution Center Cloud Mobility Security Analytics Platform by Solera (formerly DeepSee) • Cloud • 15,000 Customers • 80M Users • VM, Appliance, X-Beam platforms Business Assurance Platform • 33 Worldwide PoP’s • 84% of Fortune 500, 90% FedGov ThreatBLADES Blue Coat Advanced Threat Protection WebThreat MailThreat FileThreat ATP Suite Custom Analytics Malware Analysis SSL Visibility Content Analysis System
  22. 22. MODERN ADVANCED THREAT PROTECTION Complete Web Control Web Security, Content Analysis, Real-time Blocking Advanced Malware Detection White/Blacklists, Sandboxing, Feeds Visual Insight Context, Real-time Awareness, IOCs, Alerts Full Packet Capture Layer 2 – 7 Indexing & Classification Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer
  23. 23. MODERN ADVANCED THREAT PROTECTION Security Visibility Security Visibility • Full packet capture • Layers 2-7 indexing • Deep packet inspection • Session reconstruction • Scalability and performance • Single pane-of-glass
  24. 24. Security Visibility Big Data Security Analytics Big Data Security Analytics • Heuristic detection • Statistical analysis • Inferential reporting • Context-aware analysis • IOC’s & TTP’s • Visual insight MODERN ADVANCED THREAT PROTECTION
  25. 25. Threat Intelligence Security Visibility Big Data Security Analytics Threat Intelligence • Real-time white/black lists • Sandbox detonation • On-premises or cloud-based • External data enrichment • Dynamic Intelligence Cloud • Machine-learning architecture MODERN ADVANCED THREAT PROTECTION
  26. 26. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Blocking and Enforcement • Scan, block and cache • Inline AV with feedback loop • Obscure sensitive data or block • Web and application controls • Best-of-breed perimeter blocking • Granular customization MODERN ADVANCED THREAT PROTECTION
  27. 27. Threat Intelligence Security Visibility Big Data Security Analytics Blocking and Enforcement Network Effect Integration Layer Network Effect and Integration Deliver: • Security Ecosystem • Context-Aware Security • Adaptive Security • Enhance existing investments • Integrated workflow automation MODERN ADVANCED THREAT PROTECTION
  28. 28. Real-time & Retrospective Analysis & Resolution Simple, Flexible & Extensible BLUE COAT ADVANCED THREAT PROTECTION THE SECURITY CAMERA FOR YOUR NETWORK Turing Complexity into Context Full Visibility: Before, During & After the Attack Big Data Security Analytics: Collect, Analyze & Store Threat Intelligence: Web, File, Email & Malware Reputation
  29. 29. Advanced Threat Protection Improving Real-World Use Cases INTEGRATED ECOSYSTEM Situational Awareness Incident Response Policy & ITGRC Data Loss Monitoring & Analysis Advanced Malware Detection Continuous Monitoring ANALYTICS AND INTELLIGENCE • Collect & Warehouse • Investigate • Alert & Report ENRICHMENT • Technology Partners • File Analysis & IP Reputation • Malware Sandboxing FLEXIBLE FORM FACTORS • Hardware • Software • Virtual Machines Web Control and Security Enforcement
  30. 30. Three new ThreatBLADES for unbeatable Advanced Threat Protection… BLUE COAT THREATBLADES
  31. 31. WEB, MAIL & FILE THREAT IDENTIFICATION If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis Malware Analysis Appliance WebThreat BLADE inspects all HTTP or HTTPS traffic and identifies malicious communications and files FileThreat BLADE inspects all FTP and SMB traffic for malicious communications and files MailThreat BLADE inspects all SMTP, POP3 and IMAP traffic for malicious communications and files
  32. 32. SIEM SIEM = PHONE BILL
  33. 33. IPS IPS = SINGLE FRAME 9A
  34. 34. Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE GLOBAL INTELLIGENCE NETWORK Security & Policy Enforcement Center ProxySG & SG-VA Web Security Service WebFilter Content Analysis Malware Analysis SSL Visibility Content Analysis, DLP FW/IDS on X-Series Resolution Center Reporter SW Reporter Service Intelligence Center Advanced Threat Protection Appliance Now known threats blocked at gateway Fewer threats to contain and resolve Increased system performance through fewer malware scans More robust threat analysis with fewer false positives
  35. 35. USE CASES
  36. 36. OVERSTOCK.COM …using root cause analysis from Solera Networks, we were able to pinpoint how the exploit occurred, understand the full scope of the problem, and completely prevent that exploit from ever happening again.... – Overstock.com “ ” • Identify attacks that passed preventative controls • Remediate all infected systems quickly • Ensure that preventative controls are working REQUIREMENTS • Deployed various Solera Security Analytics form factors • Built an IR process around Solera Security Analytics • Integrated Solera with log management and IPS SOLUTION • Identified nefarious activity sourced from inside and outside the network • Pinpointed “all” compromised systems through root cause analysis • Conducted assurance testing on preventative controls by replaying malicious packets on a shadow network VALUE
  37. 37. US COAST GUARD • Enhance threat detection • Reduce threat acquisition window • Improve team effectiveness REQUIREMENTS • Integrated with existing McAfee NSM (IPS) solution • Employed 100% data capture • Built custom reports for rapid analysis SOLUTION • Reduced threat identification time by 60% • Reduced threat remediation time by 75% • Allowed for more unified threat management across disparate, internal teams through the use of reporting VALUE
  38. 38. JEFFERIES GLOBAL INVESTMENT BANKING • Streamline monitoring of a dozen international locations • Provide workflow that supports multiple analysts • Integrate with FireEye and Blue Coat ProxySG, WebPulse & SSL Visibility REQUIREMENTS • Consolidated incident detection and response • Supported several months of packet and metadata retention • Improved ROI & ROSI through integration SOLUTION • Improved incident responder workflow with reduced response times • Leveraged fewer FTEs for tactical analysis: strategically repurpose other FTEs • Achieved holistic visibility across network traffic, users and data (files, IM, voice, etc.) VALUE
  39. 39. US AIR FORCE • Monitor all major Internet gateways • Support over 50 concurrent analysts with disparate privileges/visibility • Use APIs to integrate with COTS, GOTS, and open source security solutions REQUIREMENTS • Provided tiered, centralized management • Supported lossless capture on multiple 10 gigabit networks • Integrated with 3rd party solutions such as ArcSight SOLUTION • Deployed with 100% situational awareness with a small (green) footprint • Utilized RBAC via LDAP for granular access control • Passed multiple, stringent military testing and certification criteria • Replaced incumbent solution based on scalability, capability and footprint VALUE
  40. 40. GET YOUR COPY! www.bluecoat.com/atplifecycle READING
  41. 41. Grant Asplund 206-612-8652 grant.asplund@bluecoat.com Twitter: @gasplund LinkedIn: http://www.linkedin.com/in/grantasplund/ THANK YOU!

×