• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Content Analysis System and Advanced Threat Protection
 

Content Analysis System and Advanced Threat Protection

on

  • 2,224 views

The need for network-centric content analysis.

The need for network-centric content analysis.

Statistics

Views

Total Views
2,224
Views on SlideShare
2,224
Embed Views
0

Actions

Likes
7
Downloads
106
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The SANS Institute is one of the world’s most respected cyber security organizations. Their March 2013 report includes their recommendations for creating an effective cyber defense and the importance of network based anti-malware.http://www.sans.org/critical-security-controls/cag4-1.pdf --- Page 28.

Content Analysis System and Advanced Threat Protection Content Analysis System and Advanced Threat Protection Presentation Transcript

  • CONTENT ANALYSIS SYSTEM AND ADVANCED THREAT PROTECTION Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 1
  • EVOLVING LANDSCAPE OF MODERN THREATS TODAY’S ADVANCED THREAT LANDSCAPE Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 2
  • ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE STAGE 3 STAGE 1 Resolve & Remediate Threats Discovered on the Network Block & Enforce All Known Threats GLOBAL INTELLIGENCE NETWORK STAGE 2 Detect & Analyze Unknown Threats Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 3
  • BUSINESS ASSURANCE TECHNOLOGY Security and Policy Enforcement Center Mobility Empowerment Center Trusted Applications Center Performance Center Resolution Center SG & SG-VA Web Security Service WebFilter SSL Visibility CAS, MAA, DLP FW/IDS on X-Series Mobile Device Security Service App Classification Service Web App Reverse Proxy MACH5 CacheFlow PacketShaper Reporter SW Reporter Service Intelligence Center DeepSee Analytics Appliance BUSINESS ASSURANCE PLATFORM • Open Environment for Best-of-Breed Solutions • Threat, Web & Application Intelligence • Proxy-Based Architecture • Scalable Virtualization Platform • Global Cloud Infrastructure • Rich Security Analytics Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 4
  • CONTENT ANALYSIS SYSTEM & ADVANCED THREAT PROTECTION What problems are we solving? Average cost per lost data record from advanced attack is $222. This is 27% more than cost from incidents of insider negligence Average time to discover an advanced persistent threat is 80 days for a malicious breach Average time to resolution is 123 days for a malicious breach Current solutions try and solve the ATP problem via silos of technology Security defenses must align with each other, share information and be adaptive Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 5
  • THE NEED FOR NETWORK-CENTRIC CONTENT ANALYSIS SANS Institute “Utilize network-based anti-malware tools to analyze all inbound traffic and filter out malicious content before it arrives at the endpoint.” Critical Controls For Effective Cyber Defense - SANS Institute, March 2013 Network World “So ultimately enterprise organizations need both network and host-based advanced malware defenses. Yeah, it's a lot of work but it's inevitable.” Advanced Malware Protection: Network or Host? - Network World, July 2012 Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 6
  • CONTENT ANALYSIS SYSTEM AntiMalware WhiteListing Sophos Kaspersky McAfee Bit 9 Sand-Boxing Off-Box Local Sand-Boxing On-Box & Cloud Static Code Analysis On-Box DRTR Future Future Future Norman Content Analysis System Expandable, Best of Breed, High Performance, Integrated Security Platform Blue Coat Confidential Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 7
  • CONTENT ANALYSIS SYSTEM Content Analysis System CA-S400-A1 CAS Appliance 50 Mbps CAS Appliance 100Mbps CA--S400-A3 CA-S400-A4 CAS APPLIANCE CAS SW LICENSE Key Components and Packaging CA-S400-A2 MALWARE ANALYSIS APPLIANCE (Sandbox) MALWARE ANALYSIS NW LICENSE LICENSE A Single AV + Bit 9 license (by user ) CAS Appliance CAS Appliance 500 Mbps 250 Mbps or LICENSE B Dual AV + Bit 9 license (by user ) or MalwareAnalysis Appliance MAA-S500-10 MalwareAnalysis Appliance MAA-S400-10 Annual Subscription and Update Service @ 20% of HW List Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 8
  • CONTENT ANALYSIS SYSTEM FLEXIBLE CHOICES Choose Content Analysis device Content Analysis System CA-S400-A1 CA-S400-A2 CA-S400-A3 CA-S400-A4 – 50Mbps – 100Mbps – 250Mbps – 500Mbps + Select single or dual AV from Kaspersky, McAfee or Sophos Subscription Services Single AV + Bit 9 Whitelisting Dual AV + Bit 9 Whitelisting + Select Malware Analysis Appliance Malware Analysis Malware Analysis Appliance MAA-S400 Malware Analysis Appliance MAA-S500 Cloud & On-Box Sandboxing Available Mid-2014 Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 9
  • WHY SANDBOXING?  Traditional network defenses are great at dealing with knownthreats, terrible at dealing with unknown-threats  Unknown threats require dynamic analysis (aka detonation) in the form of a virtual machine and/or bare-metal or emulation sandbox  By year-end 2016, 20% of enterprises will implement Windows containment mechanisms for end users handling untrusted content and code, up from less than 1% in 2013. Gartner Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 10
  • MALWARE APPLIANCE CORE TECHNOLOGY Hybrid Analysis Unmatched intelligence  Emulation  IntelliVM virtualization Behavioral Patterns Expose targeted attacks  Detection patterns  Open source patterns  Custom patterns Plug-in Architecture Extend detection and processing  Interact with running malware  Click-through dialogs and installers SandBox IntelliVM Software x86 emulator Full Windows XP or Win 7 licensed software Hardware emulation Hardware virtualization Generates numerous low-level events – page faults, exceptions, etc. Generates high-level events – file, registry, network, process, etc. Emulated network access and services Real network access and services Hook-based event introspection KernelScout filter driver captures lowlevel events Add your own patterns Add your own patterns Supports EXEs and DLLs Wide range of file support Portable executable memory dumps Extend processing with plugins Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 11
  • INTELLI-VM PROFILES AND PLUG-INS  Supports multiple profiles for AND analysis INTELLIVM PROFILESpowerfulPLUGINS • Windows 7 SP1 and Windows XP SP3  Customize to closely match production environments • Pilot patches, software rollouts, and O/S upgrades • Test with exact application versions, browsers, add-ons, etc.  Flexibility to detect non-traditional threats • VM kernel and application-level event monitoring • Supports EXE, DLL, PDF, JAR, BAT, and Office Docs “out of the box” Extend custom processing with plugins • Interact with malware before, during, and after execution • Hook detection, memory dumps, click-through dialogs and installers Exercise malware within precisely tailored virtual environments to see its real effects on operations Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 12
  • BEHAVIORAL DETECTION PATTERNS INTELLIVM PROFILES AND PLUGINS  Generic and malware campaign specific patterns • Trojan, spyware, worm, ransomware  Extensive pattern library • • • • Core patterns (incl. WebPulse info) Create your own patterns All matching patterns will trigger Global and user-specific patterns  Risk scoring • Set by highest matched pattern • Scores update with new patterns • Script notification triggers for further action Patterns can detect targeted and single-use malware, and do not rely on signature-based detection methodologies Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 13
  • MALWARE APPLIANCE KEY FEATURES Malware Appliance Enterprise Scalability – Approximately 50,000 analysis tasks per day per appliance – Automated bulk sample processing and risk scoring – Parallel processing on up to 40 virtual machines per appliance Hybrid Analysis – Superior threat dual-detection methodology using SandBox and VM IntelliVMs – Replicate actual production environments including custom applications Plugins – Interact with malware, click through installers, extend custom processing Best-in-class full-featured Web-UI, Analysis Desktop, searching and data mining Open Patterns – Detection criteria is never hidden; Users can add custom patterns Powerful RESTful API – Full programmatic access for integration and automation Pub-Sub API – Secure notifications of analysis task status and task completion Remote management, security, and health status monitoring eases deployment Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 14
  • BUSINESS CASE ProxySG+ CAS + Malware Appliance Proxy SG Content Analysis System Malware Analysis Appliance Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 15
  • CONTENT ANALYSIS SYSTEM: MULTI-LAYERED SECURITY FOR KNOWN & UNKNOWN THREATS Unencypted & Encrypted ProxySG Traffic Not From Known Malicious Site/Malnet Content Analysis System ALLOW Further Inspection Application Whitelist Not On Whitelist Send To Malware Signature Databases Known Malware BLOCK & UPDATE WebPulse BLOCK Known Malicious Site/Malnet On Whitelist ALLOW DELIVERY Slide under revision BlueCoat Malware Appliance Sandbox Not Malicious ALLOW DELIVERY Malicious UPDATE & ALERT Malware Signature Databases Not On Malware Signature Databases Allow Further Inspection Non-BlueCoat Sandbox Not Malicious ALLOW DELIVERY Malicious ALERT Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 16
  • BLUECOAT NETWORK EFFECT Benefits Of BlueCoat System - Subsequent requests/lures are blocked before download - Performance improvements for CAS and Malware Appliance as further scans are not needed. - False positives are reduced as filtering occurs prior to the sandbox - Webpulse updates all BlueCoat SWG s for improved efficiency on ALL devices Able to feed information TO and collect information FROM other vendor’s devices Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 17
  • COMPLETE ADVANCED THREAT PROTECTION ProxySG+ CAS + Malware Appliance + Solera Analytics Security Analytics Platform Proxy SG Content Analysis System Malware Analysis Appliance Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 18
  • ADVANCED THREAT PROTECTION SOLUTION LIFECYCLE DEFENSE The Blue Coat ATP solution delivers the industry’s most comprehensive protection through the following: 1) Lifecycle Defense: Protection that maps to three threat stages: Realtime blocking for known threats and malware sources (malnets); Advanced threat analysis for unknown threats; and Dwell time reduction for latent threats 2) Adaptive Malware Analysis: Dynamic APT protection that analyzes unknown threats and shares information with other systems in the security infrastructure to increase protection efficiency for unknown and latent threats 3) Network Effect: APT information sharing between 75M users in 15,000 organizations through a feedback loop into the Blue Coat Global Intelligence Network STAGE 3 STAGE 1 Resolve & Remediate Threats Discovered on the Network Block & Enforce All Known Threats GLOBAL INTELLIGENCE NETWORK STAGE 2 Detect & Analyze Unknown Threats Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 19
  • CAS COMPLETE ADVANCED THREAT PROTECTION Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 20
  • BLUE COAT ADVANCED THREAT PROTECTION A Complete and Integrated Portfolio of Advanced Threat Protection Technologies (need to add CAS & MAA pics) Blocking and Prevention SSL Visibility Blue Coat SSL Visibility Appliance Sandbox Malware Analysis Appliance Blue Coat ProxySG Content Analysis System Security Analytics Platform by Solera Solera Appliances Solera Storage Appliances ThreatBLADES Solera Central Manager Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 21
  • END KEVIN FLYNN PRODUCT MARKETING OCTOBER, 2013 Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. 22