AGILE SECURITY™ Security for the Real World

  • 341 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
341
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
28
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. AGILE SECURITY™: Security for the Real World Present Name Presenter Title Date Prepared for:
  • 2. Sourcefire is Trusted Security  Trusted for over 10 years  Security from network to endpoint ▸ IPS, NGFW, Endpoint | Physical, Virtual, Cloud  Protecting organizations in over 180 countries  Innovative: 41+ patents awarded or pending  World-class research  Open source projects ▸ Snort®, ClamAV®, Razorback® IPS MQ Leader America’s Fastest-Growing Tech Companies 2011 2
  • 3. IT Environments are Changing Rapidly Devices Networks Application s VoIP Virtualization Mobilization Consumerization 3
  • 4. Threats are Increasingly Complex Targeted | Organized Relentless | Innovative Client-side Attacks Malware Droppers Advanced Persistent Threats 4
  • 5. Threats Change — Traditional Security Products Do Not Static | Inflexible Closed/Blind | Labor Intensive “Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure.” - Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., “The Future of Information Security is Context Aware and Adaptive,” May 14, 2010 5
  • 6. What the World Needs is… Agile Security …a continuous process to respond to continuous change. 6
  • 7. You Can’t Protect What You Can’t See  Breadth: who, what, where, when  Depth: as much detail as you need  Real-time data  See everything in one place Threat s Device s Applications Network Agile Security Vulnerabilities OS Users Files Sourcefire provides information superiority 7
  • 8. Leverage Awareness For Knowledge  Gain insight into the reality of your IT and security posture  Get smarter by applying intelligence  Correlate, prioritize, decide Agile Security Collective intelligence elevates overall defense 8
  • 9. Change is Constant  Automatically optimize defenses  Lock down your network to policy  Leverage open architecture  Configure custom fit security Agile Security Sourcefire invented customized security & self-tuning 9
  • 10. Act Decisively & Efficiently  Block, alert, log, modify, quarantine, remediate  Respond via automation  Reduce the ‘noise’ Agile Security Superior protection through intelligence & automation 10
  • 11. How Sourcefire Delivers Agile Security MANAGEMENT Management Center PREVENTION & ENFORCEMENT NGIPS | NGFW IPSx | Virtual | SSL COLLECTIVE SECURITY INTELLIGENCE Advanced Malware Protection Cutting-edge technologies for comprehensive protection 11
  • 12. MANAGEMENT: Sourcefire Defense Center®
  • 13. Sourcefire Defense Center® Centralized Command & Control       Customizable dashboard Comprehensive reports & alerts Centralized policy administration Hierarchical management High availability Integrates with existing security 13
  • 14. FireSIGHT™ Sees “Everything” Categories Samples Sourcefire NGIPS & NGFW Typical IPS Typical NGFW Threats Attacks, Anomalies ✔ ✔ ✔ Users AD, LDAP, POP3 ✔ ✗ ✔ Web Applications Facebook Chat, Ebay ✔ ✗ ✔ Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔ Client Applications Firefox, IE6, Chrome ✔ ✗ ✗ Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗ Operating Systems Windows, Linux ✔ ✗ ✗ Routers & Switches Cisco, Nortel ✔ ✗ ✗ Wireless Access Points Linksys, Netgear ✔ ✗ ✗ Mobile Devices iPhone, Android ✔ ✗ ✗ Printers HP, Xerox, Canon ✔ ✗ ✗ VoIP Phones Avaya, Polycom ✔ ✗ ✗ Virtual Machines VMware, Xen ✔ ✗ ✗
  • 15. FireSIGHT™ Sees “Everything” Categories Samples Sourcefire NGIPS & NGFW Typical IPS Typical NGFW Threats Attacks, Anomalies ✔ ✔ ✔ Users AD, LDAP, POP3 ✔ ✗ ✔ Web Applications Facebook Chat, Ebay ✔ ✗ ✔ CompleteHTTP, SMTP, SSHendpoint visibility. network and Application Protocols ✔ ✗ ✔ Client Applications ✗ ✗ ✗ ✗ Firesight delivers a level of environmental Firefox, IE6, Chrome ✔ awareness and automation never seen before in Apache 2.3.1, IIS4 Network Servers industry. ✔ the Operating Systems Windows, Linux ✔ ✗ ✗ Routers & Switches Cisco, Nortel ✔ ✗ ✗ Wireless Access Points Linksys, Netgear ✔ ✗ ✗ Mobile Devices iPhone, Android ✔ ✗ ✗ Printers HP, Xerox, Canon ✔ ✗ ✗ VoIP Phones Avaya, Polycom ✔ ✗ ✗ Virtual Machines VMware, Xen ✔ ✗ ✗
  • 16. FireSIGHT Fuels Automation IT Insight Impact Assessment Spot rogue hosts, anomalies, policy violations, and more Threat correlation reduces actionable events by up to 99% Automated Tuning User Identification Adjust IPS policies automatically based on network change Associate users with security and compliance events
  • 17. Collective Security Intelligence Global Visibility Through Open Community IPS Rules Malware Protection IP & URL Blacklists Sourcefire Vulnerability Research Team Sourcefire FireCLOUD™ Private & Public Threat Feeds Vulnerability Database Updates Sourcefire AEGIS™ Program Honeypots Advanced Microsoft & Industry Disclosures 50,000 Malware Samples per Day Snort® & ClamAV™ Open Source Communities
  • 18. NETWORK: Sourcefire Network Security Solutions
  • 19. Gartner Defines NGIPS & NGFW Next-Gen IPS (NGIPS) Next-Gen Firewall (NGFW)  Standard first-gen IPS  Standard first-gen firewall  Application awareness and  Application awareness and full-stack visibility full-stack visibility  Context awareness  Integrated network IPS  Content awareness  Extrafirewall intelligence  Agile engine “Next-generation network IPS will be incorporated within a next-generation firewall, but most nextgeneration firewall products currently include firstgeneration IPS capabilities.“ Source: “Defining Next-Generation Network Intrusion Prevention,” Gartner, October 7, 2011. “Defining the Next-Generation Firewall,” Gartner, October 12, 2009
  • 20. Our Approach to Next-Generation Network Security Access Control App Control Typical Firewall Threat Prevention Contextual Awareness Typical IPS Typical NGFWs Sourcefire NGFW | NGIPS with FireSIGHT Technology Single platform, with single pass engine, providing the benefits of a converged infrastructure… …and the benefits of Agile Security 20
  • 21. Sourcefire Next-Generation Security One Universal Platform, Three Flexible Configurations + + + NGIPS NGIPS with App Control NGFW Network Intelligence ✔ ✔ ✔ Impact Assessment ✔ ✔ ✔ Automated Tuning ✔ ✔ ✔ Threat Prevention ✔ ✔ ✔ ✔* ✔ Key Capabilities Application Control Stateful Firewall ✔ Switching, Routing & NAT ✔ URL Filtering * Control license required Subscription Subscription
  • 22. FirePOWER™ Technology Te c h n o l o g y Custom-designed, specialized network processor powers industryleading performance 22
  • 23. Enterprise Performance and Scale Unprecedented Performance Delivered  NSS Labs Test Results ▸ Highest throughput ever tested ▸ Lowest price per Mbps ▸ Lowest energy cost per Mbps NextClosest Comparisons IPS Throughput Te c h n o l o g y 27.6 Gbps 11.5 Gbps Price / Mbps $19 $33 Annual Energy Cost per Mbps 4¢ 6¢ “The 3D8260 offers the highest accuracy and throughput of any product we’ve tested to date.” -NSS Labs Test Report Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and “Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
  • 24. The Industry’s Best Threat Prevention Period.  NSS Labs Test Results ▸ #1 in default protection ▸ #1 in tuned protection ▸ 100% evasion free Sourcefire Industry Average Default Protection “This is the second year in a row that Sourcefire blocked the most attacks of all products.” -NSS Labs Test Report Tuned Protection Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and “Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
  • 25. NSS Labs Testing Leadership* Ratings*  #1 in detection  99% detection & protection  #1 in performance  34Gbps inspected throughput  #1 in vulnerability coverage  60M concurrent connections  100% evasion free  $15 TCO / protected Mbps "For the past four years, Sourcefire has consistently achieved excellent results in security effectiveness based on our real-world evaluations of exploit evasions, threat block rate and protection capabilities.” Vikram Phatak, CTO NSS Labs, Inc. “Networks looking to update their defenses with a Next-Generation Firewall would do well to consider Sourcefire's entry into the NGFW market as a solid contender.” Ratings* Leadership*  99% protection  #1 in detection  10Gbps inspected throughput  Class leader in performance  15M concurrent connections  Class leader for TCO  $33 TCO / protected Mbps  100% evasion free Bob Walder NSS Labs, Inc. * NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 NSS Labs, “Network IPS Product Analysis Sourcefire 3D8260 v4.10,” April 2012 NSS Labs, “Next-Generation Firewall Product Analysis – Sourcefire” October 2012 25
  • 26. FirePOWER NGIPS: NSS Labs Test Leadership*  #1 in detection  #1 in performance  #1 in vulnerability coverage * NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 ** NSS Labs, “Network IPS Product Analysis Sourcefire 3D8260 v4.10,” April 2012  100% evasion free "For the past four years, Sourcefire has consistently achieved excellent results in security effectiveness based on our real-world evaluations of exploit evasions, threat block rate and protection capabilities.” Vikram Phatak, CTO NSS Labs, Inc. Ratings (NGIPS – 8260)**  99% detection & protection  34Gbps inspected throughput  60M concurrent connections  $15 TCO / protected Mbps 26
  • 27. FirePOWER NGFW: NSS Labs Test Ratings (8250 – NGFW)*  99% protection  10 Gbps real-world throughput  15M concurrent connections * NSS Labs, “Next-Generation Firewall Product Analysis – Sourcefire” October 2012  $33 TCO / protected Mbps “Networks looking to update their defenses with a Next-Generation Firewall would do well to consider Sourcefire's entry into the NGFW market as a solid contender.” Bob Walder, NSS Labs, Inc. NGFW Leadership*  #1 in detection  Class leader in performance  Class leader for TCO  100% evasion free 27
  • 28. Reduce Risk Through Granular Application Control  Control access to Web-enabled apps and devices ▸ “Employees may view Facebook, but only Marketing may post to it” ▸ “No one may use peer-to-peer file sharing apps” Over 1,000 apps, devices, and more! 28
  • 29. Reduce Client-Side Threats and Improve Productivity with URL Filtering  Block non-business-related sites by category  Configure policies based on users and groups Over 280 million URLs Over 80 URL categories 29
  • 30. What Makes Sourcefire Different?  Total Network Visibility ▸ Passive, real-time visibility of apps, users, content, hosts, attacks, and more The Only NGFW with NGIPS!  Control Without Compromise ▸ Achieve granular network and application access control without compromising threat prevention  Intelligent Security Automation ▸ Leverage rich contextual awareness to automate key security functions, including impact assessment and policy tuning  Unparalleled Performance & Scalability ▸ Purpose-built appliances with FirePOWER™ technology 30
  • 31. Advanced Malware Protection: FireAMP
  • 32. Threats Continue to Evolve The likelihood that you will be attacked by advanced malware has never been greater. 75% Of attacks are seen on only one computer “Nearly 60% of respondents were at least ‘fairly certain’ their company had been a target.” – Network World (11/2011) 32
  • 33. Introducing FireAMP The only way to get the visibility & control needed to fight threats missed by other security layers. Analyze & Block Advanced Malware Utilizing Big Data Analytics 33
  • 34. Our Approach to Advanced Malware Protection Lightweight Connector • Watches for move/copy/execute • Traps fingerprint & attributes Mobile Connector • Watches for apps • Traps fingerprint & attributes • Transaction Processing • Analytics • Intelligence Web-based Manager 34
  • 35. Visibility & Control with FireAMP Reporting Trajectory Analysis Control 35
  • 36. Spotlight: Reporting Applications Introducing Malware Threats Resident on First Scan Possible APT Customize by Group – Schedule or On Demand 36
  • 37. Spotlight: File Trajectory Malware “Flight Recorder” shows point of entry and extent of outbreak Discover the malware gateway to reduce the risk of reinfection Identify systems that have downloaded/executed a specific malware file 37
  • 38. Spotlight: File Analysis Sourcefire VRT Powered Insight into Advanced Malware Behavior  Original file, network capture and screen shots of malware execution  Understand root cause and remediation FireAMP & Clients File Infect File 4E7E9331D2 edInfect File 2190FD41CA 4E7E9331D2 CFE2FC843F edInfect 2190FD41CA 4E7E9331D2 File ed CFE2FC843F 2190FD41CA File CFE2FC843F File Sourcefire VRT Sandbox Analysis 38
  • 39. Spotlight: Outbreak Control Create custom protection policies to stop outbreaks without updates Tool How it Works When to Use Simple Custom Detections Cloud-based, uses SHA or original file Fastest way to block specific malware. Advanced Custom Signatures Client-based, uses advanced techniques (e.g. offsets, wildcards, regular expressions) Useful for families of malware or to close gap when waiting on sig. from security vendor Application Blocking Lists Cloud-based, uses SHA or original file Blocks execution of applications based on group policy (e.g. no Skype in HR) – good for Zero Day Custom Whitelists Cloud-based, uses SHA or original file Prevent false positives on trusted apps and standard images Cloud Recall quarantines malware based on past exposure 39
  • 40. FireAMP is Enterprise Ready  Manageability ▸ Complete deployment, policy configuration, integration with AD/LDAP  Performance ▸ Lightweight connector, heavy lifting in the cloud  Privacy ▸ Metadata based analysis 40
  • 41. What Makes Sourcefire Different? Traditional Endpoint Forensic Analysis NW-based AMP Reports No Not really Yes File Trajectory No Sort of… No File Analysis No Yes Yes File Analysis No Not really Sort of… Outbreak Control No Not really No Key Questions V I S I B I L I T Y Do we have an advanced malware problem? Which endpoint was infected first? How extensive is the outbreak? How does the malware behave? C O N T R O L What is needed to recover? How can we stop the outbreak? 41
  • 42. Advanced Malware Protection: FireAMP Mobile
  • 43. Mobile Malware Trends No question. Mobile devices introduce risk. Malware is on the rise. Source: Juniper BYOD brings a unique challenge. 43
  • 44. The BYOD Divide 40% IT decision makers who say that workers access corporate information from employeeowned devices. 80% Employees in same survey who say they access corporate information from their own devices. Source: IDC How can you protect the enterprise if you don’t know… 1. what to protect… or… 2. the nature of the threat 44
  • 45. FireAMP Mobile  Visibility: detect & analyze ▸ ▸  Control: contain & remediate ▸  Android (2.1+) threats Cloud-based, real time Blacklists Enterprise Ready Advanced Malware Protection Using Big Data Analytics 45
  • 46. Thank You.