Protect & Defend Your Critical Infrastructure


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Protect & Defend Your Critical Infrastructure

  1. 1. Protect & Defend Your Critical InfrastructureSCADA, Smart Grid, and Compliance<br />Tom Turner – VP Marketing and Channels, Q1 Labs<br />Alex Tatistcheff – Senior Security Instructor, Sourcefire<br />Douglas Hurd – Director, Technology Alliances<br />
  2. 2. Introductions and Overviews<br />Partnership Background<br />Compliance Requirements<br />Total Security Intelligence for Energy & Utilities<br />Q&A<br />Outline<br />
  3. 3. Sourcefire Overview<br />To be the leading provider of intelligent cybersecurity solutions for the enterprise.<br />Mission:<br />Founded in 2001 by Snort Creator, Martin Roesch, CTO<br />Headquarters: Columbia, MD<br />Focus on enterprise and government customers<br />Global Security Alliance ecosystem<br />NASDAQ: FIRE<br />
  4. 4. Q1Labs - Overview<br />Who we are:<br /><ul><li>Innovative Security Intelligence software company
  5. 5. Largest independent SIEM vendor
  6. 6. Leader in Gartner 2011, 2010, 2009 Magic Quadrant</li></ul>Award winning solutions:<br /><ul><li>Family of next-generation Risk Management, Log Management, SIEM, security intelligence solutions</li></ul>Executing, growing rapidly:<br /><ul><li>+1600 customers worldwide
  7. 7. Five-year average revenue growth +70%
  8. 8. North America, EMEA and Asia Pacific</li></li></ul><li>Mutual customers asked for integration<br />Q1 Dev team to build integration using Sourcefire API<br />Q1 Labs completes integration makes eStreamer Client available <br />Partnership Background 2010-2011<br />
  9. 9. Deployment Scenarios - Sourcefire<br />
  10. 10. Deployment Scenarios – Q1 Labs<br />
  11. 11. Sourcefire and NERC<br />
  12. 12. Total Security Intelligencefor Energy & Utilities<br />
  13. 13. 72% of organizations are not getting the intelligence they need<br />Only 39% of organizations are currently using a SIEM solution<br />On average, it takes 22 days to detect unauthorized changes or malicious activity<br />69% of organizations feel a data breach is likely to occur in the next 12 months<br />76% of organizations have suffered one or more data breaches over the course of the last 12 months.<br />Energy & Utilities – Security Challenges<br />Source: April 2011 Ponemon Research survey<br />
  14. 14. Top IT Security priority is to protect and secure SCADA networks <br />QRadar monitors and correlates data from many sources including SCADA<br />Smart Networks<br />Source: April 2011 Ponemon Research survey<br />
  15. 15. Exploit<br />Remediation<br />Vulnerability<br />Prediction/Prevention Phase<br />Reaction/Remediation Phase<br />Post-Exploit<br />Pre-Exploit<br />Risk Management , Compliance Management,<br />Vulnerability Management, Configuration Management<br />SIEM, Network/User Anomaly Detection,<br />Log Management<br />Solutions Across the Entire Compliance and Security Intelligence Lifecycle<br />
  16. 16. Security Intelligence: SIEM with Behavior Anomaly Detection and Broadest Context<br />Suspected Incidents<br />Detect Threats Others Miss<br />Manage Risk<br />Consolidate Silos<br />Content capture and user activity monitoring enabled fraud detection prior to exploit completion<br />Discovered 500 hosts with “Here You Have” virus, which all other security products missed<br />2 Billion log and events per day reduced to 25 high priority offenses<br />
  17. 17. Smart meter devices and systems<br />Detects Snort alerts from SCADA networks<br />Intrusion events and packet data<br />Real-time user and network events<br />Compliance and white list events<br />QRadar Collects Sourcefire Event Data<br />
  18. 18. Compliance Validation and Information Overload<br />QRadar’s integrated security management supports specific NERC-CIP requirements, with out of the box NERC-CIP reporting, such as: CIP-005. Electronic Security Perimeter(s)<br />
  19. 19. Fundamental NERC-CIP RequirementsSupported by QRadar<br />
  20. 20. Threat and Risk Management<br />
  21. 21. Questions?<br />Alex Tatistcheff<br /><br />Tom Turner<br /><br />Doug Hurd<br /><br />Thank You for your time!<br />