Best Practices for Network Security Management

2,292 views
2,010 views

Published on

Gidi Cohen, Founder & CEO, Skybox Security

Changing technology and business trends pose new challenges to network security management, including firewall change management processes, management of security configurations in a BYOD-world, regulatory compliance, validation of firewall migrations, and troubleshooting access problems to complex networks. Through case studies, survey data, and real-world practices, this session will grant insight into automating and optimizing network security management.

Learn to streamline and automate firewall analysis to improve productivity

Discover how to automate network device configuration to minimize error

Gain insight into how secure change management can ensure stringent security compliance

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,292
On SlideShare
0
From Embeds
0
Number of Embeds
20
Actions
Shares
0
Downloads
96
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Best Practices for Network Security Management

  1. 1. Best Practices for Network Security Management Gidi Cohen CEO and Founder Skybox Security McAfee Focus October 1, 2013 www.skyboxsecurity.com
  2. 2. © 2013 Skybox Security Inc. 2 Agenda  Skybox Security Introduction  Challenges for Network Security Today – More critical, more complex  Practical Steps to Optimize Network Security Management Process – The macro view - manage the enterprise network – The micro view - manage every device – Powerful analytics incorporating risk and vulnerabilities to identify attacks – Change management at the core
  3. 3. © 2013 Skybox Security Inc. 3 Skybox Security Overview Protect the Network and the Business  Visibility and Intelligence to decipher complicated network security interactions  Eliminate Attack Vectors to protect business services and data  Automate and Optimize complex security management processes Powerful Risk Analytics for Cyber Security “Skybox…considers risk to systems by taking into consideration the network topology and prioritizes vulnerabilities for remediation.” –How to Assess Risk and Monitor Compliance for Network Security Policies Gartner (2013)
  4. 4. © 2013 Skybox Security Inc. 4 High Performing Organizations Choose Skybox Security Service Providers Energy & Utilities Government & Defense Others Financial Services
  5. 5. © 2013 Skybox Security Inc. 5 Network Security: Mission Impossible?
  6. 6. © 2013 Skybox Security Inc. 6 Your Mission: Continuously Maintain Network Security Controls in a Complex Environment  500 network devices  7 different vendor languages to deal with  25,000 FW rules  1,000 IPS signatures  55,000 nodes  65 daily network changes  Infrastructure spanning three continents  No room for error
  7. 7. © 2013 Skybox Security Inc. 7 While Meeting Challenging Expectations Maintain Compliance Keep Out Attackers Enable New Services Optimize Performance Troubleshoot Efficiently
  8. 8. © 2013 Skybox Security Inc. 9 Traditional Tech – More Hinder than Help? Firewalls Constant Changes IPS Is it effective? Ping, Traceroute Inefficient? Vulnerability Data How old? Network Topology Visualize? Pen Test Large Scale?
  9. 9. © 2013 Skybox Security Inc. 10 Time to Rethink Security
  10. 10. © 2013 Skybox Security Inc. 11 Rule 1: Network Security Management Requires a Macro View  Normalize all infrastructure data from multiple vendors – Configs – Hosts – Assets  Enhance network visibility – Model Topology – Map to hosts – Detect missing info  Update continuously  ‘What if’ analysis
  11. 11. © 2013 Skybox Security Inc. 12 Highly Scalable Access Path Analysis Access Analyzer takes into consideration: - Routing - NAT - Firewall rules (ACL) - VPN
  12. 12. © 2013 Skybox Security Inc. 13 Rule 2: Daily Device Management Requires a Micro View  Rule, access policy and config compliance,  Take into account network complexities – segments/zones, routing, vendors,routers/switches /IPS, FWs  Optimize to streamline rule-set
  13. 13. © 2013 Skybox Security Inc. 14 NGFW Application Policy Management Skybox Survey (2012): 46% enable BYOD and external social apps • Enable automated policy compliance • View access policy violations by application • Block or limit access checks by applications • Network modeling of users and applications
  14. 14. © 2013 Skybox Security Inc. 15 Rule 3: Attack Simulation to Identify Attack Vectors © 2012 Skybox Security Probable attack vector to Finance servers asset group “Multi-step” attack, crossing several network zones Connectivity Path Attack Vector How to Block Potential Attack?
  15. 15. © 2013 Skybox Security Inc. 16 Incorporate Vulnerability and Risks  Firewalls are not just firewalls  IPS  Anti-malware  Application control  Today you need to understand risk, vulnerabilities, IPS signatures, applications, and availability needs
  16. 16. © 2013 Skybox Security Inc. 17 Verify Effective IPS Coverage Skybox Survey (2012) 62% plan to use IPS in active protection mode • Review and report on configuration of recent threats • Understand overall signature coverage • Activate only necessary signatures, maximize performance and prioritize vulnerabilities
  17. 17. © 2013 Skybox Security Inc. 18 Plan Contextual and Actionable Remediation Install security patch on server Change firewall access rule Activate signature on IPS
  18. 18. © 2013 Skybox Security Inc. 19 Rule 4: Change Management Process is Key  Monitor changes  Troubleshoot access  Follow standard processes  Handle exceptions  Reconcile changes  Benefits: – Continuously monitor change and minimize risks – Link and automate security processes Pre & Post Change Control Capture Assess DesignImplement Verify
  19. 19. © 2013 Skybox Security Inc. 20 Combined Effect: Verify Network Security Controls on a Continuous Basis Network change exposes vulnerabilities • CVE 2013-203 • CVE 2013-490 New attack scenario blocked by IPS Unauthorized access path from Partner to Internal zone Will change cause compliance or availability risks? Firewall is allowing access to risky services
  20. 20. © 2013 Skybox Security Inc. 23 Skybox Security Integration with McAfee  Continuous monitoring of vulnerabilities  Risk-based prioritization  Risk metrics and reports  Remediation planning  Threat impact analysis  Continuous monitoring for compliance  Change management  Configuration management  Network visibility Skybox Network Security Management Skybox Vulnerability and Threat Management Firewall Assurance Network Assurance Change Manager Risk Control Threat Manager McAfee Firewall Enterprise McAfee Stonesoft McAfee Vulnerability Management
  21. 21. © 2013 Skybox Security Inc. 24 Network Visibility Predictive Risk Analytics Extensive Integration Complete Platform Unique Technology Delivers Business Value Network path analysis, multi-step attack simulation, KPI metrics Over 70 network devices and management tools Non- disruptive network topology modeling, & simulation Consolidate security management solutions
  22. 22. © 2013 Skybox Security Inc. 25 Summary: Best Practices Checklist  1: Macro view - Consistent, comprehensive, up-to- date view of network topology at all times  2. Micro view - Have detailed device level view for granular control  3: Powerful Analytics, Attack simulation – Leverage analytical tools to quickly find attack vectors and troubleshoot access – Be responsive to changing risks – take vulnerability and threat data into account  4: Verify changes in advance
  23. 23. © 2013 Skybox Security Inc. 26 Questions & Answers 26 POST-CONFERENCE, ACCESS PRESENTATIONS AT: • www.mcafee.com/focus13 • Password: presentations13 STAY CONNECTED. JOIN THE PLACE: www.mcafeetheplace.com LEARN MORE AT: • [insert links if you have any or highlight other sessions] RATE THIS SESSION! From the FOCUS App select session # [inserted by FOCUS staff]
  24. 24. © 2013 Skybox Security Inc. 27 Thank you www.skyboxsecurity.com

×