Successfully reported this slideshow.
Your SlideShare is downloading. ×

Moving Security Model From Content to Context

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
12201952 pss7
12201952 pss7
Loading in …3
×

Check these out next

1 of 9 Ad

Moving Security Model From Content to Context

Download to read offline

www.lucky-bet.site => Bet on Sports - 50% Deposit Bonus
www.lucky-bet.site/casino => Online Casino - 5000$ Welcome Bonus
www.lucky-bet.site/lotto247 => Lotto247 - Win Big, Live Free

Malware is getting more and more sophisticated and capable to circumvent traditional security technologies, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”.

www.lucky-bet.site => Bet on Sports - 50% Deposit Bonus
www.lucky-bet.site/casino => Online Casino - 5000$ Welcome Bonus
www.lucky-bet.site/lotto247 => Lotto247 - Win Big, Live Free

Malware is getting more and more sophisticated and capable to circumvent traditional security technologies, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Viewers also liked (20)

Advertisement

Similar to Moving Security Model From Content to Context (20)

Recently uploaded (20)

Advertisement

Moving Security Model From Content to Context

  1. 1. Moving Security Model From Content To Context Quick Random Thoughts on Security Trends and Technologies for 2012 Paolo Passeri paulsparrows.wordpress.com
  2. 2. Why Next Generation Technologies Are Needed Malware is getting more and more sophisticated and capable to circumvent traditional security technologies paulsparrows.wordpress.com
  3. 3. APTs Are Changing The Rules Of The Game APTs threaten Organizations on different levels (from users to application) and heterogeneous time scales, redefining the information security landscape. Firewalls, Next Generation Firewalls and Intrusion Prevention Systems are converging to a new breed of security devices capable of moving the security enforcement paradigm to context, taking over the old model based on “IP Address, Protocol and Access Control” to a new model focused on “user, application and anomaly”. paulsparrows.wordpress.com
  4. 4. The Next Level: From Content to Context Context-aware security is the use of supplemental information to improve security decisions at the time the decision is made. Supplemental Information include: Geo Location, Reputation, and the interaction of the user with the environment (applications, directory, etc.). This class of devices is called Next Generation IPS: http://blogs.gartner.com/neil_macdonald/2011/10/13/next-gen-context-aware-intrusion- prevention/ paulsparrows.wordpress.com
  5. 5. NG-IPS Vs The Rest Of The World Firewall IPS NGF NG-IPS Works At Layer 3-4 Layer 4-7 Layer 7 Layer 4-7 Security Paradigm • IP Address • Protocol • User • User • Port • Vulnerability • Application • Application • Protocol • Vulnerability Scans All Traffic All Traffic Classified Applications All Traffic including classified Applications Deployed as • Layer 3 Gateway • Transparent Mode • Layer 3 Gateway • Layer 3 Gateway • Transparent Mode • Connected to TAP • Transparent Mode • Transparent Mode • Connected to Span Port Defends Against • Intrusions by • Intrusions by everyone • Misuse of applications by Users; • Intrusions by everyone exploiting unauthorized users exploiting vulnerabilities at • Intrusions by unauthorized users application and server vulnerabilities, exploiting known ports; Layer 4-7; exploiting classified applications; • Misuse of applications by users Performs Access Yes No Yes Yes Control Access Control By • IP Address - • User • User • Port • Application • Application • Protocol • IP address • Port • Protocol Detection Algorithms • Packet Filter • Deep Packet Inspection • Application Classification via • Stateful Inspection • Application Proxy • Signatures proprietary methods • Deep Packet Inspection • Stateful Inspection • Pattern Matching • Application Classification • Protocol-Based • Signatures • Anomaly Detection • Pattern Matching • Heuristics • Anomaly Detection (ApplAnd Protocol) • Heuristics Use cloud based No Yes for updating signatures Yes for updating application Yes for updating signatures and services from data received from other fingerprints and dynamically classify application fingerprints sensors unknown applications Use reputation and No Partially No Yes Geo-location Dedicated Device Yes May exist as a dedicated device Once existed as a dedicated device, Yes, Will replace traditional Firewalls, NG or as a security feature on a now is a security feature on top of a Firewalls, IPSs UTM “traditional firewall” Deployed at Perimeter On perimeter firewall or behind Perimeter, focused to protect Perimeter it and in front of Key Asset s outbound traffic May Scan SSL No Yes No Yes paulsparrows.wordpress.com
  6. 6. Web Application Firewalls The growing number of vulnerabilities targeting Web Applications and cyber attacks carried on against banks together with the need to be compliant with strict requirements and regulations are pushing the adoption of Web Application Firewalls. Although Technology tends to consolidate traditional security solutions, WAFs are destined to remain standalone dedicated devices in front of key web assets to protect. These devices are required by PCI-DSS and most of all by the growing attention by Cybercrookers for exploiting vulnerabilities in banking web applications. Only this year, famous victims included CitiGroup and Samsung Card. In particular attackers were able to subtract $2.7 million to Citigroup. http://spectrum.ieee.org/riskfactor/telecom/security/citigroup-admits-being-hacked-in- may-coy-about-extent-of-impact http://www.databreaches.net/?p=20522 paulsparrows.wordpress.com
  7. 7. WAFs Against The Rest Of The World paulsparrows.wordpress.com
  8. 8. So Which Is The Most Revolutionary Technology? Avoid to invest in new technologies without first patching the user! APT Holds only for 1%, (human) vulnerabilities for the remaining 99% paulsparrows.wordpress.com
  9. 9. References Oct 5, 2011: Information, The Next Battlefield http://paulsparrows.wordpress.com/2011/10/05/information-the- next-battlefield/ Oct 7, 2011: Next Generation Firewalls and Web Applications Firewall Q&A http://paulsparrows.wordpress.com/2011/10/07/next-generation- firewalls-and-web-applications-firewall-qa/ Oct 13, 2011: Advanced Persistent Threats and Security Information Management http://paulsparrows.wordpress.com/2011/10/13/apts-and- security-information-management/ Oct 27, 2011: Are You Ready For The Next Generation IPS? http://paulsparrows.wordpress.com/2011/10/27/are-you-ready- for-the-next-generation-ips/ Nov 20, 2011: Advanced Persistent Threats and Human Errors http://paulsparrows.wordpress.com/2011/11/20/advanced- persistent-threats-and-human-errors/

×