SlideShare a Scribd company logo

Next Generation Security

N
neoma329

Understanding and insight on the next-generation security technology.

Technology
1 of 20
Next Generation Security 2013.02, By Claude Conrad
Part I. Understanding Next-Gen. Security Part II. The Direction of FutureSystems’ NGFW (…this part is private!)
Evolution of Network Security [Acronym] • SPI : Stateful Packet Inspection • DPI : Deep Packet Inspection • OC : Outbound Control • FCI : Full Content Inspection 1984 1988 1991 1993 2001 2002 2004 2009 2011 Boom of Network Security Signature Packet Application SPI Application/User Context Technology DPI OC FCI detection filtering proxy awareness awareness IDS IPS NGIPS Next Anti-DDoS Generation Security!! Product Firewall Firewall UTM NGFW URL filtering DLP Web-FW SWG
Market Segmentation • 2011 : $1.19 Billion IPS/NGIPS ~ 2016 : 2.5% CAGR Divergence McAfee IPS HP Sourcefire • 2011 : $1.28 Billion ~ 2017 : CAGR 15% FW+IPS UTM Check Point Palo Alto Fortinet Check Point FW+IPS+Other SonicWall Enterprise Firewall /NGFW • 2011 : $6.3 Billion WatchGuard ~ 2017 : 7.3% CAGR Convergence Small Midsize Enterprise Large User ~100 ~1,000 ~20,000 +20,000 Throughput ~1G ~10G +10G
UTM  UTM is multifunction network security products used by small or midsize businesses(SMBs). Advanced Now App. awareness User awareness Content awareness UTM WLAN controller WAN optimization VoIP Gateway …. Web-FW SSL Proxy DLP NAC Extended UTM URL filtering SSL VPN Anti-spam Anti-malware Firewall IPsec VPN IPS Anti-virus Basic 2004 UTM Defined by IDC, 2004
NGFW  Next-generation Firewall provides multiple protection mechanisms and features designed to prevent threats/attacks from network to application layers. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation firewall capabilities Integrated rather than merely colocated network IPS Application awareness and full stack visibility Extrafirewall intelligence : User ID directory, URL/IP DB Support upgrade paths to address future threats Defined by Gartner, 2009
NGFW - Application awareness  Role Application Application detection control Regardless of the port, protocol, and Application access control (SSL) encrypted traffic! and action control!  Composition Application Decryption (SSL, SSH) Application Protocol Decoding (Detect HTTP tunneling, individual function, etc.) Application Signature Application Heuristics (App. anomaly detection)
NGFW - Security Policy of NGFW Existing FW NGFW Allow SOURCE to DESTINATION Allow Application SOURCE to DESTINATION  SOURCE : IP addresses, Port #  SOURCE : IP addresses, Port #, Users  DESTINATION : IP addresses, Port #  DESTINATION : IP addresses, Port # Allow 192.120.10.110 80 to any 80 Allow Facebook any any manager to any any  Allow the use of 80-port for designated IP.  Allow the access of “Facebook” for designated user group. (regardless of the port, protocol, and encrypted traffic!)
NGFW vs. UTM #1 Range of Security features UTM NGFW Throughput NGFW (FW+IPS+AV) UTM Market SMB Enterprise
NGFW vs. UTM #2 UTM NGFW App. ID as a IPS pattern! Port App. ID Port Traffic Classification Engine Traffic Classification Engine See applications only default port, See applications on every port, not just default port Identify potentially malicious traffic by port Identify potentially malicious traffic by application type
NGIPS  Next-generation IPS builds on typical IPS solutions by providing application & contextual awareness to promptly assess threats, ensure a consistent and appropriate response, and reduce an organization’s security expenditures. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation IPS capabilities Application awareness and full stack visibility information sources ; user identities, vulnerability, Context awareness : patching state and geo-location information, etc. Content awareness Agile engine : Support upgrade paths to address future threats Defined by Gartner, 2011
NGIPS - Context awareness (Definition)  Context awareness(External intelligence, situational awareness) is the ability to deliver additional, relevant information to the FW & IPS engine to enable more accurate decisions to allow, alert, or block more quickly, accurately, and securely with fewer false positives.  Context is the complex set of network circumstances.  Context awareness is understanding the entire environment. Mgmt. system Devices Application (host profile (client side) with OS) Information Context Appliance awareness Configuration Service Vulnerabilities Context Security policy (server side (historical information! application) patching state) Special event detected! Network User ID Behaviors (NBA) How to respond?
NGIPS - Context awareness (Example)  Context awareness provides “Actionable Intelligent”!!! [Automated Tuning] [Incident Prioritization] Unknown devise detection Linux-based Alerting exploit detection (if Detection mode) Needless action! Abnormal traffic detection Target server No Dismissing/Logging Provided? Unexpected App./User detection Impact level low! Yes … Target server No New vulnerability Blocking patched? reported Impact level high! Yes Dismissing/Logging Recommend related policy Impact level middle!
NGIPS vs. NGFW #1 Context awareness NGFW-v2 User Other Content awareness NGFW Application awareness NGIPS Existing Firewall Existing IPS
NGIPS vs. NGFW #2 Element Typical FW NGFW Typical IPS NGIPS NGFW v2 Attack signature O O O O Application Applications O O O awareness User Users (Identity) O O O awareness Vulnerabilities O O DITECT Host profiles O O Context Client applications/ awareness Mobile devices O O O Virtual machines O O O NW Behavior anomaly △ O O O NBA Network access O O O O O URL CONTROL Site access O O O filtering User User access O O awareness Application Lauer 7 access O O awareness PaloAlto SourceFire Vendors CheckPoint McAfee SourceFire
The Meaning of Next-gen. Security #1  Evolution of Convergence Awareness NGFW TCP/IP Layer IPS UTM Application Transport Internet • Network-centric • Application-centric Link Convergence Convergence • Colocated security • Closely integrated feature security feature
The Meaning of Next-gen. Security #2  Age of Awareness (Expansion of DPI) All of awareness NGIPS for security Context Awareness NGFW Application User awareness awareness • Full content DLP, Anti-malware, inspection URL filtering Content awareness Pattern awareness • Pattern matching IPS (Basic awareness) for attack detection Anti-DDoS Deep Packet Inspection
The Meaning of Next-gen. Security #3  Hardened Security Management Hardened Configuration features!! Policy setting Automation Information Mgmt. Appliance Monitoring Configuration system Security policy Visualization Reporting Detection Context Analysis Blocking awareness Context awareness is base of Active Control!
The Future of Security Industry  Product 2 Modulization 4 6 Product 8 4  ESM 3  SIEM Mgmt. 1 system 1  Consulting 3 4 Service 1 3  MSS 1990~ 2000~ 2010~ 2020~ Virus DB IPS DB Application DB Context DB
The most important thing for strategy is "Information", The most important thing for planning is "Insight", The most important thing for development is "Practical ability", The most important thing for business is "Timing", The most important thing for service is "Executive ability“. The most important thing for outdoor activities is "Network", The most important thing for business practice is "Political power"! 2013.02, By Claude Conrad

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
unified threat management by Nisha Menon K
unified threat management by Nisha Menon K unified threat management by Nisha Menon K
unified threat management by Nisha Menon KNisha Menon K
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...EyesOpen Association
 
Ch_1 - Généralités sur la sécurité informatique.pdf
Ch_1 - Généralités sur la sécurité informatique.pdfCh_1 - Généralités sur la sécurité informatique.pdf
Ch_1 - Généralités sur la sécurité informatique.pdfNafissa11
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
unified threat management by Nisha Menon K
unified threat management by Nisha Menon K unified threat management by Nisha Menon K
unified threat management by Nisha Menon KNisha Menon K
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...EyesOpen Association
 
Ch_1 - Généralités sur la sécurité informatique.pdf
Ch_1 - Généralités sur la sécurité informatique.pdfCh_1 - Généralités sur la sécurité informatique.pdf
Ch_1 - Généralités sur la sécurité informatique.pdfNafissa11
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)AlgoSec
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
PACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPace IT at Edmonds Community College
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Techowl- Wazuh.pdf
Techowl- Wazuh.pdfTechowl- Wazuh.pdf
Techowl- Wazuh.pdfAbhishekChaudhary518667
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallCA API Management
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo LogicSumo Logic
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Seqrite
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligenceMondher Smii
 
Mobile agents
Mobile agentsMobile agents
Mobile agentsSantosh Pandey
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
NetSafe - 11nov2011
NetSafe - 11nov2011NetSafe - 11nov2011
NetSafe - 11nov2011Agora Group
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 

More Related Content

What's hot

Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoorsShrey Vyas
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallCA API Management
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo LogicSumo Logic
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Seqrite
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligenceMondher Smii
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 

What's hot (20)

Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
 
PACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network Segmentation
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Techowl- Wazuh.pdf
Techowl- Wazuh.pdfTechowl- Wazuh.pdf
Techowl- Wazuh.pdf
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
Firewall
FirewallFirewall
Firewall
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligence
 
Mobile agents
Mobile agentsMobile agents
Mobile agents
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 

Similar to Next Generation Security

NetSafe - 11nov2011
NetSafe - 11nov2011NetSafe - 11nov2011
NetSafe - 11nov2011Agora Group
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADFF5 Networks
 
NetSafe_Fortinet - 13martie2012
NetSafe_Fortinet - 13martie2012NetSafe_Fortinet - 13martie2012
NetSafe_Fortinet - 13martie2012Agora Group
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- DatasheetINSPIRIT BRASIL
 
Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011France IX Services
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Take Control of End User Security
Take Control of End User SecurityTake Control of End User Security
Take Control of End User Securityanniebrowny
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 
Windstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Enterprise
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsresponsedatacomms
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
AGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldAGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldCisco Russia
 

Similar to Next Generation Security (20)

NetSafe - 11nov2011
NetSafe - 11nov2011NetSafe - 11nov2011
NetSafe - 11nov2011
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADF
 
NetSafe_Fortinet - 13martie2012
NetSafe_Fortinet - 13martie2012NetSafe_Fortinet - 13martie2012
NetSafe_Fortinet - 13martie2012
 
S series presentation
S series presentationS series presentation
S series presentation
 
Netflow analyzer- Datasheet
Netflow analyzer- DatasheetNetflow analyzer- Datasheet
Netflow analyzer- Datasheet
 
Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Take Control of End User Security
Take Control of End User SecurityTake Control of End User Security
Take Control of End User Security
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Windstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security Myths
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overview
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
AGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real WorldAGILE SECURITY™ Security for the Real World
AGILE SECURITY™ Security for the Real World
 

Recently uploaded

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Recently uploaded (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Next Generation Security

  • 1. Next Generation Security 2013.02, By Claude Conrad
  • 2. Part I. Understanding Next-Gen. Security Part II. The Direction of FutureSystems’ NGFW (…this part is private!)
  • 3. Evolution of Network Security [Acronym] • SPI : Stateful Packet Inspection • DPI : Deep Packet Inspection • OC : Outbound Control • FCI : Full Content Inspection 1984 1988 1991 1993 2001 2002 2004 2009 2011 Boom of Network Security Signature Packet Application SPI Application/User Context Technology DPI OC FCI detection filtering proxy awareness awareness IDS IPS NGIPS Next Anti-DDoS Generation Security!! Product Firewall Firewall UTM NGFW URL filtering DLP Web-FW SWG
  • 4. Market Segmentation • 2011 : $1.19 Billion IPS/NGIPS ~ 2016 : 2.5% CAGR Divergence McAfee IPS HP Sourcefire • 2011 : $1.28 Billion ~ 2017 : CAGR 15% FW+IPS UTM Check Point Palo Alto Fortinet Check Point FW+IPS+Other SonicWall Enterprise Firewall /NGFW • 2011 : $6.3 Billion WatchGuard ~ 2017 : 7.3% CAGR Convergence Small Midsize Enterprise Large User ~100 ~1,000 ~20,000 +20,000 Throughput ~1G ~10G +10G
  • 5. UTM  UTM is multifunction network security products used by small or midsize businesses(SMBs). Advanced Now App. awareness User awareness Content awareness UTM WLAN controller WAN optimization VoIP Gateway …. Web-FW SSL Proxy DLP NAC Extended UTM URL filtering SSL VPN Anti-spam Anti-malware Firewall IPsec VPN IPS Anti-virus Basic 2004 UTM Defined by IDC, 2004
  • 6. NGFW  Next-generation Firewall provides multiple protection mechanisms and features designed to prevent threats/attacks from network to application layers. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation firewall capabilities Integrated rather than merely colocated network IPS Application awareness and full stack visibility Extrafirewall intelligence : User ID directory, URL/IP DB Support upgrade paths to address future threats Defined by Gartner, 2009
  • 7. NGFW - Application awareness  Role Application Application detection control Regardless of the port, protocol, and Application access control (SSL) encrypted traffic! and action control!  Composition Application Decryption (SSL, SSH) Application Protocol Decoding (Detect HTTP tunneling, individual function, etc.) Application Signature Application Heuristics (App. anomaly detection)
  • 8. NGFW - Security Policy of NGFW Existing FW NGFW Allow SOURCE to DESTINATION Allow Application SOURCE to DESTINATION  SOURCE : IP addresses, Port #  SOURCE : IP addresses, Port #, Users  DESTINATION : IP addresses, Port #  DESTINATION : IP addresses, Port # Allow 192.120.10.110 80 to any 80 Allow Facebook any any manager to any any  Allow the use of 80-port for designated IP.  Allow the access of “Facebook” for designated user group. (regardless of the port, protocol, and encrypted traffic!)
  • 9. NGFW vs. UTM #1 Range of Security features UTM NGFW Throughput NGFW (FW+IPS+AV) UTM Market SMB Enterprise
  • 10. NGFW vs. UTM #2 UTM NGFW App. ID as a IPS pattern! Port App. ID Port Traffic Classification Engine Traffic Classification Engine See applications only default port, See applications on every port, not just default port Identify potentially malicious traffic by port Identify potentially malicious traffic by application type
  • 11. NGIPS  Next-generation IPS builds on typical IPS solutions by providing application & contextual awareness to promptly assess threats, ensure a consistent and appropriate response, and reduce an organization’s security expenditures. Support in-line Bump-in-the-wire config. Minimum features; Standard first-generation IPS capabilities Application awareness and full stack visibility information sources ; user identities, vulnerability, Context awareness : patching state and geo-location information, etc. Content awareness Agile engine : Support upgrade paths to address future threats Defined by Gartner, 2011
  • 12. NGIPS - Context awareness (Definition)  Context awareness(External intelligence, situational awareness) is the ability to deliver additional, relevant information to the FW & IPS engine to enable more accurate decisions to allow, alert, or block more quickly, accurately, and securely with fewer false positives.  Context is the complex set of network circumstances.  Context awareness is understanding the entire environment. Mgmt. system Devices Application (host profile (client side) with OS) Information Context Appliance awareness Configuration Service Vulnerabilities Context Security policy (server side (historical information! application) patching state) Special event detected! Network User ID Behaviors (NBA) How to respond?
  • 13. NGIPS - Context awareness (Example)  Context awareness provides “Actionable Intelligent”!!! [Automated Tuning] [Incident Prioritization] Unknown devise detection Linux-based Alerting exploit detection (if Detection mode) Needless action! Abnormal traffic detection Target server No Dismissing/Logging Provided? Unexpected App./User detection Impact level low! Yes … Target server No New vulnerability Blocking patched? reported Impact level high! Yes Dismissing/Logging Recommend related policy Impact level middle!
  • 14. NGIPS vs. NGFW #1 Context awareness NGFW-v2 User Other Content awareness NGFW Application awareness NGIPS Existing Firewall Existing IPS
  • 15. NGIPS vs. NGFW #2 Element Typical FW NGFW Typical IPS NGIPS NGFW v2 Attack signature O O O O Application Applications O O O awareness User Users (Identity) O O O awareness Vulnerabilities O O DITECT Host profiles O O Context Client applications/ awareness Mobile devices O O O Virtual machines O O O NW Behavior anomaly △ O O O NBA Network access O O O O O URL CONTROL Site access O O O filtering User User access O O awareness Application Lauer 7 access O O awareness PaloAlto SourceFire Vendors CheckPoint McAfee SourceFire
  • 16. The Meaning of Next-gen. Security #1  Evolution of Convergence Awareness NGFW TCP/IP Layer IPS UTM Application Transport Internet • Network-centric • Application-centric Link Convergence Convergence • Colocated security • Closely integrated feature security feature
  • 17. The Meaning of Next-gen. Security #2  Age of Awareness (Expansion of DPI) All of awareness NGIPS for security Context Awareness NGFW Application User awareness awareness • Full content DLP, Anti-malware, inspection URL filtering Content awareness Pattern awareness • Pattern matching IPS (Basic awareness) for attack detection Anti-DDoS Deep Packet Inspection
  • 18. The Meaning of Next-gen. Security #3  Hardened Security Management Hardened Configuration features!! Policy setting Automation Information Mgmt. Appliance Monitoring Configuration system Security policy Visualization Reporting Detection Context Analysis Blocking awareness Context awareness is base of Active Control!
  • 19. The Future of Security Industry  Product 2 Modulization 4 6 Product 8 4  ESM 3  SIEM Mgmt. 1 system 1  Consulting 3 4 Service 1 3  MSS 1990~ 2000~ 2010~ 2020~ Virus DB IPS DB Application DB Context DB
  • 20. The most important thing for strategy is "Information", The most important thing for planning is "Insight", The most important thing for development is "Practical ability", The most important thing for business is "Timing", The most important thing for service is "Executive ability“. The most important thing for outdoor activities is "Network", The most important thing for business practice is "Political power"! 2013.02, By Claude Conrad