Scalar Security Roadshow - Ottawa Presentation

Scalar Security Roadshow
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1

Purpose of today’s session:
Provide insights on how Scalar and our
partners address today’s complex
security challenges
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
2

Gartner report highlights
3
• Security spend as % of IT
budgets increased
• Strong correlation between
Security budget and maturity
• Emphasis on network,
applications and endpoint
• Insufficient investment in people
and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014

Scalar – brief overview
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. October 6, 2014 4

10 Years
5

901 65 180

100%
Vancouver Calgary
Montreal
Ottawa
Toronto
London

#1 ICT
Security
#51
Company
#15
Top 250 ICT
Companies

Top tier technical talent.
• Engineers average 15 years of experience
• World-class experts from some of the
leading organizations in the industry
• Dedicated teams: PMO, finance, sales and
operations
• Canadian Authorized Training Centres
• We employ and retain top talent

Top awards.
• Brocade Partner of the Year
~ Innovation
• Cisco Partner of the Year
~ Data Centre & Virtualization
• NetApp Partner of the Year
~ Central Canada
• VMware Global Emerging Products
Partner of the Year
• F5 VAR Partner of the Year
~ North America
• Palo Alto Networks Rookie of
the Year

Putting our expertise into practice.
11

Integrating, securing and managing
systems for the most technologically
advanced games ever.

Our Focus
• Protection of Data and
Systems
• High Performance
Computing
• Flexible Solutions

Our security partners

Partners here today

SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Cisco-Sourcefire FirePOWER
Sylvain Levesque
Security Consulting Systems Engineer
slevesqu@cisco.com SECURITY

SECURITY
Agenda:
• New Security Model and Global Intelligence
• The POWER in FirePOWER
• FirePOWER Appliance
• ASA with FirePOWER Services

The New Security Model
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
DURING
Detect
Block
Defend
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous

Cisco Security Intelligence Operation (SIO)
More Than $100
24 Hours Daily
More Than 40
Million
OPERATIONS
SPENT IN DYNAMIC RESEARCH
AND DEVELOPMENT
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 Cisco1100001110001110 ® SIO
1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 Email Devices WWW Web
LANGUAGES
IPS Networks Endpoints
More Than 80
PH.D, CCIE, CISSP, MSCE
Cloud IPS AnyConnect®
ESA ASA WWW WSA
Information
More Than 800
ENGINEERS, TECHNICIANS,
AND RESEARCHERS
Actions
Visibility Control
1.6 Million
GLOBAL SENSORS
100 TB
DATA RECEIVED PER DAY
40%
WORLDWIDE EMAIL TRAFFIC
13 Billion
WEB REQUESTS
More Than 150 Million
DEPLOYED ENDPOINTS
3 to 5
MINUTE UPDATES
More Than 200
PARAMETERS TRACKED
More Than 5500
IPS SIGNATURES PRODUCED
More Than 70
PUBLICATIONS PRODUCED
More Than 8 Million
RULES PER DAY

Collective Security Intelligence
Malware
Protection
IPS Rules
Reputation
Feeds
Vulnerability
Database Updates
Sourcefire AEGIS™
Program
Private and
Public
Threat Feeds
Sourcefire VRT®
(Vulnerability
Research Team)
Sandboxing
Machine Learning
Big Data
Infrastructure
Sandnets FireAMP™
Community Honeypots
File Samples
(>380,000 per Day)
Advanced
Microsoft
and Industry
Disclosures
SPARK Program
Snort and ClamAV
Open Source
Communities

The POWER in FirePOWER
SECURITY

About Sourcefire
Mission: To be the leading
provider of intelligent
cybersecurity solutions
for the enterprise.
• Founded in 2001 by Snort Creator, Martin
Roesch, CTO
• Headquarters: Columbia, MD
• Focus on enterprise and government customers
• Global Security Alliance ecosystem
• NASDAQ: FIRE
Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)

FireSIGHT™ Management Center:
Full Stack Visibility
CATEGORIES
EXAMPLES
FirePOWER Services TYPICAL
IPS
TYPICAL
NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔
Malware Conficker, Flame ✔ ✗ ✗
Command & Control Servers C&C Security Intelligence ✔ ✗ ✗
Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗
Mobile Devices iPhone, Android, Jail ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Cisco phones ✔ ✗ ✗
Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗
Contextual
Information Superiority Awareness

Cisco FireSIGHT Simplifies Operations
• Impact Assessment and Recommended Rules Automate
Routine Tasks

Impact Assessment IMPACT
Correlates all intrusion events to
an impact of the attack against
the target
FLAG
ADMINISTRATOR
ACTION
WHY
Act Immediately,
Vulnerable
Event corresponds to
vulnerability mapped
to host
Investigate,
Potentially
Vulnerable
Relevant port open or
protocol in use, but
no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored network

Visibility and Context

Visibility and Context
File Sent
File Received
File Executed
File Moved
File Quarantined

Indications of Compromise (IoCs)
IPS Events
Malware
Backdoors
CnC
Connections
Exploit Kits
Admin
Privilege
Escalations
Web App
Attacks
SI Events
Connections to
Known CnC
IPs
Malware
Events
Malware
Detections
Malware
Executions
Office/PDF/
Java
Compromises
Dropper
Infections

FirePOWER Services: Application Control
• Control access for applications, users and devices
• “Employees may view Facebook, but only Marketing may post to it”
• “No one may use peer-to-peer file sharing apps”
Over 3,000
apps, devices,
and more!

…Yet Another Open Source Success Story
• OpenAppID
• Open source application detection and control
Application-focused detection language tied to Snort engine
Enhances coverage and efficacy and accelerates development of
application detectors
Empowers the community to share detectors for greater protection
Already over 1300 OpenAppID Detectors
Ties into a Snort Pre-processor for maximum performance and integration

FirePOWER Services: URL Filtering
• Block non-business-related sites by category
• Based on user and user group

FirePOWER Services: Advanced Malware
Malware Alert!
4) Execution Report
Available In Defense Center
1) File Capture
Collective Security
Intelligence Sandbox
3) Send to Sandbox
2) File Storage
Network Traffic

Reduced Cost and Complexity
• Multilayered protection in a
single device
• Highly scalable for branch,
internet edge, and data centers
• Automates security tasks
o Impact assessment
o Policy tuning
o User identification
• Integrate transparently with
third-party security solutions
through eStreamer API

FirePOWER Appliances
SECURITY

Setting the New Standard for Advanced
Threat Protection
Sourcefire FirePOWER™
• Industry-‐best
Intrusion
Preven1on
• Real-‐1me
Contextual
Awareness
• Full
Stack
Visibility
• Intelligent
Security
Automa1on
with
FireSIGHT™
• Unparalleled
Performance
and
Scalability
• Easily
add
Applica1on
Control,
URL
Filtering
and
Advanced
Malware
Protec1on
with
op1onal
subscrip1on
licenses

Platforms and Places in the Network
IPS Performance and Scalability Data Center Campus Branch Office SOHO Internet Edge
FirePOWER 7100 Series
500 Mbps – 1 Gbps
FirePOWER 7120/7125/8120
1 Gbps - 2 Gbps
FirePOWER 8100/8200
2 Gbps - 10 Gbps
10 Gbps – 40 Gbps
50 Mbps – 250 Mbps
15 Gbps – 60 Gbps

FirePOWER Feature Summary
NGIPS
• IPS Detection and Prevention
• Security Updates
• Reports, Alerts, and Dashboards
• Centralized Policy Management
• Custom IPS Rule Creation
• Automated Impact Assessment
• Automated Tuning
• FireSIGHT Network & User
Intelligence
• IT Policy Compliance Whitelists
• File Type Determination
• Network Behavior Analysis
You can ADD additional license
• Application Control
• User and User Group Control
• Stateful Firewall Inspection
Switching and Routing
• Network Address Translation
• URL Filtering
• File Blocking
• Advanced Malware Protection
Virtual Appliances for VMWare and XEN

ASA with FirePOWER Services
SECURITY

FirePOWER Services for ASA: Components
FirePOWER Services Blade
ASA 5585-X
• Models: ASA 5585-X-10, ASA 5585-
X-20, ASA 5585-X-40, ASA 5585-X-60
• New FirePOWER Services Hardware
Module Required
• Licenses and Subscriptions
• Models: ASA 5512-X, 5515-X, 5525-X,
5545-X, and 5555-X
• SSD Drive Required
• FirePOWER Services Software Module
• Licenses and Subscriptions

Superior Multilayered Protection
• World’s most widely deployed, enterprise-class ASA stateful firewall
• Granular Application Visibility and Control (AVC)
• Industry-leading FirePOWER Next-Generation IPS (NGIPS)
• Reputation- and category-based URL filtering
• Advanced malware protection
Cisco Collective Security Intelligence Enabled
FireSIGHT
Analytics &
Automation
CISCO ASA
WWW
URL Filtering
(subscription)
Identity-Policy
Control & VPN
Advanced
Malware
Protection
(subscription)
Intrusion
Prevention
(subscription)
Application
Visibility &Control
Clustering &
High Availability
Network Firewall
Routing | Switching
Built-in Network
Profiling

ASA and FirePOWER Features
• IPS Detection and Prevention
• Security Updates
• Reports, Alerts, and Dashboards
• Centralized Policy Management
• Custom IPS Rule Creation
• Automated Impact Assessment
• Automated Tuning
• FireSIGHT Network & User Intelligence
• IT Policy Compliance Whitelists
• File Type Determination
• Network Behavior Analysis
• Application Control
• User and User Group Control
• Stateful Firewall Inspection Switching and
Routing
• Network Address Translation
• URL Filtering
• File Blocking
• Advanced Malware Protection
• Identity-Based Firewall for enhanced user ID
awareness.
• Highly Secure remote access (IPSEC and SSL)
• Proactive, near-real-time protection against Internet threats
• Integrates with other essential network security tech
• Supports Cisco TrustSec security group tags (SGTs) and •
Extensive stateful inspection engine,
• Site-to-site VPN, NAT, IPv6,
• Dynamic Routing (including BGP)
• HA, Clustering
• Protection from botnets
• Delivers high availability for high-resiliency application
• Change of Authorization (CoA)

The Perimeter is Dead,
Long Live the Perimeter
Steve Hillier
Field Systems Engineer

pe·rim·e·ter
1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s),
periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ

Defense in depth
The principle of defense-in-depth is that layered security
mechanisms increase security of the system as a whole. If an
attack causes one security mechanism to fail, other mechanisms
may still provide the necessary security to protect the system……
Implementing a defense-in-depth strategy can add to the
complexity of an application, which runs counter to the “simplicity”
principle often practiced in security. That is, one could argue that
adding new protection functionality adds additional complexity that
might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth

Perimeter Security Technologies
A long time ago… and then… present day… and now with F5!
Firewalls started out as
proxies
Stateless filters
accelerated firewalls, but
weakened security
Stateful firewalls added
security with deep
inspection, but still fall
short of proxies
F5 brings full proxy back
to firewalls: highest
security matched by a
high-scale and high-performance
architecture
F5 Agility 2014 50

Protecting against Threats is challenging
Webification of apps Device proliferation
71% of internet experts predict
most people will do work via web
or mobile by 2020.
95% of workers use at least
one personal device for work.
130 million enterprises will
use mobile apps by 2014
Evolving security threats Shifting perimeter
58% of all e-theft tied
to activist groups.
81% of breaches
involved hacking
80% of new apps will
target the cloud.
72% IT leaders have or will
move applications to the cloud.
F5 Agility 2014 51

Evolving Security Threat Landscape
F5 Agility 2014 52

More sophisticated attacks are multi-layer
Application
SSL
DNS
Network
F5 Agility 2014 53

Its all about the
Application.

BIG-IP Application Security Manager
BIG-IP ® ASM™ protects the applications your business relies on most and scales
to meet changing demands.
Multiple deployment
options
Visibility and
analysis
Comprehensive
protections
• Standalone or ADC add-on
• Appliance or Virtual edition
• Manual or automatic policy
building
• 3rd party DAST integration
• Visibility and analysis
• High speed customizable syslog
• Granular attack details
• Expert attack tracking
and profiling
• Policy & compliance reporting
• Integrates with SIEM software
• Full HTTP/S request logging
• Granular rules on every HTTP
element
• Client side parameter
manipulation protection
• Response checks for error &
data leakage
• AV integrations
F5 Agility 2014 55

Comprehensive Protections
BIG-IP ASM extends protection to more than application vulnerabilities
L7 DDOS
Web Scraping
Web bot
identification
XML filtering,
validation &
mitigation
XML Firewall
Geolocation
blocking
ICAP anti-virus
Integration
ASM
F5 Agility 2014 56

Network Threats Application
Threats
90% of security investment focused here Yet 75% of attacks are focused here
Attack Vectors
TCP SYN Flood
TCP Conn Flood
DNS Flood
HTTP GET Flood
Attack Vectors
HTTP Slow Loris
DNS Cache Poison
SQL Injection
Cross Site Scripting
F5 Agility 2014 57

Unique full-proxy architecture
WAF WAF
Slowloris atXtaScSk iRule
leakage
iRule
iRule
HTTP
SSL
TCP
HTTP
SSL
TCP
iRule
iRule
iRule
SSL renegotiation
SYN flood
ICMP flood
Data
Network
Firewall
F5 Agility 2014 58

Who’s Requesting Access?
Employees Partner Customer Administrator
Manage access based on identity
IT challenged to:
• Control access based on user-type and role
• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)
• Provide fast authentication and SSO
• Audit and report access and application metrics
F5 Agility 2014 60

Security at the Critical Point in the Network
Physical
Virtual
Cloud
Storage
Total Application Delivery Networking
Services
Clients Remote
access
SSL
VPN
APP
firewall
F5 Agility 2014 61

BIG-IP APM Use Cases
Internet Secure Web Gateway
Accelerated Remote
Access
Internet Apps
Enterprise Data
& Apps
Federation
Cloud, SaaS,
and Partner
Apps
App Access Management
BIG-IP APM
OAM
VDI
Exchange
Sharepoint
F5 Agility 2014 62

Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
F5 Agility 2014 63

Full Proxy Security
Client / Server
Web application
Application
Session
Network
Physical
Application health monitoring and performance anomaly detection
HTTP proxy, HTTP DDoS and application security
SSL inspection and SSL DDoS mitigation
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
Client / Server
Web application
Application
Session
Network
Physical
F5 Agility 2014 65

F5 Provides Complete Visibility and Control
Across Applications and Users
DNS Web Access
Intelligent
Services
Platform
Users
Securing access to applications
from anywhere
Resources
Protecting your applications
regardless of where they live
Dynamic Threat Defense
DDoS Protection
Protocol Security
Network Firewall
TMOS
F5 Agility 2014 66

PROTECTING THE DATA CENTER
Use case
Load
Balancer
Firewall/VPN
• Consolidation of
firewall, app security,
traffic management
Network DDoS
DNS Security
Balancer & SSL
• Protection for data
centers and
application servers
Application DDoS
Web Application Firewall
Load
• High scale for the
most common
inbound protocols
Before f5
with f5
Web Access
Management
F5 Agility 2014 67

F5 Bringing deep application fluency to Perimeter security
One platform
SSL
inspection
Traffic
management
DNS
security
Access
control
Application
security
Network
firewall
EAL2+
EAL4+ (in process)
DDoS
mitigation
F5 Agility 2014 68

How do I implement
perimeter Security with
F5?

Reference Architectures
DDoS
Protection
S/Gi Network
Simplification
Security for
Service
Providers
Application
Services
LTE
Roaming
Migration
to Cloud
DevOps
Secure
Mobility
DNS
Cloud
Federation
Cloud
Bursting
F5 Agility 2014 70

Increasing difficulty of attack detection
DDoS MITIGATION
Presentation Application (7)
Physical (1) Data Link (2) Network (3) Transport (4) Session (5) (6)
Network attacks Session attacks Application attacks
OWASP Top 10 (SQL
Injection, XSS, CSRF,
etc.), Slowloris, Slow
Post, HashDos, GET
Floods
SYN Flood, Connection Flood, UDP Flood, Push and ACK
Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks
BIG-IP ASM
Positive and negative
policy reinforcement,
iRules, full proxy for
HTTP, server
performance anomaly
detection
DNS UDP Floods, DNS Query
Floods, DNS NXDOMAIN Floods,
SSL Floods, SSL Renegotiation
BIG-IP LTM and GTM
High-scale performance, DNS
Express, SSL termination, iRules,
SSL renegotiation validation
BIG-IP AFM
SynCheck, default-deny posture, high-capacity connection
table, full-proxy traffic visibility, rate-limiting, strict TCP
forwarding.
Packet Velocity Accelerator (PVA) is a purpose-built,
customized hardware solution that increases scale by an order
of magnitude above software-only solutions.
OSI
stack
F5 mitigation technologies
OSI
stack
F5 mitigation technologies
F5 Agility 2014 71

®
Solve the Endpoint Security Challenge with Isolation, not Detection
Chris Cram
Security Solutions Architect

74
Agenda
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps

Up 294%
$30B No!
Security Spending — ’05–’14
Are
breaches
going
down?
Up 390%
Malware/Breaches — ’05–’14
Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox

“Anti-virus is
dead. It catches
only 45% of
cyber-attacks.” Brian Dye
SVP,
Symantec
71% of all breaches
are from the
endpoint!
The Endpoint Problem
§ Polymorphic
§ Targeted
§ …
Pattern Matching
§ Only known
§ Many ???
§ Costly remediation
Advanced Threats Ineffective Detection
5
The Problem

§ Polymorphic
§ Targeted
§ Zero Day
Pattern-Matching
§ Only known
§ Many false positives
§ Costly remediation
71% of all breaches
start on the
endpoint!
Advanced Threats Ineffective Detection The Endpoint Problem
Source: Verizon Data Breach Report
4
The Problem

Advanced Attacks Evade Legacy Defenses
Threats
78
Network Detection Based
Firewall IPS Web & Email
Gateways
Endpoint Detection Based
PC
Firewall
PC
Anti-virus

79
$25B
$20B
$15B
$10B
$5B
$0
Citigroup
Washington
Post
Restaurant
Depot
Scribd Ubuntu
Bethesda
Game
Studios
Michael’s
Stores
Virginia LexisNexis
Prescription
Monitoring
Sega
Program
Network
Solutions Betfair
University
of California
Berkeley
Heartland
TD
Ameritrade
Hannaford
Brothers
Supermarket
Monster.
com
Chain
TK/ TJ Maxx
University of
Wisconsin –
Milwaukee
Seacoast
Radiology,
PA
Three
Iranian
banks
KT Corp.
Ohio Medicaid
State
University
Yahoo
Puerto Rico
Department
of Health
Sony Online
Entertainment Southern
California
Medical-Legal
Consultants
Blizzard
RBS
Worldpay
Auction.
com.kr
Virginia
Dept. of
Health
Data
KDDI
Gawker
.com
Drupal
Sony
Pictures
US
Federal
Reserve
Bank of
Clevelan
d
Yahoo
Japan
Central
Hudson
Gas &
Electric
South
Africa
Police
Nintendo
Washington
State court
system
Sony
PSN
San
Francisco
Public
Utilities
Commission
Ankle &
Foot
Center of
Tampa Bay,
Cardsystems
Solutions Inc. Evernote
Writerspace
.com
RockYou!
Living Social
Processors
International
CheckFree
Corporation
Global
Payments
AT&T
Ubisoft
Inc.
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Target
AOL
AOL
NASDAQ
Twitter
Sutherland
Healthcare
Neiman
Marcus
Ebay
Aaron
Brothers
Mac
Rumou
rs
.Com
Neiman
Marcus
Home
Depot
America
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
n
Express
PF
Changs
Paytime
Adobe
Snapch
at
2013
614 reported breaches
91,982,172 records
Recent Security Timeline

80
$25B
$20B
$15B
$10B
$5B
$0
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Breaches
Starting from
the Endpoint
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
2013
614 reported breaches
91,982,172 records
Recent Security Timeline

Bromium—Pioneer and Innovator
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
8 © 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

82
Core Technology
Hardware isolates
each untrusted
Windows task
Lightweight, fast,
hidden, with an
unchanged native UX
Microvisor
Based on Xen with
a small, secure
code base
Industry-standard
desktop, laptop
hardware
Hardware
Virtualization
Hardware Security
Features

Isolate all end user tasks –
browsing, opening emails,
files…
Utilize micro-virtualization and
the CPU to hardware isolate
Across major threat vectors—
Web, email, USB, shares…
Seamless user experience
on standard PCs
83
How Bromium Solves The Problem

Bromium vSentry
OS
Anti-virus,
sandbox and
other security
tools
OS Kernel
§ Today’s signature
and behavioral
techniques miss
many attacks
§ They almost always
leave endpoints
corrupted, requiring
re-imaging
Hardware-isolated
Micro VMs
§ All user tasks and
malware are isolated
in a super-efficient
micro-VM
§ All micro-VMs
destroyed, elimi-nating
all traces of
malware with them
Hardware
Applications
tab
tab
OS Hardware
Traditional Endpoint Security
O
S
O
S
O
S
O
S
10
Different from Traditional Security

LAVA Understanding the Kill Chain
WHO
Is the Target
WHERE
Is the Attacker WHAT
Is the Goal
WHAT
WHAT
Is the Intent
Is the Technique

Java Legacy
App Support
Off Net Patching
Laptop Users
High Value
Targets
Threat
Intelligence
Secure
Browsing
12
Use Cases

87
Why Customers Deploy Bromium
Defeat Attacks
§ Eliminate compromises on the endpoint
§ Deliver protection in the office or on the road
Streamline IT
§ Reduce operational costs
§ Dramatically increase IT productivity
Empower End Users
§ Remove the burden of security from users
§ Enable users to click on anything…
anywhere

Summary
The attack landscape has fundamentally changed;
perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective;
endpoint is the weakest link
Bromium is redefining endpoint
security with micro-virtualization
Enormous benefits in defeating attacks,
streamlining IT and empowering users

Beyond Compliance
Rob Stonehouse – Chief Security Architect

The Rush To Compliance
“We have to be compliant!”

What Do We Know?
• The Internet wants all your
information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on
anything
…It is going to get worse

20+ Years of Monitoring
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose

The Problem
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues

What is The Answer?
Visibility

Get The Help You Need
You Can No Longer Do This Alone

Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security

Scalar discovered what they overlooked.

Changing Tactics

The way you look at security needs to change.

SIEM
100

Improved Intelligence
Scalar has the tools and experience to manage security
The SIEM is the heart and brain of the SOC. It moves
data around in a quickly complex and technical analyses landscape.
it with continually
updated intelligence.
Users
Servers End Points
Firewalls IPS VS AV/AM/AS
SIEM SOC Tools
Scalar SOC

What is SIEM?
A solution which gathers, analyzes, and presents
security information.
• Log Management
• Security Event Correlation and Analysis
• Security Alerting & Reporting

Reporting
Quickly Identify Patterns of Activity, Traffic, and Attacks

Managed SIEM & Incident Response
Real-time security event monitoring and intelligent
incident response
• 24 x 7 Security Alert & System Availability Monitoring
• Security Incident Analysis & Response
• Infrastructure Incident, Change, Patch, and Configuration
Management

What should I look for in a provider?
• Breadth and Depth of Technical Capability
• Flexibility in Deployment, Reporting, and Engagement Options
• Experience with Customers in Diverse Industries
• A Partner Model

Getting Started
106

Proof of Value
4 Week Trial
• Dashboard for Real-time Data
• Weekly Security Report
• Detailed Final Summary Report
• Seamless Continuation into Full Service

You decide how we fit

Recap
• Reduce complexity – simplify
• Apply security at the infrastructure, applications and endpoint
• Augment technology with people and process
• Spend on security vs. compliance
• Gain visibility through effective security operations

What’s Next?
Looking for more information on security?
Rob Stonehouse, Scalar’s Chief Security Architect, discusses
security beyond our compliance on the Scalar blog here.

Connect with Us!
@scalardecisions
facebook.com/scalardecisions
linkedin.com/company/scalar-decisions
slideshare.net/scalardecisions

Scalar Security Roadshow - Ottawa Presentation

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (11)

Similar to Scalar Security Roadshow - Ottawa Presentation

Similar to Scalar Security Roadshow - Ottawa Presentation (20)

More from Scalar Decisions

More from Scalar Decisions (19)

Recently uploaded

Recently uploaded (20)

Scalar Security Roadshow - Ottawa Presentation