Eagle Rock Energy began an advanced malware detection program to upgrade their security infrastructure due to limited previous capabilities and the need to secure remote systems. They identified threats, developed tactics and policies, and implemented products in a specific order to first control network access, then restrict threats, prevent infections, and monitor the environment. Products implemented included ForeScout for network access control, McAfee Web Gateway, Advanced Threat Defense, Intrusion Prevention System, Vulnerability Manager, and Security Information and Event Management. Regular executive reports were produced to communicate security status to non-technical leadership.
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
This infographic highlights the key findings from the survey "Examining the Impact of Security Management on the Business" which includes responses from 240 infosecurity, networking and application development professionals from more than 50 countries on topics such as how long does it take to deploy a new application in the data center, how long does it take to make application connectivity changes, how do you want to prioritize risk, what's the chance of outage or disruption when migrating applications to the cloud, and much more
Penetration Testing actively attempts to exploit vulnerabilities and exposures in the customer environment. You can learn more about the value and the outcomes of this services.
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
“The only thing constant is change” dates back to 500 BC, but it has never rung more true when it comes to managing your network security policy. Bombarded by an onslaught of changes resulting from new applications, emerging threats and network re-architectures, security professionals struggle with manual processes as they sift through hundreds and often thousands of firewall rules and access lists. The result: slow response to business requests, and costly mistakes that cause outages and introduce risk.
This presentation covers:
· Common risks to avoid when making changes to your network security devices
· How to better understand business requirements from the network security perspective
· How to accelerate change requests and ensure security and compliance using automation
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat.
Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack.
In this webinar Professor Wool will discuss:
• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance
Examining the Impact of Security Management on the Business (Infographic)AlgoSec
This infographic highlights the key findings from the survey "Examining the Impact of Security Management on the Business" which includes responses from 240 infosecurity, networking and application development professionals from more than 50 countries on topics such as how long does it take to deploy a new application in the data center, how long does it take to make application connectivity changes, how do you want to prioritize risk, what's the chance of outage or disruption when migrating applications to the cloud, and much more
Penetration Testing actively attempts to exploit vulnerabilities and exposures in the customer environment. You can learn more about the value and the outcomes of this services.
Shift Happens: Eliminating the Risks of Network Security Policy ChangesAlgoSec
“The only thing constant is change” dates back to 500 BC, but it has never rung more true when it comes to managing your network security policy. Bombarded by an onslaught of changes resulting from new applications, emerging threats and network re-architectures, security professionals struggle with manual processes as they sift through hundreds and often thousands of firewall rules and access lists. The result: slow response to business requests, and costly mistakes that cause outages and introduce risk.
This presentation covers:
· Common risks to avoid when making changes to your network security devices
· How to better understand business requirements from the network security perspective
· How to accelerate change requests and ensure security and compliance using automation
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat.
Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack.
In this webinar Professor Wool will discuss:
• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance
Savvius Vigil is the first network appliance able to intelligently store months of packet-level information to enhance security investigations. Savvius Vigil integrates with your existing SIEM platform to examine packets related to a breach weeks or months after the incident occurred. This information is often vital to a full understanding of the threat.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Colin Robbins, Managing Consultant from Qonex, looks at the government-backed scheme and gives a basic guideline on how SME’s can achieve Cyber Essentials.
First presented at the East Midlands Cyber Security Conference and Expo.
For more cyber security resources visit www.qonex.com
A single change to a network device can have a far reaching effect on your business. It can create security holes for cyber criminals, impact your regulatory audit, and even cause costly outages that can bring your business to a standstill – as we have recently seen in the news!
This technical webinar will walk you a variety of use cases where device misconfigurations typically occur, including a basic device change, business application connectivity changes, and data center migrations. It will provide both best practices and demonstrate specific techniques to help you understand and avoid misconfigurations and ultimately prevent damage to your business, including how to:
* Understand and map your enterprise infrastructure topology before you make a change
* Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole
* Common mistakes to avoid when making changes to your network security devices
* How to better understand business requirements from the network security perspective
Put out audit security fires, pass audits -every time AlgoSec
Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s harder than ever to keep up.
Firewall management and network security policies are critical components in achieving compliance. Firewall audits are complex and demanding and documentation of current rules is lacking. There’s no time and resources to find, organize, and inspect all your firewall rules. Instead of being proactive and preventative, network security teams are constantly putting out fires.
In this webinar, you will learn:
• The golden rules for passing a network security audit
• Best practices to maintain continuous compliance
• How to conduct a risk assessment and fix issues
Learn how to prevent fires and pass network security audits every time.
Tal Dayan, AlgoSec’s product manager, will reveal the Firewall Audit Checklist, the six best practices to ensure successful audits.
By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies.
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
You face an increasing number of cyber threats that are difficult to detect and defeat. Beating them might seem like Mission: Impossible. It's not.
Palo Alto Networks and Splunk with their next-generation, best-of-breed technologies have developed a joint solution to make defeating these threats Mission: Possible. Join us on Tuesday, June 30, in Santa Clara for a workshop providing hands-on exposure to both technologies. You'll walk away knowing how to:
Prevent known and unknown threats at both the network and endpoint through a wide range of integrated technologies including: firewall, application visibility and control, cloud-based malware analysis, advanced endpoint protection, mobile workforce security, and data loss prevention (Palo Alto Networks)
Harness all the raw log files and event data generated by any user, system, or application in your IT infrastructure (aka "big data") to quickly perform Security Information Event Management (SIEM)-like use cases including: advanced threat and anomaly detection, incident investigations and forensics, and security/compliance reporting and analytics (Splunk)
Automatically pass data on threats from Splunk to Palo Alto Networks to enable automated remediation
Are you a security or networking professional looking to get hands-on experience with these next-generation technologies? Don't let your network self-destruct.
Presenter: Sharon Besser - VP of Technology, Net Optics
Today’s advanced network security threats are growing in complexity, scale and scope. Highly co-ordinated resources and activities are being leveraged to assault today’s networks with unprecedented speed and agility—a new paradigm in network security monitoring is required in order for organizations to adapt and respond to these threats.
In this presentation, Net Optics VP of Technology & Solutions Sharon Besser defines the next generation approach to security utilizing security-centric SDN, and provides concrete steps organizations must take with their network security and monitoring.
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
Migrating applications to the cloud or to another data center is a complex and risky process. First, you need to understand the applications you are currently running (application discovery). Then, you need to define and map the existing application connectivity flows (pre-migration), so that you can easily reestablish them post-migration.
If done manually, this is a difficult and time-consuming process, and a single mistake can cause outages, compliance violations and create holes in your security perimeter.
Understanding the migration destination is just as important; cloud security architecture is fundamentally different from physical networks, and it is extremely difficult to translate the network connectivity flows to the cloud security controls and then manage network security policies cohesively across the entire hybrid enterprise environment. All in all, migrating application connectivity is a complex, tedious and error-prone process that can take months and often compromises security, compliance and business agility.
In this webinar, Avivi Siman-Tov, Product Manager at AlgoSec, will explore how to simplify and accelerate large-scale complex application migration projects, while making security a priority.
Attend this webinar to discover best practices to:
- Automatically discover applications and their existing connectivity flows
- Analyze, simulate and compute the necessary changes – even between different network security technologies such as traditional firewalls and cloud security groups
- Execute the necessary firewall rule changes, and mass-migrate relevant connectivity flows
- Assess the risk and ensure compliance throughout the migration process
- Deliver unified security policy management across the hybrid enterprise cloud environment
7 Security Requirements to Accelerate Cloud AdoptionProtectWise
Learn how you can safely move to the Cloud without the drawbacks of other approaches. Say no to network redesign, and appliance and solution sprawl. Say yes to a happy DevOps team, scale, high availability, lower costs, and a single forensic haystack for cloud and hybrid environments. All possible because of The ProtectWise Grid.
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
Do you think it requires an advanced degree to initiate an advanced security attack? Think again. Tool kits are readily available for immediate download that guide those with even just basic computer skills through the steps to initiate complex network attacks. But all hope is not lost. One of the best defenses is readily available in the market today – network recorders with network forensics – and when combined with the appropriate visibility fabric architecture, these solutions defend against attacks on even the fastest networks available today.
Join WildPackets and Gigamon as we explore the current state of network attacks, network vulnerabilities, and the solutions available to combat the most aggressive, and the most subtle, attacks.
Presentation on current security trends, prevention and detection. This presentation was initially given at a WatchGuard partner event for Equinox IT. http://www.equinoxits.com/
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
Learn what nearly 1000 IT security professionals have to say about vulnerability management. Based on the findings of a Skybox global survey, see what works and what doesn't in vulnerability assessment, prioritization, and remediation, and how you can improve your program today. Learn the benefits of creating a formal policy that fits your organization, how to assess risk within the context of your organization, and how to create a mature program with continuous security to neutralize risk every day.
Presentations from the Toronto Stop of the Scalar Security Roadshow on March 4, covering technologies from Palo Alto Networks, F5, Splunk, and Infoblox.
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
Delivered as a webinar, this slide deck provides best practices for gaining total visibility of your attack surface and ways to manage and reduce your risk, network vulnerabilities, and potential breaches
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Savvius Vigil is the first network appliance able to intelligently store months of packet-level information to enhance security investigations. Savvius Vigil integrates with your existing SIEM platform to examine packets related to a breach weeks or months after the incident occurred. This information is often vital to a full understanding of the threat.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Colin Robbins, Managing Consultant from Qonex, looks at the government-backed scheme and gives a basic guideline on how SME’s can achieve Cyber Essentials.
First presented at the East Midlands Cyber Security Conference and Expo.
For more cyber security resources visit www.qonex.com
A single change to a network device can have a far reaching effect on your business. It can create security holes for cyber criminals, impact your regulatory audit, and even cause costly outages that can bring your business to a standstill – as we have recently seen in the news!
This technical webinar will walk you a variety of use cases where device misconfigurations typically occur, including a basic device change, business application connectivity changes, and data center migrations. It will provide both best practices and demonstrate specific techniques to help you understand and avoid misconfigurations and ultimately prevent damage to your business, including how to:
* Understand and map your enterprise infrastructure topology before you make a change
* Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole
* Common mistakes to avoid when making changes to your network security devices
* How to better understand business requirements from the network security perspective
Put out audit security fires, pass audits -every time AlgoSec
Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s harder than ever to keep up.
Firewall management and network security policies are critical components in achieving compliance. Firewall audits are complex and demanding and documentation of current rules is lacking. There’s no time and resources to find, organize, and inspect all your firewall rules. Instead of being proactive and preventative, network security teams are constantly putting out fires.
In this webinar, you will learn:
• The golden rules for passing a network security audit
• Best practices to maintain continuous compliance
• How to conduct a risk assessment and fix issues
Learn how to prevent fires and pass network security audits every time.
Tal Dayan, AlgoSec’s product manager, will reveal the Firewall Audit Checklist, the six best practices to ensure successful audits.
By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies.
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
You face an increasing number of cyber threats that are difficult to detect and defeat. Beating them might seem like Mission: Impossible. It's not.
Palo Alto Networks and Splunk with their next-generation, best-of-breed technologies have developed a joint solution to make defeating these threats Mission: Possible. Join us on Tuesday, June 30, in Santa Clara for a workshop providing hands-on exposure to both technologies. You'll walk away knowing how to:
Prevent known and unknown threats at both the network and endpoint through a wide range of integrated technologies including: firewall, application visibility and control, cloud-based malware analysis, advanced endpoint protection, mobile workforce security, and data loss prevention (Palo Alto Networks)
Harness all the raw log files and event data generated by any user, system, or application in your IT infrastructure (aka "big data") to quickly perform Security Information Event Management (SIEM)-like use cases including: advanced threat and anomaly detection, incident investigations and forensics, and security/compliance reporting and analytics (Splunk)
Automatically pass data on threats from Splunk to Palo Alto Networks to enable automated remediation
Are you a security or networking professional looking to get hands-on experience with these next-generation technologies? Don't let your network self-destruct.
Presenter: Sharon Besser - VP of Technology, Net Optics
Today’s advanced network security threats are growing in complexity, scale and scope. Highly co-ordinated resources and activities are being leveraged to assault today’s networks with unprecedented speed and agility—a new paradigm in network security monitoring is required in order for organizations to adapt and respond to these threats.
In this presentation, Net Optics VP of Technology & Solutions Sharon Besser defines the next generation approach to security utilizing security-centric SDN, and provides concrete steps organizations must take with their network security and monitoring.
Movin' On Up to the Cloud: How to Migrate your Application Connectivityshira koper
Migrating applications to the cloud or to another data center is a complex and risky process. First, you need to understand the applications you are currently running (application discovery). Then, you need to define and map the existing application connectivity flows (pre-migration), so that you can easily reestablish them post-migration.
If done manually, this is a difficult and time-consuming process, and a single mistake can cause outages, compliance violations and create holes in your security perimeter.
Understanding the migration destination is just as important; cloud security architecture is fundamentally different from physical networks, and it is extremely difficult to translate the network connectivity flows to the cloud security controls and then manage network security policies cohesively across the entire hybrid enterprise environment. All in all, migrating application connectivity is a complex, tedious and error-prone process that can take months and often compromises security, compliance and business agility.
In this webinar, Avivi Siman-Tov, Product Manager at AlgoSec, will explore how to simplify and accelerate large-scale complex application migration projects, while making security a priority.
Attend this webinar to discover best practices to:
- Automatically discover applications and their existing connectivity flows
- Analyze, simulate and compute the necessary changes – even between different network security technologies such as traditional firewalls and cloud security groups
- Execute the necessary firewall rule changes, and mass-migrate relevant connectivity flows
- Assess the risk and ensure compliance throughout the migration process
- Deliver unified security policy management across the hybrid enterprise cloud environment
7 Security Requirements to Accelerate Cloud AdoptionProtectWise
Learn how you can safely move to the Cloud without the drawbacks of other approaches. Say no to network redesign, and appliance and solution sprawl. Say yes to a happy DevOps team, scale, high availability, lower costs, and a single forensic haystack for cloud and hybrid environments. All possible because of The ProtectWise Grid.
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
Do you think it requires an advanced degree to initiate an advanced security attack? Think again. Tool kits are readily available for immediate download that guide those with even just basic computer skills through the steps to initiate complex network attacks. But all hope is not lost. One of the best defenses is readily available in the market today – network recorders with network forensics – and when combined with the appropriate visibility fabric architecture, these solutions defend against attacks on even the fastest networks available today.
Join WildPackets and Gigamon as we explore the current state of network attacks, network vulnerabilities, and the solutions available to combat the most aggressive, and the most subtle, attacks.
Presentation on current security trends, prevention and detection. This presentation was initially given at a WatchGuard partner event for Equinox IT. http://www.equinoxits.com/
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
Learn what nearly 1000 IT security professionals have to say about vulnerability management. Based on the findings of a Skybox global survey, see what works and what doesn't in vulnerability assessment, prioritization, and remediation, and how you can improve your program today. Learn the benefits of creating a formal policy that fits your organization, how to assess risk within the context of your organization, and how to create a mature program with continuous security to neutralize risk every day.
Presentations from the Toronto Stop of the Scalar Security Roadshow on March 4, covering technologies from Palo Alto Networks, F5, Splunk, and Infoblox.
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
Delivered as a webinar, this slide deck provides best practices for gaining total visibility of your attack surface and ways to manage and reduce your risk, network vulnerabilities, and potential breaches
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Présentation des patronages par Le Père Henry de Penfentenyo, de la congrégation Saint Vincent de Paul, lors du 11e Forum de la Pastorale des Jeunes du diocèse de Bayonne, Lescar et Oloron du 14/01/2017.
Módulo "Santiago Matamoros" capítulos 1-23, Parte II
"Descubre Don Quijote de la Mancha" es un curso masivo en línea (MOOC) que tiene como objetivo presentar la mejor novela en español, a través de una serie de vídeos cortos y recursos digitales. En el Módulo "Santiago Matamoros", el profesor Eric C. Graf explica los capítulos 1 al 23 de la segunda parte del libro.
Eric C. Graf es catedrático de literatura en la Universidad Francisco Marroquín. Se doctoró en literatura española en la Universidad de Virginia, sus áreas de especialización incluyen: literatura española medieval y moderna, filosofía renacentista, historia de la novela y teoría literaria, política, cultural y económica.
Créditos:
Una producción de New Media | UFM 2015
www.ufm.edu
www.newmedia.ufm.edu
donquijote.ufm.edu
Módulo "San Martín de Tours" capítulos 24-47, Parte II
"Descubre Don Quijote de la Mancha" es un curso masivo en línea (MOOC) que tiene como objetivo presentar la mejor novela en español, a través de una serie de vídeos cortos y recursos digitales. En el Módulo "San Martín de Tours", el profesor Eric Clifford Graf explica los capítulos 24 al 47 de la segunda parte del libro.
Eric Clifford Graf es catedrático de literatura en la Universidad Francisco Marroquín. Se doctoró en literatura española en la Universidad de Virginia, sus áreas de especialización incluyen: literatura española medieval y moderna, filosofía renacentista, historia de la novela y teoría literaria, política, cultural y económica.
Créditos:
Una producción de New Media | UFM 2015
www.ufm.edu
www.newmedia.ufm.edu
donquijote.ufm.edu
The financial industry ranks 2nd behind the entertainment industry with 1,386 confirmed data breaches – 795 of those with confirmed data loss. To address this threat, the FFIEC Cybersecurity Assessment Tool (CAT) is compiled of a framework that is now becoming the industry cybersecurity standards. Although the CAT tool is not a 2017 requirement, passing your audit is.
In this webinar we’ll discuss: - Navigating your “must have” cybersecurity technology – keeping it lean like your team!
How to jump start compliance with FFIEC audits
Best practices for network access control & plugging potential cybersecurity gaps.
Secure Your WordPress Site - And Your BusinessStacy Clements
You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right? Think again! Security incidents are on the rise, and small businesses are easy targets. You may not have a lot of money to invest, but you can learn a framework to help you get a better grasp on security for your website and your business.
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
Rising network complexity and increased demands on business agility are rapidly hindering the traditional approach to managing security policies. The Security policy management maturity model can help you better understand your current network environment and provide you with a roadmap for improving both your security AND agility. Learn:
- The four stages of the maturity model
- How to compare your environment to the different stages
- Tips for orchestrating security policy management
- Real-life examples of benefits achieved by "moving up the curve"
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
This presentation examines next-generation firewalls, and provides practical advice on how to effectively and efficiently manage policies in a multi-product and even multi-vendor, defense-in-depth architecture.
By watching this webcast you will learn answers to the following questions:
-What constitutes a next-generation firewall and what problems does it solve?
What are the deployment options for next-generation firewalls?
What do policies in a defense-in-depth architecture look like?
How can you efficiently manage next-generation firewalls AND traditional firewall policies?
And much more
O Sophos XG Firewall traz uma nova abordagem na forma de gerenciar o seu firewall, responder às ameaças e monitorar o que acontece na sua rede. Prepare-se para um novo nível de simplicidade, segurança e percepção.
Learn how to overcome security challenges, such as: identity theft, spoofed transactions, DDoS business disruption, criminal extortion and more. You'll learn how a security strategy promotes confidence in the cloud.
Because many organizations don't perform security unless they have to, more than 80% of all web applications are being exposed to vulnerabilities. In comes regulation. There are a number of different industries other than financial and healthcare that deal with PII and PHI but are either not regulated at all or are regulated very loosely. This presentation will discuss the various regulations (PCI, SOX, HIPAA, etc.) and what each does to address web application security, if any, as well as the shortcomings of each. Finally, it will further address industries that need to be more strictly regulated in order to better protect personal information.
Andrew Weidenhamer, Senior Security Consultant, SecureState
Andrew Weidenhamer, Senior Security Consultant, joined SecureState in January 2008. As a former member of the Profiling Team, Andrew performed technical security assessments on a weekly basis. These assessments included Internal and External Attack and Penetration Assessments, Wireless Penetration Assessments, Web Application Security Reviews, Physical Penetration Tests, and Social Engineering Assessments.
4. McAfee Confidential
.
Why Eagle Rock Energy
Began the Advanced
Malware Detection Program
• Who we are
• Why we needed to upgrade our
security infrastructure
4
5. McAfee Confidential
.
Integration and Security Before Upgrades
Why Eagle Rock Energy Began the
Advanced Malware Detection Program
55
Network Core
MDM
Stealth
Watch
Desktop
/Laptops
McAfee
Global Threat
Intelligence
Field and DC Network Data
Mobile Devices
Corp Network
Servers
IPS
McAfee ePO
WebSense
TrenMicro E-
Mail SAAS
Firewall/VPN
IPS
6. McAfee Confidential
.
Why Eagle Rock Energy
Began the Advanced
Malware Detection Program
• Limited capabilities
• Requirement for remote Supervisory Control
and Data Acquisition (SCADA) and Plant
Controls Network (PCN)
6
7. McAfee Confidential
.
Identify Threats and Risks
• Performing a security assessment
• Understanding and identifying current threats
and risks
• Deciding on an approach to user training
7
8. McAfee Confidential
.
Tactics, Techniques, and Procedures
• Developing Tactics, Techniques, and Procedures (TTPs)
• Developing key processes and policies
1. Critical Event Process
2. Acceptable Use Policy
3. User Access Policies
4. Guest Access Policy
5. Internet Content Policy
6. Email Filtering Policy
8
9. McAfee Confidential
.
Identify Products and Deployment Order
• Deciding on a solution
• Holistic approach
• Align products with threats and risks
• Order of implementation
• Control
• Restrict
• Prevent
• Monitor
9
Control
Restrict
Prevent
Monitor
10. McAfee Confidential
.
Network Access Control –
ForeScout CounterACT
• Implementation
• Easy implementation robustness and simple
integration with other McAfee products. ForeScout
gave instant visibility into the network with little
configuration without the requirement of 802.1X
and management of supplicant addresses.
• Best Practices
• Organizational policy enforcement
• Accurate device clarification and classification policy
• Challenges
• Lack of policy and policy enforcement
• Benefits
10
11. McAfee Confidential
.
McAfee Web Gateway
• Implementation
• Hybrid configuration
• McAfee Client Proxy (MCP) through ePolicy
Orchestrator (ePO)
• Advanced Threat Defense Integration
• Best Practices
• Hybrid deployment
• MCP managed through ePO
• Challenges
• Policy imports from previous web appliance
• Hybrid deployment
• Benefits
11
12. McAfee Confidential
.
McAfee Advanced Threat Detection
• Implementation
• Integrated with Web Gateway
• Integrated with Intrusion Prevention System (IPS)
• VM’s built Windows XP, Windows 7 32&64bit,
Windows 8 32&64bit, Server 2003, Server 2008
• Best Practices
• Stager the licenses count for Virtual Machines (VMs)
to best match your environment
• Benefits
12
13. McAfee Confidential
.
McAfee Intrusion Prevention System
and Network Security Manager
• Implementation
• Host Intrusion Prevention System (HIPS)/
ePO Integration
• McAfee Vulnerability Manager Integration
• High Availability with fail open kits
• Best Practices
• Deploy in simulated blocking until events have
been scrutinized
• Challenges
• Determine what traffic is malicious,
misconfigured, or by design
• Benefits
13
14. McAfee Confidential
.
McAfee Vulnerability Manager
• Implementation
• Manager with remote scanners
• Integrated with ePO, IPS, and Security Information
and Event Management (SIEM)
• Best Practices
• Use remote scanners
• Challenges
• Scan reports
• Turning off scan criteria
• Benefits
14
15. McAfee Confidential
.
McAfee Security Information
and Event Management
• Implementation
• Event receivers in each data center
• Integration with IPS, MVM, and ePO
• Best Practices
• Understand which devices will provide events
• Challenges
• Amount data points
• Configuring data sources on event receivers
• Benefits
15
17. McAfee Confidential
.
Integration and Security Before Upgrades
Conclusion
17
Network Core
MDM
Stealth
Watch
Desktop
/Laptops
McAfee
Global Threat
Intelligence
Field and DC Network Data
Mobile Devices
Corp Network
Servers
IPS
McAfee ePO
WebSense
TrenMicro E-
Mail SAAS
Firewall/VPN
IPS
18. McAfee Confidential
.
Integration and Security After Upgrades
Conclusion
18
Network Core
MDM
Stealth
Watch
Desktop
/Laptops
McAfee
Global Threat
Intelligence
Field and DC Network Data
Mobile Devices
Corp Network
Servers
Web
Gateway
IPS
SIEM-
Single Pane of Glass
for Events
McAfee ePO
MVM
ATD
NAC
McAfee
Web Gateway
SAAS
Firewall/VPN
McAfee
E-Mail SAAS
19. McAfee Confidential
.
Questions & Answers
19
Rate This Session!
From the FOCUS App select session
#241 Building an Advanced Malware Defense Program—
Process and Technology Best Practices
Post-conference, Access Presentations at:
www.mcafee.com/focus14
Password: Empowering14
Anthony Hopkins: Anthony has been in the IT industry for about 12 years. He spent 7 of those years in the US Army as a soldier deploying tactical communication systems. He also spent about 3 years in the US Army Civil Service training providing network and security support to combat brigades deploying to a combat zone and while in combat operations. He recently made the transition to the private sector joining Eagle Rock Energy where he brings some of the tactics, techniques and procedures used in the DOD to an enterprise network. He holds multiple industry certifications in ITIL, CompTia, Cisco and ISC2.
Eagle Rock Energy at the time was a Midstream and Upstream Oil and Gas business with SOX compliance we are currently and pure play Upstream business with SOX compliance after the divestiture of our Midstream business.
Are security posture prior to upgrades was minimal and had the basic policies which included a user AUP and web content restrictions. Our hardware was Cisco ASA’s and one Cisco ASA with SSM-20 IPS module at our Houston data center and LanCope Stealth Watch only located at our Houston data center all other locations with internet access was only protected with an ASA. LanCope Stealth Watch include the SMC, Flow Collector, Flow Sensor and virtual Flow Sensors on all ESX hosts this provide us much needed insight into the infrastructure and the data traversing it. We were able to discover a lot of the suspicious traffic flows but, we had limited reaction capabilities.. The security software included Varonis, McAfee ePO, WebSense and Trend Micro SAAS. Varonis was deployed in our Houston data center which monitors and audits all file and folder access.
McAfee ePO was deployed to the entire organization which included VSE only. We later started deploying McAfee Deep Defender, Host Intrusion Prevention System and Drive Encryption which was just prior to the purchase of our security upgrades. WebSense provided us with internet content restrictions. Trend Micro SAAS was providing are SPAM and e-mail security.
With these limited capabilities and our growing mobile computing environment, as well as the business aggressively moving towards a centralization of plant operations and remote access. Remote access was required for plant operators and for third party support to assist with plant operations and troubleshooting as well as access to the SCADA infrastructure. With us having to expose our SCADA and PCN enclaves to corporate infrastructure “OUTSIDERS” it had greatly increased our security risks even though they were firewalled off.
The new SCADA and PCN exposer and the visibility we gained from StealthWatch painted a grim picture for us. We are beyond the days where a good firewall will prevent the unwanted. We realized that we would need a more robust and proactive security solution that was able to be managed by a small support staff.
Knowing that just buying some products would increase our overall security posture but, we needed to take more holistic manageable approach. We started by taking everything back to baseline and performing a security assessment.
A security assessment is a document used to provide a realistic assessment of risk and understanding of threats and vulnerabilities of a system or organization.
document all the software and hardware and their functions in use on the infrastructure
established and ensure all network documentation was updated with current network diagrams
Understand the business and their role
Once you understand how the business operates and how it operates during daily operations you then are able to piece together the threats and risks the business will face.
List all threats
List all risks
Rank the threats and risks from most probable to least
Align current software and hardware mitigations with threats and risks
We would be only as strong as our weakest link which was user education. User training began and occurs on a annual basis by instilling the fundamentals of cyber security, this helped to enforce and keep a security state of mind while at work or at home.
Cyberspace is the new battlefield that we are all apart of, we had to develop our tactics, techniques and procedures to combat threats we are facing as an Oil and Gas company. These threats range from Criminal, Radical Politics, Hacktivists, State-Sponsored/Developed and Mischievous entities.
With Advanced Persistent Threats and malware it is possible for an attacker to exfiltrate data, monitor user activity, modify data and cause havoc without anyone knowing. This can cause a huge financial loss, PII loss, brand recognition and possible death (In the Oil and Gas industry if an attacker is able to gain access to a plant controls network they may be able to alter valve controls or possibly cause the operator to make a change based on pressure readings that he may have not normally done causing a possible blowout). Our strategy comes down to traffic normalization and what is beyond. We had to understand what network traffic was legitimate, misconfigured and malicious. Once traffic is categorized we are able to proactively identify events and mitigate.
Developing and refining current process and policies was a critical task. Without the proper process’s and policies the IT department can lack the appropriate authority to disconnect users. Policies also ensure that all users comply with certain a level of expectation. Since we doing such a large overhaul of our security infrastructure it required a overhaul on the policies as well.
One of the process and policies we created were reaction based on critical events which enabled us to define what was a critical event, how would we react to that event, to what level of reaction would the event require and who would have to be notified. This simple process ensured that we have the right amount of support based on impact which increases administrative productivity.
Some of the other processes and policies we created and refined are internet content restrictions, application restrictions, user access/AUP, guest access/registration, vulnerability management/remediation, external e-mail content, attachment restrictions and a security baseline that systems should have prior to network connectivity.
Once we determined what our most critical threats and current capabilities are, we were able to find where our security gaps were. Next we had to select products that would close those gaps and provide a holistic approach to security. Some of the criteria we were looking for was integration, robustness and effectiveness. Since there were many holes based on our security assessment it required for some replacement of existing products and the introduction of new products to combat current threats and risks. We also knew that just throwing security products inline was not the master fix although it would increase our overall security posture it would not necessarily be an integrated solution. Without a integrated solution the support team would constantly be bouncing between security consoles which can be cumbersome and dangerous with the lack of event correlation.
Products we purchased
ForeScout CounterACT
McAfee Web Gateway
McAfee E-Mail Gateway
McAfee IPS and NSM
McAfee ATD
McAfee Vulnerability Manager
McAfee SIEM
We chose a specific path of implementation to control, restrict, prevent and monitor systems and events.
We started with ForeScout CounterACT to allow us to discover the types of devices on the network to begin our classification, clarification and comply policies.
We then replaced our WebSense product for the McAfee Web Gateway to continue our web content inspection as well as enhance our malware detection capabilities we also setup in hybrid mode to provide proxy capabilities for mobile clients
We integrated ATD into Web Gateway to improve malware detection
We changed our SAAS provider from Trend Micro to McAfee for E-Mail (We are in the process of switching to E-Mail Gateway’s on premise hybrid solution)
Installed all IPS locations and integrated into ATD
Installed MVM and integrated into ePO and IPS
Installed SIEM
Part of building a well rounded security solution revolved around network access control. We chose ForeScout CounterACT as our NAC for its easy implementation robustness and integration in the McAfee product line. ForeScout allowed us to get instant visibility into what devices were on the network with little configuration and without the requirement of DOT1X and management of supplicant address’s.
We deployed a HA pair of CT-2000’s in our Dallas and Houston data center and a manager in our Houston data center. We chose this deployment method do to the fact it would reduce the overall cost of the solution and all of our traffic flows through either data center. This deployment method also allows us to leverage the IDS/IPS capabilities within ForeScout for a added layer of protection as well as its use of honey pots.
We had a lot of issues which were mostly do to lack of policy and policy enforcement with remote sites adding additional network devices, computers, phones, etc. without notification to the corporate office. With the new corporate process’s and policies in play enabled us to leverage ForeScout to ensure these standards were enforced. We are able to also ensure that when a machine connects to the infrastructure that it meets our desired security posture if not the machine is forced into automatic remediation.
We are also able to control guest access and provided a captive self registration page for guest access request. This process gave us the visibility of who is connecting to the network, who approved it and for the length of time access was granted.
Some of the challenges we faced deploying the NAC solution came down to executive support, which in some cases if a senior management or business essential personnel’s computer did not meet compliance requirements it would be automatically transitioned into a remediation VLAN for automatic remediation, until this process completes the user would have limited access to infrastructure services. This sometimes resulted in the bypassing of the automatic remediation process prior to connectivity to do a online non intrusive (best that we can do) remediation and wait until there was a better time.
Some of the benefits we gained was visibility into the remote sites and allowed us to pinpoint where devices where connected and what the compliance level of that device is. This automates some of the desktop support functions freeing them up for other tasks
Web Defense is a huge battle ground sifting through the thousands of web request per second to filter web content, applications, scan for malware, prevent zero day attacks and have the content presented to the end user with little to no delay. We installed Web Gateway with a hybrid central management deployment. We have four appliances deployed, two in our Houston data center and two in our Dallas data center. We are utilizing MCP deployed through EPO to manage proxy and SAAS selection based on best response time. While clients are on premise MCP will pick the best responding proxy and while off premise it will roll over to the SAAS solution. For clients that are not necessarily EPO managed/domain managed we forced a WCCP redirection which included BYOD and guest access and all subnets in the event there was a MCP failure.
We have ATD integrated into Web Gateway providing us with an enhanced malware detection engine. Some of the challenges we had were how much malware data we were going to let the ATD box process vs letting the built GAM engine in the Web Gateway process.
Some of the challenges we faced were some of the policy transitions from WebSense to the new McAfee Web Gateway which required some manual policy creation. This allowed us comb through our policies ensuring that there was no duplication of rules or if there was a better way to apply it on the Web Gateway.
We also faced issues with the hybrid deployment with rules matching from on premises to SAAS and found that there is not an exact lineup with web rules. At that point we decided it was better to manage them separately with a less restrictive rule set on the SAAS side with the assumption that when a user goes mobile that they are more likely to establish VPN session versus just surfing the web. At the point they establish the VPN session MCP is able to communicate to the on premise proxies and back haul all internet access.
With the new hybrid setup on SAAS we have a complete rule synchronization from on premise to SAAS. This has allowed us to manage all rules in a single location without a duplication of SAAS rules vs on premises rules. We have now allowed VPN split tunneling for web access.
Some of the benefits we gained where a enhanced malware detection reducing the overall detections through the installed AV which intern reduced the overall support required from the desktop support in malware removal on the host machine.
McAfee ATD really provided us the extra layer of insurance when it came to malware and zero day's detection with the integration into Web Gateway and IPS. With ATD we are able to build out virtual machines that match our environment to an extent.
The gateway anti-malware engine within Web Gateway is a really strong product. We were able to integrate ATD into Web Gateway to give it that extra horsepower. We were also able to integrate into the IPS providing a malware engine to the IPS increasing our overall malware discovery rate.
We deployed the McAfee IPS because of its fast performance, easy deployment , easy configuration and integration into the McAfee EPO/HIPS product. We have two sets of HA NS9100’s deployed to each data center. Each one is inline at every link in and out of the data centers (FW DMZ, FW Inside, MPLS, Metro-E and SIP). We also have a pair of M2950s in HA inline between the data centers located in Dallas and the one NSM located in Houston. We ensured that no matter where the traffic entered, exited or began we seen the conversation. This placement provided us with a great deal of visibility and control internally and externally.
The integration into the EPO/HIPS endpoint allowed us to process the events on the NIPS and send blocking notifications to EPO for the HIPS clients. The integration between ePO and IPS provided ePO machine information within the NSM console.
Policy creation became our biggest challenge. not to the effect that it was hard to configure it was that we had brought so many links into the IPS (internal and external) we had to ensure and document how the servers and systems communicated internally and externally and create the policies accordingly.
Some of the benefits and gained from this IPS implementation was a high level of visibility on all links going in and out of the data center. We don’t have any times savings in day to day tasks do to the fact that our IPS implementation is a 6 times increase from our original deployment.
McAfee Vulnerability Manager was deployed as our vulnerability assessment tool to provide a deep insight of our server and end user systems security posture. We have two scanners deployed one in our Houston data center and the other in our Dallas data center with the manager located in our Houston data center. We have integrated this product with our McAfee IPS and EPO which gave us some added features on the IPS side with the ability to kick off a vulnerability scan from within the IPS console. This capability has proven to be useful to determine if a targeted box is vulnerable to a specific attack.
Within the EPO console we were able to incorporate the scan data to assist with event trending, access protection and HIPS policies.
Challenge
Refining the reports and generating custom reports for the SCCM administrator as the default reports are large and cumbersome. We also have issues with turning off certain scan criteria as we assumed a level of risk with certain windows services left on.
Some of the benefits we gained from MVM is the ability to access a systems vulnerability level which allows to direct our patching requirements to cover our HIGH and Medium vulnerability's.
SIEM has become our hub of knowledge as we continue to send more and more information to it. In our Houston data center we placed one event receiver, one enterprise log manager, two advanced correlation engines (one real time, one historical), one enterprise security manager, one application data monitor and one database event monitor. Our Dallas data center received one event receiver to aggregate events to be delivered to the ELM and ESM.
We are sending windows event logs from all servers, netflow/syslog data from all network devices, ForeScout CEF event information and IPS integration which is allowing us to blacklist from with ESM console.
Some of the challenges we faced with the SIEM deployment were all the data points to send to SIEM, this proved to be very time consuming but, produced great results.
Some of the benefits are gained where a increased visibility in the events taking place on the infrastructure (this allowed to see a event on the firewall and correlate it against a event on a server). We have time savings by not having to track events on through individual logging sources but allowing us to see all events through one pane.
Providing results to management and executive staff was a key element to establishing our security program. We wanted to be sure that we provided brief reports that made sense to a non-technical audience avoiding IT terms but to ensure that the information was accurate and relevant to our business. Initially articulating findings was relatively difficult with only seeing portions of the data provided through Stealth Watch. Once we began to deploy our EPO endpoint security solution we started to see the whole other picture which enabled us to provide accurate information. After deploying our new McAfee solution we are now seeing the correlation of EPO Endpoint events, Windows, events, netflow, NIPS events, MVM Endpoint vulnerability assessment information, syslog, ForeScout Events, etc. The correlation of all this information allowed us to provide accurate security posture information to senior leadership.