This document discusses Cisco's cybersecurity solutions, including its FirePOWER next-generation firewall and network security platform. It provides an overview of FirePOWER's key capabilities such as advanced threat prevention, application control, user awareness, automated policy recommendations, and integration with other Cisco security products. The document also presents examples of how FirePOWER's contextual policies and automation features can help organizations better detect, prevent, and respond to cyber threats.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
The session focuses The session focuses how EDR detects suspicious or threatening activity on endpoints. EDR constantly monitors endpoints allowing for immediate response. The information collected from the monitoring process is recorded to be analysed and investigated to enable response.
The session is handled by Mr.Ranjit Sawant, Regional Security Architect (APAC), FireEye Inc.
With over 16 years’ experience in Information Security, he has been working with various verticals such as BFSI, IT Services and Manufacturing.Being a technocrat, Ranjit worked on technologies pertaining to Endpoint, Network, Application Security and since last 8+ years his focus & investment is on Advance Threat Protection Solutions.
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
Most cybersecurity professionals know the CIS Top Five Critical Security Controls. Yet, the evidence that they are effective is slim. Using data on cyber-incidents, researchers looked at the attack paths used by adversaries and determined what controls could have disrupted these attack paths. The result is a new set of critical controls that organizations should implement on a priority basis.
Learning Objectives:
1: Understand evidence-based approach to selecting controls.
2: Understand why the “new top five” controls were selected.
3: Chart a pathway to implementing the new top five controls.
(Source: RSA Conference USA 2018)
Conozca como tener una completa visibilidad para identificar e investigar los ataques, detecte y analice ataques avanzados, antes que afecten al negocio, gestione los incidentes más importantes, permitiéndole combinar Logs con otros tipos de datos como tráfico en la red, información end point y datos en la nube.
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
Hoy por hoy el tráfico que llega a las aplicaciones web de las compañías en su mayoría es tráfico SSL con lo cual tenemos diferentes opciones para abordar la problemática de visibilidad y control del tráfico cifrado; confiar en todo el tráfico SSL y dejarlo pasar sin inspeccionar o incrementar la capacidad de los dispositivos de seguridad. ¿Qué camino tomar?
No menos importante, son todos aquellos ataques que llegan a las aplicaciones Core de la compañía de actores que buscan poner en riesgo la integridad, disponibilidad y seguridad de la misma como por ejemplo Bots y ataques de DDoS.
¿Se encuentra usted protegido contra amenazas avanzadas?
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido
se / quando todas as fases foram realizadas.
(DOCUMENTO EM INGLÊS)
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
The session focuses The session focuses how EDR detects suspicious or threatening activity on endpoints. EDR constantly monitors endpoints allowing for immediate response. The information collected from the monitoring process is recorded to be analysed and investigated to enable response.
The session is handled by Mr.Ranjit Sawant, Regional Security Architect (APAC), FireEye Inc.
With over 16 years’ experience in Information Security, he has been working with various verticals such as BFSI, IT Services and Manufacturing.Being a technocrat, Ranjit worked on technologies pertaining to Endpoint, Network, Application Security and since last 8+ years his focus & investment is on Advance Threat Protection Solutions.
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
Most cybersecurity professionals know the CIS Top Five Critical Security Controls. Yet, the evidence that they are effective is slim. Using data on cyber-incidents, researchers looked at the attack paths used by adversaries and determined what controls could have disrupted these attack paths. The result is a new set of critical controls that organizations should implement on a priority basis.
Learning Objectives:
1: Understand evidence-based approach to selecting controls.
2: Understand why the “new top five” controls were selected.
3: Chart a pathway to implementing the new top five controls.
(Source: RSA Conference USA 2018)
Conozca como tener una completa visibilidad para identificar e investigar los ataques, detecte y analice ataques avanzados, antes que afecten al negocio, gestione los incidentes más importantes, permitiéndole combinar Logs con otros tipos de datos como tráfico en la red, información end point y datos en la nube.
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
Hoy por hoy el tráfico que llega a las aplicaciones web de las compañías en su mayoría es tráfico SSL con lo cual tenemos diferentes opciones para abordar la problemática de visibilidad y control del tráfico cifrado; confiar en todo el tráfico SSL y dejarlo pasar sin inspeccionar o incrementar la capacidad de los dispositivos de seguridad. ¿Qué camino tomar?
No menos importante, son todos aquellos ataques que llegan a las aplicaciones Core de la compañía de actores que buscan poner en riesgo la integridad, disponibilidad y seguridad de la misma como por ejemplo Bots y ataques de DDoS.
¿Se encuentra usted protegido contra amenazas avanzadas?
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
We will explore why the current industry approach to security is failing us. We will then discuss how building security as an architecture can raise the security level for any organization. An architectural approach is required to take security to the next level and defend against modern threats. We will discuss how you can use Cisco solutions to build a true security architecture.
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
스폰서 발표 세션 | 클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic
채현주 보안기술본부장, Openbase
클라우드 환경의 다양한 서비스로 인해 자산을 지키는 보안을 위한 작업은 더욱 복잡해지고 있다. 기존 온프라미스에서 해 오던 방식으로 클라우드 보안에 접근하는 것은 비용 및 자원활용 측면에서도 낭비이며, 기술의 발전 속도를 따라가기도 어렵다. 본 세션에서는 클라우드 환경의 보안 특성을 살펴보고 효율적인 보안시스템 구축을 위한 가이드를 제시하며, 아울러 전문적인 보안 지식이나 자체 구축 보안시스템 없이도 즉시 활용할 수 있는 Alert Logic의 보안 서비스를 소개한다.
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
Similar to Ict 2015 saga - cisco cybersecurity rešenja- Viktor Varga (20)
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. Četvrt veka oblikujemo budućnost
SAGA
• Established 1989 – 25 years
• System Integrator No.1 in Serbia*
• Member of New Frontier Group
Security
Department
*since 2005 by revenue
3. Četvrt veka oblikujemo budućnost
SAGA Security 360˚
Core Values
Holistic approach
Trusted Advisor
Security = Risk
Security as Enabler
10. Četvrt veka oblikujemo budućnost
FirePOWER
Access Control
• Remote Access VPN
• Gateway VPN
Switching
• Routing
• NAT
• Stateful Inspection
Context Awareness
• Correlate host and user activity
• Passive OS Fingerprinting
• Passive Service Identification
• Passive Vulnerability mapping
• Passive Network Discovery
• Auto Policy Recommendations
• Auto Impact Assessment
Threat Prevention
• Vulnerability facing rules
• Threat facing rules
• Enterprise accuracy and
performance
App Control
• Detection of
applications
• Allow/block apps and
app sub-functions
• Allow/block apps by
user
• Allow/block apps by
type, tag, category,
risk rating
Typical IPSTypical Firewall
Typical NGFWs
FirePOWER NGIPS
FirePOWER – NGFW
11. Četvrt veka oblikujemo budućnost
Context - Traffic Analysis
First packet : 2013-02-22 16:08:46
Last packet : 2013-02-22 16:08:46
Source IP : 10.2.1.51
Destination IP : 10.2.1.121
Protocol : TCP
Source Port : 2314
Destination Port : 3108
---------
Service : HTTP
Application Type : HTTP Browser
Web Application : ACME HR
Client App : Internet Explorer 7
Server App : Apache 2.3.32
Initiator packets: 6
Responder packets: 6
Initiator bytes : 1096
Responder bytes : 2269
URL : /foo/sploits/plugins/
Detection Engine : London Data Center
10.2.1.51 exists
10.2.1.121 exists
10.2.1.121 Has a daemon :3108
10.2.1.121 Is a webserver
10.2.1.51 Has a web browser
10.2.1.51 Has IE 7 installed
10.2.1.121 Needs updating: vulns
12. Četvrt veka oblikujemo budućnost
Impact Assessment
Correlates all intrusion events to an
impact of the attack against the target
IMPACT
FLAG
ADMINISTRATOR
ACTION
WHY
Act Immediately,
Vulnerable
Event corresponds to
vulnerability mapped
to host
Investigate,
Potentially
Vulnerable
Relevant port open or
protocol in use, but
no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored network
13. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
14. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
15. Četvrt veka oblikujemo budućnost
One Size Fits All ?
NSS IPS Test Key Findings:
Protection varied widely between 31% and
98%. Tuning is required, and is most
important for remote attacks against servers
and their applications. Organizations that do
not tune could be missing numerous
“catchable” attacks.
16. Četvrt veka oblikujemo budućnost
Automation
Impact Assessment and Recommended Rules Automate Routine Tasks
18. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 1
Trust privileged users access to sshd on
production servers (regardless of port)
19. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 2
Treat connections to unauthorized
websites as highly hostile.
Trust privileged users access to sshd on
production servers (regardless of port)
20. Četvrt veka oblikujemo budućnost
Contextual Policy – Primer 3
Treat connections to unauthorized
websites as highly hostile.
Trust privileged users access to sshd on
production servers (regardless of port)
Prevent any .exe downloads from
untrusted client apps (e.g. Internet
Explorer)
21. Četvrt veka oblikujemo budućnost
Custom Block Response Pages
Simple update that can be leveraged
for existing infrastructure.
Example: Use a Google Docs
Spreadsheet and Web form for user
access requests.
• Created a Google Spreadsheet and
added a web form to the spreadsheet.
• Added either the urlor the iframeto the
default block page
22. Četvrt veka oblikujemo budućnost
Detekcija
Detects if new application appears or traffic profile changes
Identify Hacked Hosts
Useful in static environments: Scada, DMZ, MEDTEC...
Reduced Risk and Cost ALERT
Host has suddenly
started to use SSH
client and outgoing
traffic volume has
increased by 3
ssh
23. Četvrt veka oblikujemo budućnost
Automatska remediacija
Use pre-defined or custom script to initiate automatic actions
E.g, Quarantine device with ISE API
Reduced Risk and Cost
Indications Of Compromise
- IPS event impact 1
- Malware
- Communication with BOTNET
QUARANTINE
I
S
E
change
VLAN or
SGT
24. Četvrt veka oblikujemo budućnost
Integracija
eStreamer API
Export Events
Vulnerability API
Import
Vulnerabilities
Remediation
Modules
I
S
E
Database
Access
(JDBC)
25. Četvrt veka oblikujemo budućnost
Integracija 2
Platform Exchange Grid – pxGrid
That Didn’t
Work So
Well!
pxGrid Context
Sharing
Single Framework
Direct, Secured
Interfaces
I have NBAR info!
I need identity…
I have firewall logs!
I need identity…
Talos
I have sec events!
I need reputation…
I have NetFlow!
I need entitlement…
I have reputation info!
I need threat data…
I have MDM info!
I need location…
I have app inventory info!
I need posture…
I have identity & device-type!
I need app inventory & vulnerability…
I have application info!
I need location & auth-group…
I have threat data!
I need reputation…
I have location!
I need identity…
26. Četvrt veka oblikujemo budućnost
Two of a kind
• Focused on Threat Detection
• Some Firewall functions, but likely
not enough to meet perimeter use
cases
• Ideal for passive deployments or
augmenting firewalls
• Deployed on FirePOWER
appliances
Different devices for different use cases
• Full ASA firewall capabilities
• Full threat detection stack
• Best for NGFW usage
• Delivered alongside ASA
FirePOWER Appliance & FirePOWER services