Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, visitantes, ¿BYOD?
•
0 likes•1,380 views
Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, visitantes, ¿BYOD? Ya puedes ver las ponencias completas de la #jornadanextelxvi sobre la #Gestión del #Riesgo #riskmanagement http://www.nextel.es/jornadanextelxvi
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, visitantes, ¿BYOD?
Similar to Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, visitantes, ¿BYOD? (20)
More from Nextel S.A.
More from Nextel S.A. (20)
Recently uploaded
Recently uploaded (20)
Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, visitantes, ¿BYOD?
- 2. Foundation • In business 13 years • Campbell, CA headquarters • 200+ global channel partners
- 3. Foundation • Focus: Pervasive Network Security • Independent Network Access Control (NAC) Market Leader Market Leadership #1
- 4. Foundation • 1,500+ customers worldwide • Financial services, government, healthcare, manufacturing, retail, education • From 500 to >500,000 endpoints Market Leadership Enterprise Deployments #1
- 7. Real-time Visibility + Coordinated Controls Ticketing Remediation Systems Management Endpoint Security Wireless SIEMSwitches MDM AAA Vulnerability
- 10. • Visibility of all devices • Block unauthorized devices from the network • Automated onboarding – Detect device – Detect user – Detect compliance • Flexible policy controls – Block, limit, allow – Register guests ForeScout
- 11. *Magic Quadrant for Network Access Control, December 2013, Gartner Inc. *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Garnter, Inc. "Magic Quadrant for Network Access Control," Report G00249599, December 12, 2013, Lawrence Orans. **Frost & Sullivan 2013 report NC91-74, Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Chard base year 2012. **NAC Competitive Landscape April 2013, Frost & Sullivan
- 12. Fast and easy to deploy Agentless and non-disruptive Scalable, no re-architecting
- 13. Fast and easy to deploy Infrastructure Agnostic Agentless and non-disruptive Scalable, no re-architecting Works with mixed, legacy environment Avoid vendor lock-in
- 14. Fast and easy to deploy Infrastructure Agnostic Flexible and Customizable Agentless and non-disruptive Scalable, no re-architecting Works with mixed, legacy environment Avoid vendor lock-in Optimized for diversity and BYOD Supports open integration standards
- 15. • Visibility (discovery and classification) (device type and ownership) • Network access control (allow, limit, block) • Endpoint compliance management – Assess security posture – Remediate • BYOD enablement • Guest networking (register, approve, provision) • Continuous monitoring and mitigation (ControlFabric) – SIEM, ATD, VA, ePO (HBSS), MDM, vCenter, home-grown integrations • Threat prevention (ActiveResponse™)
- 16. Function Improve Security Save Time or Money Improve Productivity Detect and control personal devices Provision guest network access Endpoint compliance and remediation Block zero-day attacks with 100% accuracy Real-time compliance and inventory reports Enforce usage policies (apps, devices, …) Quarantine rogue devices Real-time visibility
- 20. Complete Situational Awareness Compliance Problems: Agents, Apps, Vulnerabilities, Configurations See All Devices: Managed, Unmanaged, Wired, Wireless, PC, Mobile…
- 21. Complete Situational Awareness Filter Information By: Business Unit, Location, Device Type…
- 22. Complete Situational Awareness See Device Details: What, Where, Who, Security Posture…
- 23. Complete Situational Awareness Site Summary: Devices, Policy Violations…
- 24. • Multiple detection methods – CounterACT polls switches for list of devices that are connected – Switch sends an SNMP trap to CounterACT – Switch sends an 802.1X request to to a RADIUS server, which CounterACT monitors – CounterACT monitors DHCP requests and will see that a new host has requested an IP address CounterACT monitors a network SPAN port and sees interesting network traffic such as HTTP traffic
- 25. • Passive methods – Monitor DHCP traffic – Monitor HTTP traffic – Monitor banners • Active methods – Run an NMAP scan on the device – Deploying SecureConnector Agent Use administrative privileges on the endpoint to run a scan on the endpoint
- 26. • Device – Type of device – Manufacturer – Location – Connection type – RAM – Network adapter – Authentication – MAC and IP address • Applications – Installed – Running – Version number – Registry values – File sizes • – – – – • – – – • – – – • – – – – – – • – – – –
- 27. Physical Layer Device / Peripherals Operating Systems Applications User Information User Behavior Visibility Management Control Policy violations Audited responses Trouble ticket requests User notification User “signed” acceptance Self-remediation Worm quarantine User hacking prevention Segmented access User name Authentication status Group membership Role-based policy Multiple guest policies Guest access / registration User authentication events Application installed/running Registry values Compliance reporting Application whitelist Software remediation Application licensing Application blocking Application enforcement OS fingerprint (patch level) Compliance reporting Processes / services running Vulnerability awareness Patch management Antivirus updates Process blocking Registry locking Kill a process IP address, MAC address VoIP Phone USB peripherals Inventory management Device-based policy Data loss prevention Shutdown, disable port Multi-home blocking 3G modem blocking Switch, port, VLAN Geographic location Number devices on port Role-based access Policy-based firewall VPN status Port control (802.1X, SNMP) ACL VLAN
- 29. Modest Strong Open trouble ticket Send email notification SNMP Traps Start application Run script to install application Auditable end-user acknowledgement HTTP browser hijack Trigger other endpoint management system to remediate endpoint Deploy a virtual firewall around the device Reassign the device to a VLAN with restricted access Update access lists (ACLs) on switches, firewalls and routers to restrict access DNS hijack (captive portal) Automatically move device to a pre- configured guest network Move device to quarantine VLAN Block access with 802.1X Alter login credentials to block access, VPN block Block access with device authentication Turn off switch port (802.1X, SNMP) Wi-Fi port block Terminate applications Disable peripheral device Alert & Remediate Limit Access Move & Disable
- 30. SIEM initiates automated remediation action using ForeScout 4 4 ForeScout takes remediation action on endpoint5 5 1 DLP Other Sources Routers Network events Security Devices FW, IPS/IDS, VPN events Privacy violations SIEM correlates ForeScout information with information from other sources and escalates threat level when the end-point is non-compliant 2 2 Database, App. eventsAV logs, system events 1 ForeScout sends both low-level (who, what, where) and high-level (compliance status) information about endpoints to SIEM 1 Endpoints + BYOD SIEM 3 SIEM provides LOB based compliance dashboards/reports 3
- 31. Pervasive Network Security an IT Game Changer Pervasive Network Security
- 32. Gracias
- 33. APPENDIX
- 34. FAMILY OF APPLIANCES Asingle appliance to handle up to # of endpoints Endpoints 100 500 1,000 2,500 4,000 10,000 Virtual appliances are also available. FAMILY OF APPLIANCE MANAGERS Asingle appliance to handle up to # of ForeScout appliances 5 10 25 50 100 150 200 Virtual appliances are also available. SUITE OF PACKAGED SOFTWARE INTEGRATION MODULES VulnerabilityAssessment Advance Threat Detection SIEM MDM ePO Open (CustomerDevelopment)
Editor's Notes
- This presentation is designed for a 1stmeeting with a prospect. Goal is to gain sponsorship from an executive by describing the value that we can provide. Second meeting with the prospect would be more technical, with lower-level attendees, describing how we do what we do.======= SCRIPT FOLLOWS =======Good morning. My name is _______. Today I want to show you how ForeScout’s products can give you game-changing visibility, control and automation.
- We’ve been in business for 13 years, based out of California. --- [CLICK TO ADVANCE] ---
- We are the market leader in what we do. We are focused on Pervasive Network Security. --- [CLICK TO ADVANCE] ---
- We have customers around the world in every industry, ranging in size from 500 to over 500,000 endpoints.We have seen it all before. --- [CLICK TO ADVANCE] ---
- The first problem is inadequate visibility to risks on your network.What am I talking about? Don’t you already have enough toolsto show you everything on your network? What causes this problem? --- [CLICK TO ADVANCE] ---
- The first cause of inadequate visibility isTRANSIENT DEVICES -- devices that show up on your network once a week, or maybe once a month. These could be PHYSICAL or VIRTUAL devices. Does a periodic asset scan, or a periodic vulnerability scan detect transient devices? No, it doesn’t, it misses them. --- [CLICK TO ADVANCE] --- A second problem is that of BYOD devices. You have all kinds of mobile devices, and you might even have a Mobile Device Management system to help you control these devices. But, even MDM systems can’t see devices that have not yet been enrolled in the MDM system. So you have a visibility gap. Unless you have 100% locked down all of your WiFi networks, you probably have more mobile devices on your network than you know about. --- [CLICK TO ADVANCE] --- A third causeof the visibility problem is broken managed devices – stuff that you own that isn’t working right. The management agent is not working or something. Now …. This visibility problem is so important that I want to take a minute to drill down on it so you really can start thinking deeply about this issue. Because visibility is foundational for security. --- [CLICK TO ADVANCE] ---
- In many meetings I have had with companies just like yourselves, I have found that companies struggle with three problems. These three problems are pervasive among all enterprises. --- [CLICK TO ADVANCE] --- First, companies struggle with inadequateVISIBILITY– to all the things and all the risks on your network. This is especially true because of all the consumer devices that are on your network, and also I’m talking about visibility to virtual machines on your network.. --- [CLICK TO ADVANCE] --- The second problem is inadequateCOLLABORATIONamong the IT security systems you already own. Many of your IT systems operate as silos, and they often don’t have the information context that they need to perform effectively. --- [CLICK TO ADVANCE] --- And the third problem is inadequateAUTOMATIONfor quick mitigation of security problems, to keep you ahead of the cyberattackers. Today, the window of opportunity for attackers to get into your computers is too long. Too many of your controls are still manual and reactive.--- [CLICK TO ADVANCE] ---
- If you look at the screen, the blue symbols represent your corporate IT resources. The things you own. You have Endpoints, Network Devices, Applications, and of course users. You own these things, you’ve installed them, so you know about them. And of course the users are your employees – they are on your payroll and in your directory. You know about them.Now … you manage your corporate endpoints with agents, right? You have antivirus, encryption, data loss prevention agents, patch management systems and so forth. Right? Now, these agents are good. They serve a useful purpose. But the truth isthat agents are hard to maintain. Theydon’t work correctly 100% of the time. Based on data we’ve gathered from our customers, we know that each security agent will not be working correctly on between 10% and 15% of the endpoint devices. The antivirus might be out of date. Or the the encryption agent might not be properly installed. Or the data loss prevention agent might not be working. This is reality. There are various studies that support these numbers. --- [CLICK TO ADVANCE] --- The symbols that I have added to this slide show the different endpoint agents that aren’t working properly in the real world. When you add up all the problems, it’s typical to find security problems on about one third of your endpoints. Some customers find more. A few years ago, Microsoft reported that over 50% of their endpoint computers had a security problem like the ones shown here.These problems tend to be hidden to you, because the client-server systems have blind spots. This is the real world. --- [CLICK TO ADVANCE] --- You also have non-corporate devices on your network. Employees bring in personal laptops,iPhones and iPads. And employees bring rogue network devices into the office. NAT devices. You know this happens. Employees are trying to “help themselves” by working around your IT organization. And of course you have unauthorized personal applications on your network. Can you detect them? Are they visible to youTypically companies don’t have good visibility into any of these things. And they can be security risks. --- [CLICK TO ADVANCE] --- Unless you have specialized technology that can show you everything touching your network, you probably only have visibility into one-half of what actually exists. And you know the security maxim: You can’t secure what you can’t see. So inadequate visibility means you have security gaps.And that is the first problem that we help customers solve.
- What you really want is real-time visibility to everything on your network -- all the devices, all the applications, all the risks -- and you also want more coordinated controls. You want your IT systems to talk with one another, make smarter decisions, work with more automation. This is what ForeScout does. Before I tell you more about how we do it, let’s hear from three of our customers.
- ForeScout solves this problem. ForeScout allows your existing systems to SHARE INFORMATION. We share the information that we obtain ourselves about the devices on your network (this is the endpoint visibility information that I showed you a few minutes ago), and we also share the information produced by all the other IT management systems that connect up to our platform.All these integrations are bi-directional.The result is your existing systems become SMARTER and become able to make better decisions about your security.You move from a model of periodic scanning and patching to one of CONTINUOUS MONITORING and REMEDIATION. That is what ForeScout does.And of course, all of this reduces your risk exposure to attack.Through this integration, your existing systems are all able to trigger automated mitigation. Through the ForeScout platform or thorugh the other systems that are connected to our platform. This mitigation can be at the network level (to QUARANTINE a device) or at the endpointlevel (to PATCH it, or to trigger a 3rd party system to patch the endpoint).
- We call this information sharing and automation CONTROLFABRIC. Currently 66 different HW and SW products interoperate with ForeScout’s platform. More partners are signing on every month. And – ControlFabric is based on open standards. So if you have some home-grown management systems that you want build integrations with, that’s no problem, we support open standards.So that is what our product does. Now I want to give you three examples of ControlFabric in action.The first example that I want to share with you is about endpoint compliance management.
- The second example I want to show you is how we help you enable BYOD while preserving security. If you have an MDM system, that’s great. It protects the mobile device. But it can only see devices that have been enrolled into the MDM system, it can’t see brand new devices that show up on the network. That’s a risk.ForeScout solves this problem because we give you 100% visibility. We show you what is on your network, and we automatically remove the things you don’t want. And we help you automatically onboard the mobile devices you do want on your network. We interoperate with all the leading MDM systems to help them onboard new mobile devices. This reduces help desk calls because it makes the process so efficient. This process is so effective, so helpful, that Gartner has published a report – a case study – about ForeScout interoperating with an MDM systems at a large financial institution. It greatly helped them. There were far fewer helpdesk calls than if ForeScout wasn’t there to help automate the enrollment of mobile devices into the MDM system. The Gartner case study also explains how our system helped our customermanage BYOD Windows devices, and Macs.
- All the market analysts such as Gartner, Frost and Sullivan, and others list us as a market leader. They show us at the top of their charts next to a little company called Cisco.So that is who we are.Now let me go back to the three IT security problems that I mentioned previously. Let’s explore them more deeply. --- [CLICK TO ADVANCE] ---
- First, you really have to know that ForeScout’s product is fast and easy to deploy. We have dozens of customer testimonials that say how shocked our customers were when they deployed our product. Typically, a customer will install our appliance in their network in the morning, and then we go to lunch, and when we come back from lunch, immediately we are seeing all kinds of devices that they didn’t know about. It is because we don’t require agents. We don’t disrupt anything that you have. And our system is scalable. We have customers with upwards of 500,000 devices under ForeScout management.
- The second thing you need to know about how ForeScout is different is that we work with everything. We are infrastructure agnostic. We work with mixed environments, legacy environments, and we are not going to tie you into a proprietary architecture. ControlFabric is open, it is based on open standards.
- And the third thing that is really important for you to know about ForeScout is that we are flexible and customizable. We have optimized our system for diversity. A few years ago, you might have been able to dictate that everyone on your network used WindowsXP. Those days are over. Since ForeScout is not tied to an agent, we can see any new thing on your network. Any new thing that Apple or Google might come out with. Any industrial machines you might have.And we support open integration standards.
- Unlike other security products, ForeScout’s product has a direct ability to reduce costs and improve productivity.
- We call this “Real-time Network Asset Intelligence”.This is a screenshot of ForeScout CounterACT. That is the name of our product.We give you both high-level and low-level information about everything on your network.Let me show you.
- In the upper left window pane, you can see all of the devices on your network. Managed and unmanaged. Wired and wireless. If it is on your network, we show it to you, and in this area we categorize the types of devices that we see on your network and give you a total count. --- [CLICK TO ADVANCE] --- We also show you all your compliance problems. What agents are broken. What apps are on your network that you don’t want. What vulnerabilities do you have.
- For your convenience, we let you filter all this information any way you want. For example, by business unit, or location.
- At the bottom we provide detailed information about every device – what is it? Where is it? Who owns it? How secure is it?
- Up top we provide a map where you can see a site summary of each geographical location. How many devices are at leach location? What are the policy violations at each location?
- We have the SIEM integration module. You have this slide already.
- Ladies and gentlemen, that is ForeScout. That is how we deliver pervasive network security. And we think it can be a game-changer for you and for your organization.