On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
12. Endpoint: The Path of Least Resistance
THREAT TARGETS
DESKTOPS
USERS
WINDOWS 7
WINDOWS 8.1
LAPTOPS
INTERNET EXPLORER
The key security threat channels are Web
and Email. The key threat vectors are
web-links and downloaded files.
Your security posture is significantly
improved by negating the key security
issues of users clicking malicious web-
links and opening infected attachments
Prioritize
Focus
THREAT VECTORS
VIDEOS
PICTURES
DOCUMENTS
WEBLINKS
MAIL
WEB
THREAT CHANNELS
13. The Business Problem: The Bromium Cure
SECURE
WEB BROWSING
SECURE
EMAIL
SECURITY
PATCHING
14. Endpoint Isolation Technology
How It Works – Bromium
ISOLATED. PROTECTED.DISRUPTIVE DAMAGING
HARDWARE
OS KERNEL
Untrusted user tasks and any malware
are isolated in a super-efficient micro-VM.
All micro-VMs destroyed, eliminating all
traces of malware with them.
Hardware-isolated
micro-VMs
18. About WhiteHat Security
• Application security testing leader in Gartner Magic Quadrant
• HQ in Santa Clara, California
• Employees: 300
• Customers: 650+
• Sites under management: 30,000+
18
19. SAST - “Sentinel Source” Static Testing
• Integrates into your
development process
• Directly connects to source
code repository
• Designed for Agile
• Your code stays onsite
• Verified vulnerabilities avoid
false positives
• Assesses partial code, as
often as needed
19
20. Sentinel Mobile - Secure Mobile Devices
§ Assesses both iOS and Android
applications
§ Tests native mobile code and server-side
APIs
§ Identifies critical vulnerabilities including
OWASP Mobile Top 10
§ Verified findings:
Zero false positives reduce overhead for
developers
Results prioritized by risk
§ Covers traffic analysis between client and
server-side
21. DAST – Dynamic Application Testing
• Non-intrusive, non-disruptive, 24x7
coverage
• Meets and exceeds PCI 6.5/6.6
requirements
• Full service and support included in
all offerings
• Unlimited retests, integration
support, and remediation guidance
at no additional charge
• Persistent, consistent testing and
results
Cross-site scripting
Credential/Session
Prediction
Weak Password
Recovery Validation
Information Leakage
Brute Force
SQL Injection
Insufficient
Authentication
23. How to Remediate Vulnerabilities?
Continuous Testing
• Full SDLC coverage: training, development, QA, and
production
• Stop using Tiger teams!
Expert hands-on guidance from the Threat Research Center
• 100% verified vulnerabilities, 0 false positives
• 150+ security engineers available by phone/email/WebEx
Retest, Retest, Retest
• Trending of vulnerabilities across time and continuous
assessment of deployment
24. How Deep to Test?
§ Sentinel PE (Fully Targeted / High Risk)
• Ideal for high impact sites with sensitive
user and financial information
• Technical and business logic
vulnerabilities, complete WASC v2
§ Baseline Edition (Static Webpages)
• Unauthenticated, Verified Results
§ Standard Edition (Directed/Opportunistic)
• Custom configured logins and multi-step
sequences
• Comprehensive coverage for technical
vulnerabilities