Preview delle ultime novità di prodotto Sourcefire IPS Entriamo in dettaglio delle novità di prodotto annunciate da Sourcefire nell\’ultimo mese, incluso:
New 3D8000 Series Sensors with FirePOWER
New Defense Center Models
New IPSx Solution
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire.
ABOUT THE PRESENTER
Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Network security specialist Catherine Paquetl fills you in on advanced threat protection that integrates real-time contextual awareness, intelligent security automation and superior performance with industry-leading network intrusion prevention, Sourcefire.
ABOUT THE PRESENTER
Catherine Paquet, CCSI, CCNP Security, CCNP Routing and Switching, is a network security specialist. She began her internetworking career as a LAN manager, then MAN manager, and eventually became a nationwide WAN manager with the Department of National Defence. Paquet lectures around the world on security topics, including firewalls, VPNs, intrusion prevention, identity systems, email and Web security, and router and switch security. During her spare time, she authors Cisco Press books, and she volunteers as a network security analyst to nonprofit organizations. Paquet attended the Royal Military College Saint-Jean (Canada) and holds an MBA in Management Information Systems (MIS) from York University.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Cyber Security - IDS/IPS is not enoughSavvius, Inc
Watch the full OnDemand Webcast: http://bit.ly/CyberSecurityIDSIPS
Network breaches are on the rise. You can find statistics and specific accounts of breaches all over the Web. And those are just the ones companies are willing to talk about.
You have an IDS/IPS in place so you’re protected, right? Not necessarily, since most breaches today are unique, and often employ prolonged, targeted attacks, making them hard to predict and counteract with existing IDS/IPS solutions. Worse, sometimes attacks begin, or are at least facilitated, from within the firewall, whether maliciously or simply due to negligence and inappropriate corporate network usage.
The current environment of profit-driven network attacks requires that you supplement existing IDS/IPS solutions with technology that constantly monitors and records all network traffic, and provides the ability to perform Network Forensics. This way if an attack occurs, and the odds are not in your favor, you can not only characterize the breach, but also assess the damage, ensure no further compromise, and comply with corporate and legal requirements for reporting. Additionally, by employing Network Forensics proactively, you can spot dangerous behavior on your network as it happens, swinging the odds of avoiding an attack back in your favor.
In this web seminar, we will cover:
- Current trends in cyber attacks, including APTs (Advanced Persistent Threats)
- Common characteristics of recent cyber attacks
- Limitations of IDS/IPS solutions
- Using Network Forensics to supplement your defenses
What you will learn:
- Why IDS/IPS solutions fall short
- How to implement a Network Forensics solution
- How to use Network Forensics for both proactive and post-incident security analysis
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
Join this in-depth look and detailed demonstration of the OpenDNS Umbrella integration with AnyConnect and how it really can stop most threats before they become serious problems, protecting users anywhere they go, even when the VPN is off.
Watch the workshop replay: http://bit.ly/2bPT1ax
Watch the Video: http://bit.ly/2c60obv
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
Cyber Security - IDS/IPS is not enoughSavvius, Inc
Watch the full OnDemand Webcast: http://bit.ly/CyberSecurityIDSIPS
Network breaches are on the rise. You can find statistics and specific accounts of breaches all over the Web. And those are just the ones companies are willing to talk about.
You have an IDS/IPS in place so you’re protected, right? Not necessarily, since most breaches today are unique, and often employ prolonged, targeted attacks, making them hard to predict and counteract with existing IDS/IPS solutions. Worse, sometimes attacks begin, or are at least facilitated, from within the firewall, whether maliciously or simply due to negligence and inappropriate corporate network usage.
The current environment of profit-driven network attacks requires that you supplement existing IDS/IPS solutions with technology that constantly monitors and records all network traffic, and provides the ability to perform Network Forensics. This way if an attack occurs, and the odds are not in your favor, you can not only characterize the breach, but also assess the damage, ensure no further compromise, and comply with corporate and legal requirements for reporting. Additionally, by employing Network Forensics proactively, you can spot dangerous behavior on your network as it happens, swinging the odds of avoiding an attack back in your favor.
In this web seminar, we will cover:
- Current trends in cyber attacks, including APTs (Advanced Persistent Threats)
- Common characteristics of recent cyber attacks
- Limitations of IDS/IPS solutions
- Using Network Forensics to supplement your defenses
What you will learn:
- Why IDS/IPS solutions fall short
- How to implement a Network Forensics solution
- How to use Network Forensics for both proactive and post-incident security analysis
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers.
Intrusion detection and prevention systemNikhil Raj
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk's Minister of Defense and security guru, Monzy Merza, shows how to use the Splunk App for Enterprise Security to detect, respond to and mitigate advanced malware through various phases of the threat's lifecycle chain.
This slide deck highlights the continued growth and evolution of Core Security Technologies and helps introduce an entirely new product for enterprise security testing andmeasurement - CORE INSIGHT Enterprise.
Is your security solution having trouble keeping up? Explore what a modern security solution looks like—built to tackle the evolving threat landscape while adapting to today’s global, mobile workforce.
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
Presentation from "International Data Protection Day" IT Security seminary on 28th of January, 2014, organized by "Data Security Solutions", IBM Security Systems partner in the Baltic States.
All Hope is Not LostNetwork Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
Do you think it requires an advanced degree to initiate an advanced security attack? Think again. Tool kits are readily available for immediate download that guide those with even just basic computer skills through the steps to initiate complex network attacks. But all hope is not lost. One of the best defenses is readily available in the market today – network recorders with network forensics – and when combined with the appropriate visibility fabric architecture, these solutions defend against attacks on even the fastest networks available today.
Join WildPackets and Gigamon as we explore the current state of network attacks, network vulnerabilities, and the solutions available to combat the most aggressive, and the most subtle, attacks.
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
Are you ready for the next attack? Reviewing the SP Security Checklist, by Barry Green.
A presentation given at the APNIC 40 Opening Ceremony and Keynotes session on Tue, 8 Sep 2015.
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities.
Do you want to get to know more about Adaptive Defense 360?
- Test a demo: http://bit.ly/21jl4Bi
- Talk to an expert: http://bit.ly/1Ouzvve
- Get more info: http://bit.ly/21jljMu
Similar to Sourcefire Webinar - NEW GENERATION IPS (20)
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
4. Let’s Solve Problems What are your challenges? How are they being addressed today? What’s your ideal solution? What is your timeframe?
5. Today’s Reality “Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure.” Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., “The Future of Information Security is Context Aware and Adaptive,” May 14, 2010 Dynamic Threats Organized attackers Sophisticated threats Multiple attack vectors Static Defenses Ineffective defenses Black box limits flexibility Set-and-forget doesn’t work
8. Sourcefire Worldwide Locations Education &Professional ServicesLivonia, MI EMEA HQWokingham, UK Japan SalesTokyo, Japan Central Europe SalesFrankfurt, Germany Worldwide HQColumbia, MD Americas Sales Vienna, VA Southern Europe SalesParis, France Asia Pacific HQSingapore South American Sales Sao Paulo, Brazil ANZ SalesSydney, Australia
10. About Sourcefire To be the leading provider of intelligent cybersecurity solutions for the enterprise. Mission: Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE
17. Gartner 2010 IPS Magic Quadrant FACT: Sourcefire has been a leader in Gartner’s IPS Magic Quadrant since 2006. The Magic Quadrant is copyrighted 6 December 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
20. ✔ Virtual IPS offerings[completeness of vision] Broader product portfolio
21. NSS Labs Group IPS TestBlock Rate Comparison Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.
22. NSS Labs Group IPS TestResistance to Evasion Juniper missed 60% of evasions TippingPoint missed 80% of evasions Cisco missed 100% of evasions Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.
23. About the Test Published December 2010 11 vendors evaluated 1,179 live exploits 75 anti-evasion test cases No cost to vendors to participate Sourcefire Test Results Recommend rating Best overall detection Best vulnerability coverage Best vendor-stated vs. actual performance No evasions Second-Annual NSS Labs IPS Group Test
24. Best Overall DetectionSecond Straight Year! 98% 97% 95% 94% 93% 91% 85% 83% 79% 63% 43% Graphic by Sourcefire, Inc. Source data from NSS Labs “Network IPS 2010 Comparative Test Results.”
26. Best Vendor-Stated vs. Actual PerformanceSecond Straight Year! Sourcefire’s 2G IPS achieved 3.2G for 161% of vendor-stated performance 100% Performance Baseline Most IPS products achieved well below vendor-stated performance claims Graphic by Sourcefire, Inc. Computations derived from NSS Labs “Network IPS 2010 Comparative Test Results.”
36. 3D8000 Series Product Line All 3D8000 Series chassis support lights out management, solid state drives, redundant power, and an LCD interface.
37. Modular Choose number and type of ports Lower Entry Prices Expandable Add ports as needed Scalable Add processing power as needed Hardware Platform Sets New Standard for Security Appliances
44. Traditional IPS vs. Next-Generation IPS Traditional IPS Next-Generation IPS Closed& Blind Open & Customizable Architecture None orLimited Visibility & Intelligence Awareness Human Intensive Self Tuning &Precision Automation
45. Next-Gen IPS – Open Architecture Powerful Engine & Rules Adaptable Custom fit to network Comprehensive coverage Open Community Information sharing Shared protection Protection Against Advanced Persistent Threats (APT)
46. Next-Gen IPS – The Power of Awareness Network Know what’s there, what’s vulnerable, and what’s under attack Application Identify change and enforce policy on hundreds of applications Behavior Detect anomalies in configuration, connections and data flow Identity Know who is doing what, with what, and where
53. Intelligent Correlation to the Target BlockedEventLogged 3D SENSOR Attack Is Correlated to Targets DEFENSE CENTER 3D SENSOR LINUXSERVER Linux server not vulnerable WINDOWSSERVER AttackBlocked Windows server vulnerable 3D SENSOR 3D SENSOR Latest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. High-priority event generated for Windows Server target.
54. Abnormal Behavior Logged &Alerts Triggered 3D SENSOR DEFENSE CENTER 3D SENSOR ITRemediatesHosts 3D SENSOR 3D SENSOR HostsCompromised Abnormal Behavior Detected New rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate. New Asset Detected Intelligent Anomaly Detection
55. Compliance Event Logged & User Identified 3D SENSOR DEFENSE CENTER 3D SENSOR IT & HRContact User 3D SENSOR 3D SENSOR P2P App TriggersWhitelist Violation Intelligent Application Violation Security team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR.
59. Virtual Appliances for VMware & Xen Sourcefire Virtual 3D Sensor™ Identical IPS Sensor functionality Available throughputs: 5, 45, 100, 250 & 500 Mbps Sourcefire Virtual Defense Center Management Console Identical Defense Center functionality, except no Master Defense Center (MDC) mode Manages both physical and virtual IPS 3D Sensors
60. Sourcefire’s “Secret Sauce” Passive network intelligence Fuels powerful IPS automation: Impact Flags Automated IPS Tuning Compliance Rules & White Lists Network Behavior Analysis Detects hundreds of operating systems and applications What is RNA?
61. Real-Time User Awareness (RUA) “Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two.” Tamara Fisher, AutoTrader.com RUA gives “personality” to security and compliance events! Clicking on a username reveals full name, telephone number, email, and department Resolve security events more quickly when time is of the essence Integrated into all Sourcefire 3D Sensors
62. Sample Sourcefire Detection Hundreds of Apps, OS’s & Devices! Operating Systems Applications Network Infrastructure Consumer
65. 3D System 4.10 Highlights Expanded Application & User Awareness Detect Facebook, Blackberry, Hotmail & more Nmap update detects 2,500+ operating systems Encrypted RUA communications Enhanced Deployment & Operation Inline IPS test mode Support for auth. SMTP gateways & web proxies Improved Third-Party Integration Direct database access for third-party reporting Support for SNMP polling Support for new Crossbeam products Improved Performance & Usability Improved GUI performance Track reviewed events by user Simpler installation of customer SSL certificates Refer to “What’s New in 3D System 4.10” document for more information
71. Knowledge transfer and best practices“I can’t say enough about the guys from Support. The phone gets picked up the moment I call. They stick with an issue diligently and make sure I get what I need. No other company has given me that level of service.” Robert Wagner Senior Security Architect
72. Why Sourcefire? Powered by Snort Driven by Awareness Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the “Old Way!”Try the “Next Generation” in Intrusion Detection & Prevention.
Tailor your agenda for the meeting.This is the structure of the presentation.
Let’s discuss the challenges you are facing.
Start the conversation focusing on the prospect. What is the purpose of the meeting? If there are new people in the room this is a great time to white board all the issues from everyone and clearly identify future talking points in the presentation.
The network security model is broken!The attackers are well financed, motivated, and sophisticated in their methods of breaking into networks.How do you defend a network that is in a constant state of flux?Your set-and-forget IPS is not going to stop the attackers.We need to come up with a different solution to effectively protect our information…
According to Gartner’s lead IPS analyst, Greg Young….Detection is the most important feature of an IPS system.Sourcefire maintains a leadership position in providing the best detection through our Vulnerability Research Team (VRT).We have access to exploit and threat data from:The Snort ecosystem – Engineers submitting PCAPs and rules to VRTThe ClamAV project – where we receive over 20,000 malware samples per dayMicrosoft’s MAPP program – early disclosure of vulnerabilitiesand numerous private threat feedsOur VRT team reverse engineers exploits, analyzes vulnerability data, and creates rapid IPS rules to help you properly defend your dynamic network.
Three models being launched – 10, 20, 40 gigabits of throughput Third party validation by NSS over the past couple of weeks Real-world performance numbers magnitude higher than competition (can use example of other competitors claiming 15G and only testing 1.9G Design of the platform is stackable, giving us capability to support 80G of throughput with over 50G of real-world inspection Stacking is supported 1U to 1U and 2U to 2U Software updates expected later in 2011 will allow stacking of up to four 2U chassis for 80 Gbps / 56 Gbps NSS tested. These performance numbers for the 8U stacked configuration have been verified, although the software does not yet officially support that configuration.
Recap of the new models being offered starting first week of May Reduction of slots on 8260 is due to stacking with additional 2U chassis All support Lights out management (serial console over Ethernet), solid state drives, hot-swappable redundant power for reliability and LCD for ease of deployment
Need to discuss types of network modules supported, including 40G later in 2011
We mentioned that the security model was broken. We need new, innovative ways to defend our information that resides on our networks!Let’s explore the new approach.
Let me introduce you to the key capabilities required in the Next-Generation IPS solution.In doing so, we’ll compare the NGIPS to traditional IPS systems that you can acquire today.ArchitectureMost traditional IPS systems are a black box, with static rules/signatures.The architectures are closed, and the ability to precisely tailor the detection is often limited.One size fits all is not a workable architecture given today's advanced threats.The Next-Gen IPS should have an open architecture – how the product performs is exposed to the user and the ability to customize the detection and prevention to fit your needs is never compromised by a “black box” architecture.AwarenessTraditional IPSes are comprised of detection engines with a given set of rules….will do simple pattern matching to detect intrusions. Their intelligence is extremely limited.A Next-Generation IPS must be smart. Not only should the IPS detect a variety of attack methods, but it should also correlate attacks to the targets on your network to ensure precise detection, while minimizing false alarms or blocking good traffic.AutomationTraditional IPSes require a significant number of resources to “tune” the IPS to your network and to analyze the volume of alerts generated by the system. Lack of precision has become so problematic that most customers give up and use the vendor’s default rules and hope the system will stop the attacks. While the vendors can’t possibly enable rules that work out of the box in a comprehensive way to provide appropriate protection.The Next-Generation IPS is smart enough to automatically configure itself based on the knowledge of what is running on the network. As your network configuration changes, it adapts the rules to precisely protect your network….no more guess work, no more extra effort.The intelligence also reduces false alarms by over 90%.With a Next-Generation IPS you can effectively defend your network while maintaining operational costs from spiraling out of control, and/or sacrificing security.
The Next-Generation IPS is contextually aware and adaptive.In Sourcefire’s system, we infuse the IPS system with deep intelligence about the users, their usage, behavior, and data:The system then automatically customizes the detection and makes prevention recommendations based on what’s running on your network.The system monitors the applications running on your system, so that you can flexibly enforce the appropriate detection and compliance.The system enables you to detect compromise of your key systems and assets by constantly monitoring change of behavior and configuration.And finally, give you the ability to associate all detection to a specific user name and contact info. Sourcefire brings you a super-intelligent IPS system that is fully integrated and always on 24/7.
The results of leveraging a Next-Generation IPS are:Precision – correlating attacks to the targeted network device has given our customers over 90% alarm reduction.Self-configuring detection. The Next-Gen IPS system automatically configures the detection to specifically what's running on your network. As your network changes…so does your detection.The system allows you to prevent intrusions without an army of engineers and gives you the confidence to know that an intelligent system is helping you defend your network.
Let’s look at the system in action.
This scenario shows us an external Microsoft attack targeting multiple systems.The system correlates the attack to the target and blocks the attack from impacting the Windows server (or potentially vulnerable system).
The following scenario shows:A new device shows up on the LAN and is detected.The device attacks internal servers, and the system detects change in behavior on the compromised systems.The system alerts the change and directs the IT team to remediate the server and clients affected by the attack.
In this last scenario we illustrate application violation.A user starts using SKYPE, and the system detects the unauthorized application usage.Alerts are logged and escalated to IT and HR to remediate the offending use of SKYPE.Sourcefire’s Next-Generation IPS provides a rich set of prevention functionality in a fully integrated system.
Let’s look at the products that make up our Next-Generation IPS.
The first component of the solution is our IPS sensors that are delivered as appliances ranging from 5Mbps to 20Gbps.Our awareness technologies are delivered as software. You can load them on our appliances or on your preferred device.Our system can also be deployed on a virtualized platform, running VMware or XEN.We offer a separate SSL inspection appliance to perform IDS/IPS on encrypted traffic.And finally we have our Defense Center (DC) that provides:Command and Control of our sensors in your networkEvent management and correlationThe DC can be set up in a HA mode and layered into a Master DC for enterprise scale.All DCs have built-in data management functions to manage 100s of millions of events.
Our philosophy is to have an open architecture and open ecosystem.Our Next-Generation IPS is designed with open APIs to interact with all of the best-of-breed technologies that you have already deployed in the multiple areas.Openness provides you with realistic, deployment flexibility.
Sourcefire has been leading the IDS/IPS market in innovation….Starting with the industry’s de-facto standard engine – SNORTThe most powerful, flexible detectionAn intelligence-driven system that provides robust security while controlling costs associated with the deployment.If you’re serious about defending against today’s sophisticated attacks, a Next-Generation IPS is a must.Thank you for your time…..are there any questions?