1 / 28

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14. Agenda. Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 t hings your next generation security must do Closing & Questions.

bin
Download Presentation

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “Next Generation Security”ISACA June Training SeminarPhilip Hurlston6/20/14

  2. Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

  3. Today’s Threat Landscape Organized Attackers Remediation is broken Must prevent attacks across perimeter, cloud and mobile Increasing Volume Limited correlation across disjointed security technologies. Limited security expertise Sophisticated CSO challenges

  4. SaaS - Apps are moving off the network

  5. CLOUD + VIRTUALIZATIONServers are moving to private and public clouds Verizon Cloud BETA

  6. ENCRYPTIONTraffic is increasingly being encrypted Over 27% of applications can use SSL encryption Which represents nearly 25% of enterprise bandwidth

  7. MOBILITYUsers are moving off the network Over 300 new malicious Android APKs discovered per week by our Threat Research Team

  8. COMMODIZATION OF THREATS Advanced tools available to all Sophisticated & multi-threaded Changing application environment SSL encryption Zero-day exploits/Vulnerabilities Unknown & polymorphic malware Lateral movement Clear-text Evasive command-and-control Enterprise risk Limited or known protocols Known threats Known malware & exploits Known vulnerabilities Known command-and-control BEFORE TODAY’S APT

  9. Tectonic Shifts Create the Perfect Storm ENCRYPTION SOCIAL + CONSUMERIZATION SaaS CLOUD + VIRTUALIZATION MOBILITY + BYOD Massive opportunityfor cyber attackers COMMODIZATION OF THREATS

  10. Target data breach – APTs in action Compromised internal server to collect customer data Exfiltrated data C&C servers over FTP Moved laterally & installed POS Malware Recon on companies Target works with Spear phishing third-party HVAC contractor Breached Target with stolen payment credentials Maintain access

  11. Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

  12. Definition of a Next Generation Firewall(NGFW) From the Gartner IT Glossary, a NGFW is a: Deep-packet inspection firewall, Moves beyond port/protocol inspection and blocking, Adds application-level inspection, Adds intrusion prevention, and Brings intelligence from outside the firewall.

  13. Definition of a Next Generation Firewall(NGFW) Should not be confused with: A stand-alone network intrusion prevention system (IPS), which includes a commodity or non-enterprise firewall, or Afirewall and IPS in the same appliance that are not closely integrated.

  14. Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

  15. 20 Years of Security Technology Sprawl • Ports and IP addresses aren’t reliable anymore • More stuff has become the problem • Too many policies, limited integration • Lacks context across individual products URL AV IPS DLP Internet Sandbox Enterprise Network Proxy UTM

  16. Sample of a True Next Generation Architecture Single Pass Identifies applications User/group mapping Threats, viruses, URLs, confidential data One policy to manage Correlates all security information to Apps and Users

  17. Next Generation vs. Legacy Firewalls Legacy Firewalls App-ID Firewall Rule: ALLOW SMTP Firewall Rule: ALLOW Port 25 ✔ ✔ SMTP SMTP SMTP SMTP ✗ ✔ Bittorrent Bittorrent Bittorrent Firewall Firewall Allow SMTP=SMTP: Allow Packet on Port 25: Deny Bittorrent≠SMTP: Allow Packet on Port 25: Visibility: Bittorrent detected and blocked Visibility: Port 25 allowed

  18. Next Generation vs. Legacy Firewall + App IPS Legacy Firewalls App-ID Firewall Rule: ALLOW SMTP Firewall Rule: ALLOW Port 25 App IPS Application IPS Rule: Block Bittorrent ✔ ✔ ✔ SMTP SMTP SMTP SMTP SMTP ✗ ✔ ✗ Bittorrent Bittorrent Bittorrent Firewall Firewall Allow SMTP=SMTP: Allow Packet on Port 25: Deny Bittorrent ≠ SMTP: Deny Bittorrent: Visibility: Bittorrent detected and blocked Visibility: Bittorrent detected and blocked

  19. Next Generation vs. Legacy Firewall + App IPS Legacy Firewalls App-ID Firewall Rule: ALLOW SMTP Firewall Rule: ALLOW Port 25 Application IPS Rule: Block Bittorrent App IPS ✔ ✔ ✔ SMTP SMTP SMTP SMTP SMTP ✔ ✗ ✗ Bittorrent Bittorrent Bittorrent Firewall Firewall ✔ SSH, Skype, Ultrasurf SSH, Skype, Ultrasurf SSH, Skype, Ultrasurf SSH, Skype, Ultrasurf ✗ ✔ Allow SMTP=SMTP: Allow Packet on Port 25: Deny Skype≠SMTP: Allow Packet ≠ Bittorrent: Deny SSH≠SMTP: Ultrasurf≠SMTP: Visibility: Packets on Port 25 allowed Deny Visibility: each app detected and blocked

  20. Next Generation vs. Legacy Firewall + App IPS Legacy Firewalls App-ID Firewall Rule: ALLOW SMTP Firewall Rule: ALLOW Port 25 Application IPS Rule: Block Bittorrent App IPS ✔ ✔ ✔ SMTP SMTP SMTP SMTP SMTP ✔ ✗ ✗ Bittorrent Bittorrent Bittorrent Firewall Firewall ✔ ✗ ✔ C & C C & C C & C C & C Allow SMTP=SMTP: Allow Packet on Port 25: Deny Command & Control ≠ SMTP: Allow C & C ≠ Bittorrent: Visibility: Unknown traffic detected and blocked Visibility: Packet on Port 25 allowed

  21. Next Generation Closes the Loop for Threats ScanALL applications, including SSL – Reduces attack surface, and Provides context for forensics Prevent attacks across ALL attack vectors – Exploits, Malwares, DNS, Command & Control, and URLs Detect zero day malware – Turn unknown into known, and update the firewall

  22. Sandboxing for Turning Unknown into Known

  23. Security Context from Next Generation • Policies: • Allowing 10.1.2.4 to 148.62.45.6 on port 80  does not provide context. • Allowing Sales Users on Corporate LAN to access Salesforce.com but look for threats and malware inside the decrypted SSL tunnel, and easily seeing you have done so  is context. • Threats: • Seeing you had 10 tunneling apps, 15 IPS hits, and 4 visits to malware sites  no context. • Seeing Dave Smith visited a malware site, downloaded 0-day Malware, and his device is visiting other known malware sites, and using tunneling appsthat is context.

  24. Next Generation and the Attack Kill-chain Attack kill-chain BREACH PERIMETER DELIVER MALWARE ENDPOINT OPERATIONS EXFILTRATE DATA Initial compromise Deliver malware and communicate with attacker Move laterally and infect additional hosts Steal intellectual property Prevent attacks by stopping one step in the kill-chain

  25. Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

  26. 20 Things Your Next Gen Security Must Do Control applications and components regardless of Port or IP Identify users regardless of IP address Protect real-time against threats and exploits Identify Circumventors (Tor, Ultrasurf, proxy, anonymizers) Decrypt SSL Traffic Packet shape traffic to Prioritize Critical Applications or De-Prioritize Unproductive applications Visualize Application Traffic Block Zero Day Malware, Botnets, C&C and APT’s Block Peer-to-Peer Manage Bandwidth for a group of Users

  27. 20 Things Your Next Gen Security Must Do 11. Prevent or Monitor Data Leakage 12. Single Pass Inspection 13. Same security at mobile end-point 14. Central management console with relay logs & events 15. Policy for unknown traffic 16. Be cost effective by combining multiple functionalities 17. Deliver protection today, tomorrow, and in the future by being firmware upgradeable 18. Interface with other end-point solutions to have a consistent protection 19. Sinkhole DNS capabilities 20. Block base on URL

  28. Agenda Today’s threat landscape is next generation Definition of Next Generation Security What really makes it different 20 things your next generation security must do Closing & Questions

More Related