1 / 24

There’s no silver bullet…but there is a silver lining.

There’s no silver bullet…but there is a silver lining. Data Connector Calgary 2014. InfoSec Trends – Continuous Monitoring and Response. Challenges Information security doesn't have the continuous visibility it needs to detect advanced attacks

maxine
Download Presentation

There’s no silver bullet…but there is a silver lining.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. There’s no silver bullet…but there is a silver lining. Data Connector Calgary 2014

  2. InfoSec Trends – Continuous Monitoring and Response Challenges • Information security doesn't have the continuous visibility it needs to detect advanced attacks • Detective, preventive, response and predictive capabilities from vendors have been delivered in non-integrated silos, increasing costs and decreasing effectiveness Recommendations • Shift your security mindset from "incident response" to "continuous response” • Favor context-aware network, endpoint and application security protection platforms … • Architect for comprehensive, continuous monitoring at all layers of the IT stack… Source: Gartner, Inc. “Designing an Adaptive Security Architecture for Protection From Advanced Attacks”, February 2014, MacDonald, Firstbrook

  3. Continuous Monitoring & Mitigation Challenges Inadequate Visibility Transient Devices BYOD Devices Broken Managed Devices Inadequate Collaboration Detection-Mitigation Gap VA MDM Patch APT

  4. Impacts to the Enterprise + IT Risks + IT Costs Greater IT Costs Greater IT Security Risks $ Investigation Mitigation Rogue devices System breach Data leakage Compliance violation

  5. Desired State Real-time Visibility + Coordinated Controls Ticketing Switches Wireless SIEM Remediation MDM Vulnerability AAA Endpoint Security Systems Management

  6. Real-time Network Asset Intelligence Complete Situational Awareness

  7. Architecture for Real-Time Visibility

  8. Architecture for Real-Time Visibility Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols

  9. Architecture for Real-Time Visibility 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols

  10. Architecture for Real-Time Visibility 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus • WHO? • User • Name • Email • Title • Groups Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols • WHERE? • Controller IP • SSID • VLAN 3) Leverage your infrastructure (SNMP reads, LDAP, switches, wireless, VPN. etc.)

  11. Architecture for Real-Time Visibility... and Control • Control at Device: • Alert the End User • Auto-Remediate 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus • WHO? • User • Name • Email • Title • Groups • Control w/Traffic • HTTP Guest Registration • HTTP Alerting • IPS • Virtual Firewall Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols • Control w/Architecture • Dynamic ACL (SSH or Telnet) • VLAN Change (SNMP Write) • Shut off a port (SNMP Write) • Push information to SIEM • WHERE? • Controller IP • SSID • VLAN 3) Leverage your infrastructure (SNMP reads, LDAP, switches, wireless, VPN. etc.)

  12. Taking Visibility and Control to the Next Level User Behavior User Information Applications Operating Systems Device / Peripherals Physical Layer

  13. Information Exchange and Response Automation ASSET MANAGEMENT Security Gateway GRC RISKMANAGEMENT NETWORK OPERATIONS Intelligence Exchange AAA SIEM Continuous Monitoringand Mitigation NGFW / VPN VA/DLP Next-Gen NAC System Management MDM / MAM Host Controls

  14. Use Case Example: Threat Management Is it authorized? Is it breached? • Quarantine • Remediate • Investigate Next-GenNAC Is it attacking?

  15. Continuous Monitoring and Mitigation Continuous Visibility Endpoint Mitigation Endpoint Authentication & Inspection Next-Gen Network Access Control Network Enforcement Information Integration

  16. SIEM Interoperability CFI Alert ForeScout App for Splunk

  17. Vulnerability Assessment Interoperability

  18. MDM Interoperability

  19. Advanced Threat Detection Interoperability

  20. The Players…. *Magic Quadrant for Network Access Control, December 2013, Gartner Inc. **NAC Competitive LandscapeApril 2013, Frost & Sullivan **Frost & Sullivan 2013 report NC91-74, Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Chard base year 2012. *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Garnter, Inc. "Magic Quadrant for Network Access Control," Report G00249599, December 12, 2013, Lawrence Orans.

  21. NAC features to look for Fast and easy to deploy Agentless andnon-disruptive Scalable, no re-architecting

  22. NAC features to look for Fast and easy to deploy Infrastructure Agnostic Works with mixed, legacy environment Agentless andnon-disruptive Avoid vendor lock-in Scalable, no re-architecting

  23. NAC features to look for Fast and easy to deploy Infrastructure Agnostic Flexible and Customizable Optimized for diversity and BYOD Works with mixed, legacy environment Agentless andnon-disruptive Supports openintegration standards Avoid vendor lock-in Scalable, no re-architecting

  24. Pervasive Network Security an IT Game Changer Pervasive Network Security

More Related