1 / 8

Security Technology Correlation

Security Technology Correlation. Proneet Biswas Sr. Security Architect iPolicy Networks pbiswas@ipolicynetworks.com 510-687-3152. Ray West Director Network Services John Brown University rtwest@jbu.edu 479-524-7188. Agenda. iPolicy Networks Decoding of blended Threats

mikel
Download Presentation

Security Technology Correlation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks pbiswas@ipolicynetworks.com 510-687-3152 Ray West Director Network Services John Brown University rtwest@jbu.edu 479-524-7188

  2. Agenda • iPolicy Networks • Decoding of blended Threats • Challenges of Point Solutions • Role of Integrated Security • Single Pass Architecture – Developing the correlation • John Brown University • Overview of Network Infrastructure • Security Upgrade Initiative • Key criteria in evaluation of solutions • Glimpse of network after deployment

  3. Blended Threats Communicate with Controlling Servers Exploit Multiple Vulnerabilities Upgrade through rogue sites Separate propagation and attack vectors

  4. Example • Lupii Worm • An infected system would communicate with its attacker over UDP port 7222. This communication could be used to launch a DoS attack or generate new update commands. • Exploit Web vulnerabilities on a set of systems it plans to infect and spread. • Attempt to connect to a rogue site like [http://62.101.193.244/xxxx/lupii] to upgrade itself and avoid detection attempts by IDS systems.

  5. Challenges for Point Solutions • Takes care of the threat in its current form, not future variants

  6. Role of Integrated Security - I • Sandbox the threat Attack Blended Threat Communicate Upgrade + = + • Firewall Rule: Block all communication UDP port 7222 • IDS Rule: Block all Web exploit patterns • URL Filtering Rule: Block all access to rogue site - http://62.101.193.244/xxxx/lupii X Integrated Security IDS/IPS Block Attack Firewall Block Communication URL Filtering Block Upgrade = + + X X

  7. Role of Integrated Security - II • Define policies which span across multiple technologies • Performance Impact of sequential processing – throughput and latency. • Introduce new Security technologies with negligible impact • Ease of Management

  8. Packets In Packets Out Single Pass Architecture

More Related