1 / 21

Next Generation Network Security

Next Generation Network Security. Andrew Hoerner, Director, Product Marketing. Recent Customer Conversations…. “…Upgrading the data center…” “… Consumerization of IT…” “…Targeted attacks & Advanced Persistent Threats…” “…Visibility & control of applications…” “…Need more accurate IPS/IDS…”

tim
Download Presentation

Next Generation Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next Generation Network Security Andrew Hoerner, Director, Product Marketing

  2. Recent Customer Conversations… “…Upgrading the data center…” “…Consumerization of IT…” “…Targeted attacks & Advanced Persistent Threats…” “…Visibility & control of applications…” “…Need more accurate IPS/IDS…” “…Guest & contractor access…” “…My firewall is EOL…” “…Security shouldn’t be the brakes…” “Borderless network… Effectively extend trust boundaries? “100’s of new applications…See & control use?” “Advanced Threats (APTs, Botnets, Insider Risk)… Best practice prevention?” “Data center project… Improve protection…Consolidate vendors?”

  3. Network Security Isn’t Adapting to Change Symptoms Incident costs increasing Data center security under-performing Advanced Persistent Threats a concern Security policy hard to enforce Excessive IDS/IPS alerts Firewall rules hinder change management Frequent refresh of security hardware P P P P P P P

  4. Changes Create Pressure Points, Complications Create Risk Projects Impacting Network Complications Outsource Hosting Virtualization Mobile Web SaaS Targeted and Advanced Persistent Threats (APTs) 200% 15% 32% 30% 49% (Reduce CapEx) (Better Quality) (Improve Productivity) (Reduce OpEx) (Agility) Consumerizationof IT Severe Economic Constraints

  5. Evolving Threats Active Layered Attack: exploit targeted vulnerability Scan/Exploit- Server/vulnerability “OutsideAttacker Initiated” • Infect , • C&C Upgrade • Propagate • Propagate • Propagate • Propagate Passive Layered Attack: exploit via drive-by-download Download “Insider Initiated” • Exploit, Infect • Data leak • C & C execute • Propagate • Propagate • Propagate • Propagate Social Engineering: follow link to malicious site “InsiderInitiated” SPAM, Search, Social Network, etc. Download 5

  6. Anatomy of an attack

  7. Anatomy of an attack Date: Tue, 10 Dec 2008 06:58:13 -0700 (PDT) From: John Doe <john.q.googdguy@yahoo.com> To: employee.name@companyname.com Subject: 7th Annual U.S. Defense Conference 7th Annual U.S. Defense Conference 1-2 Jan 2009 Ronald Reagan Building and International Trade Center Washington, DC Download 2009 Conference Preliminary Program (PDF) http://conferences.satellite-stuff.net/events/MDA_Prelim_09.zip Download 2009 Conference Registration Form (PDF) http://conferences.satellite-stuff.net/events/MDA09_reg_form.zip Contact: John Doe Contractor Information Systems (703) 555-1234 john.doe@yahoo.com

  8. Conventional Approach to Network Security Ticket Oriented Resolution Protection Focused on Identifying Attack Packets How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire Configuration Focused on Features Multi-Vendor Strategies 1011011000100101110101 11100010101 How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’d products.

  9. The Maturity Model of Enterprise Security REACTIVE COMPLIANT/PROACTIVE OPTIMIZED (~3% of IT Budget on Security) (~8% of IT Budget on Security) (~4% of IT Budget on Security) TCO Security Posture SECURITY OPTIMIZATION

  10. RISK OPTIMIZATION Optimized Network Security Adapts to Change REACTIVE & MANUAL Tools Based Applying tools and technologies to assist people in reacting faster Point products for System, network and data COMPLIANT PROACTIVE OPTIMIZED Optimized spend ~4% Very low risk • Multi-layered, correlated solutions • Predictive threat protection • Policy-based control • Proactive management • Extensible architecture • Automated compliance • Integrated tools • IPS (threats) • SI/EM (events) • Automatic updates • Automated firewall rule mgmt • Centralized consoles/mgmt • Streamlined compliance reports • Point products • IDS (compliance) • SI/EM (logs) • Structured firewall rule management • Standard configurations • Distributed consoles/mgmt • Tedious audit preparation • Reactive tools • Firewalls • Log analysis • Trouble tickets • Ineffective change control • Ad hoc firewall rules • Audit findings DYNAMIC Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for response Compliant/Proactive spend ~8% of IT budget on security Medium risk McAfee ePO integrated products, plus GRC and GTI REACTIVE and Manual People only. No tools or processes. “Putting out fires” Reactive spend ~3% of IT budget on securityHigh risk Why has it been so challenging to reduce risk? 10 10

  11. New Requirements for Optimized Network Security Ticket Oriented Resolution Proactive Management Protection Focused on Identifying Attack Packets Predictive Threat Protection Turn days of process into clicks Characterize future threats today Configuration Focused on Features Policy-Based Control Multi-Vendor Strategies Extensible Architecture Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities

  12. Protecting Critical Data Center from ZeuS Malware Predictive Threat Protection with IPS + GTI Malware infects websites Malware infects, McAfee Labs IDs, updates website reputations… Malware hits network …Threat dissected, analyzed… Wait on signature …Predictive action stops threat Apply signature, update signature Future variants covered Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Protection meets (and beats) hacker’s timelines, reduces alerts

  13. Controlling Google Calendar Use Before a Merger Policy-Based Control with Next Gen Firewall Identify M&A team User directory auto-imports groups… Profiler sees similar rule. 1 click to add. Avoid duplicate Map users to network address Create new rule (duplicate?) Hours or days to review, deploy Weeks to review, test, deploy. Repeat? New M&A members automatically added Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: No need to map network topology to user, protects critical data

  14. Blocking Bot Command and Control Traffic Proactive Management in Action See Bot activity on network Right click to get details from management console Right click to scan and patch Hours: open ticket w/ system team Days: open ticket to plan outage/upgrade Visual view of traffic and connections Weeks: detailed review of network events Have a second cup of coffee Not Optimized High Effort, High Risk When Optimized Low Effort, Low Risk Benefit: Eliminates days and weeks of effort while improving time to resolution

  15. McAfee: Optimized Network Security Solutions GLOBAL THREAT INTELLIGENCE RiskAdvisor Web NDLP Email ePO NAC Firewall IPS NBA SIA Network IPS: Top selling, best performing Firewall: Most secure, new next gen features NAC: integrated with IPS NBA: cost-effective network visibility NDLP: more important than ever

  16. What It Takes to Make An Organization SafeGlobal Threat Intelligence Threat Reputation Network Activity Geo-location Ports / Protocol Application Web Reputation File Reputation Affiliations Geo Location Feeds 300M IPS Attacks/Mo. 20B Message Reputation Queries/Mo. 2.5B Malware Reputation Queries/Mo. 300M IPS Attacks/Mo. 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. Domain IP Address URL Data Activity Sender Reputation Network IPS Web Activity DNS Server Web Gateway Mail Gateway GTI Firewall Host AV 3rd Party Feed Host IPS Mail Activity Email Address .

  17. Optimized = Lower Total Cost of Ownership Full Forrester TEI report based on McAfee customer data available here.

  18. Optimized Network Security: Solves Root Issues, Symptoms Disappear Results Incident costs decreasing Data center security outperfoms @ lower cost Advanced Persistent Threat protection Policy in business terms, easy to enforce IPS alerts minimized, staff re-allocated Firewall rules streamline change management Long life reduces CapEx for security hardware P P P P P P P

  19. While We’ve Been Chatting… Eliminated 64 trouble tickets and 8 critical escalations for our customers 69,000 attacks were stopped by McAfee IPS across all our customers Our global sensor grid characterized 229 unique pieces of malicious or unknown code, based on: 570,000 file reputation queries 460,000 IP reputation queries

  20. Thank you for your time Questions? Email andrew_hoerner@mcafee.com More info at: www.mcafee.com/networkdefense

  21. 21

More Related