View
220
Download
3
Category
Tags:
Preview:
Citation preview
Next Generation Network Security
Andrew Hoerner, Director, Product Marketing
Confidential McAfee Internal Use Only
“Borderless network… Effectively extend trust
boundaries?
“100’s of new applications…
See & control use?”
“Data center project…Improve protection…
Consolidate vendors?”
“Advanced Threats (APTs, Botnets, Insider Risk)… Best practice prevention?”
Recent Customer Conversations…
“…Upgrading the data center…”
“…Consumerization of IT…”
“…Targeted attacks & Advanced Persistent Threats…”
“…Visibility & control of applications…”
“…Need more accurate IPS/IDS…”
“…Guest & contractor access…”
“…My firewall is EOL…”
“…Security shouldn’t be the brakes…”
Confidential McAfee Internal Use Only
Network Security Isn’t Adapting to Change
PPPPPPP
Symptoms
Incident costs increasing
Data center security under-performing
Advanced Persistent Threats a concern
Security policy hard to enforce
Excessive IDS/IPS alerts
Firewall rules hinder change management
Frequent refresh of security hardware
Confidential McAfee Internal Use Only
Changes Create Pressure Points, Complications Create Risk
SaaS
(Agility)
15% 32%
Outsource
(Reduce CapEx)
Virtualization
(Reduce OpEx)
30% 49%
Hosting
(Better Quality)
Mobile Web
(Improve Productivity)
200%
Projects Impacting Network Complications
Targeted and Advanced Persistent
Threats (APTs)
Consumerizationof IT
Severe Economic Constraints
Confidential McAfee Internal Use Only5
Evolving Threats
Passive Layered Attack: exploit via drive-by-download
• Exploit, Infect• Data leak• C & C execute• Propagate
Propagate Propagate Propagate
“Insider Initiated”
Download
Download
SPAM, Search, Social Network, etc.
Social Engineering: follow link to malicious site
“InsiderInitiated”
Active Layered Attack: exploit targeted vulnerability
Scan/Exploit- Server/vulnerability
• Infect , • C&C Upgrade• Propagate
Propagate Propagate Propagate
“OutsideAttacker Initiated”
Confidential McAfee Internal Use Only
Anatomy of an attack
6
Confidential McAfee Internal Use Only
Anatomy of an attack
Date: Tue, 10 Dec 2008 06:58:13 -0700 (PDT)
From: John Doe <john.q.googdguy@yahoo.com>
To: employee.name@companyname.com
Subject: 7th Annual U.S. Defense Conference
7th Annual U.S. Defense Conference
1-2 Jan 2009
Ronald Reagan Building and International Trade Center
Washington, DC
Download 2009 Conference Preliminary Program (PDF)
http://conferences.satellite-stuff.net/events/MDA_Prelim_09.zip
Download 2009 Conference Registration Form (PDF)
http://conferences.satellite-stuff.net/events/MDA09_reg_form.zip
Contact: John Doe
Contractor Information Systems
(703) 555-1234
john.doe@yahoo.com7
Confidential McAfee Internal Use Only
Conventional Approach to Network Security
Ticket Oriented Resolution Protection Focused on Identifying Attack Packets
Configuration Focused on Features Multi-Vendor Strategies
How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire
How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’d products.
101101100010010111010111100010101
Confidential McAfee Internal Use Only
The Maturity Model of Enterprise Security
SECURITY OPTIMIZATION
OPTIMIZED(~4% of IT Budget on Security)
REACTIVE(~3% of IT Budget on Security)
COMPLIANT/PROACTIVE(~8% of IT Budget on Security)
TCO
Security Posture
Confidential McAfee Internal Use Only
Optimized Network Security Adapts to Change
10
RISK
OPTIMIZATION
Optimized spend ~4%
Very low risk
Compliant/Proactive spend ~8% of IT
budget on security
Medium risk
Reactive spend ~3% of IT
budget on security
High risk
Why has it been so challenging to reduce risk?10
DYNAMICPredictive and agile, the enterprise instantiates
policy, illuminates events and helps the operators find, fix and target for
response
Tools BasedApplying tools and
technologies to assist people in reacting faster
REACTIVE and ManualPeople only. No tools or
processes. “Putting out fires”
McAfee ePO integrated products, plus GRC and GTI
Point products for System, network
and data
• Reactive tools
• Firewalls
• Log analysis
• Trouble tickets
• Ineffective change control
• Ad hoc firewall rules
• Audit findings
REACTIVE & MANUAL
• Point products
• IDS (compliance)
• SI/EM (logs)
• Structured firewall rule management
• Standard configurations
• Distributed consoles/mgmt
• Tedious audit preparation
COMPLIANT
• Integrated tools
• IPS (threats)
• SI/EM (events)
• Automatic updates
• Automated firewall rule mgmt
• Centralized consoles/mgmt
• Streamlined compliance reports
PROACTIVE
• Multi-layered, correlated solutions
• Predictive threat protection
• Policy-based control
• Proactive management
• Extensible architecture
• Automated compliance
OPTIMIZED
Confidential McAfee Internal Use Only
New Requirements for Optimized Network Security
Ticket Oriented Resolution Protection Focused on Identifying Attack Packets
Configuration Focused on Features Multi-Vendor Strategies
Turn days of process into clicks Characterize future threats today
Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities
Proactive Management Predictive Threat Protection
Policy-Based Control Extensible Architecture
Confidential McAfee Internal Use Only
When OptimizedLow Effort, Low Risk
Not OptimizedHigh Effort, High Risk
Protecting Critical Data Center from ZeuS Malware
Malware infects, McAfee Labs IDs, updates website reputations…
…Threat dissected, analyzed…
…Predictive action stops threat
Malware infects websites
Malware hits network
Wait on signature
Apply signature, update signature
Future variants covered
Benefit: Protection meets (and beats) hacker’s timelines, reduces alerts
Predictive Threat Protection with IPS + GTI
Confidential McAfee Internal Use Only
Controlling Google Calendar Use Before a Merger
User directory auto-imports groups…
Profiler sees similar rule. 1 click to add. Avoid duplicate
Hours or days to review, deploy
Identify M&A team
Map users to network address
Create new rule (duplicate?)
Weeks to review, test, deploy. Repeat?
New M&A members automatically added
Benefit: No need to map network topology to user, protects critical data
Policy-Based Control with Next Gen Firewall
When OptimizedLow Effort, Low Risk
Not OptimizedHigh Effort, High Risk
Confidential McAfee Internal Use Only
Blocking Bot Command and Control Traffic
Right click to get details from management console
Right click to scan and patch
Visual view of traffic and connections
See Bot activity on network
Hours: open ticket w/ system team
Days: open ticket to plan outage/upgrade
Weeks: detailed review of network events
Have a second cup of coffee
Benefit: Eliminates days and weeks of effort while improving time to resolution
Proactive Management in Action
When OptimizedLow Effort, Low Risk
Not OptimizedHigh Effort, High Risk
Confidential McAfee Internal Use Only
McAfee: Optimized Network Security Solutions
GLOBALTHREAT
INTELLIGENCE
ePO
NBA
Web
IPS SIA
NDLPRisk
Advisor Email
Firewall NAC
Network IPS: Top selling, best performing
Firewall: Most secure, new next gen features
NAC: integrated with IPS
NBA: cost-effective network visibility
NDLP: more important than ever
Confidential McAfee Internal Use Only
What It Takes to Make An Organization SafeGlobal Threat Intelligence
.
Emai
l Add
ress
Mai
l Act
ivity
UR
L
Send
er R
eput
atio
n
Threat Reputation
Network IPS Firewall
Web Gateway Host AV
Mail Gateway Host IPS 3rd Party
Feed
300M IPS Attacks/Mo.
300M IPS Attacks/Mo.
2B Botnet C&C IP
Reputation Queries/Mo.
20B Message Reputation
Queries/Mo.
2.5B Malware Reputation
Queries/Mo.
300M IPS Attacks/Mo.
Geo Location Feeds
GTI
Confidential McAfee Internal Use Only
Optimized = Lower Total Cost of Ownership
Summary of Financial Results Risk-Adjusted
Return on Investment (ROI) 142%
Payback Period Within 5 Months
Total Costs (Present Value) ($244,659)
Total Cost Savings and Benefits (PV)
$593,276
Total (Net Present Value)
$348,617
Full Forrester TEI report based on McAfee customer data available here.
Confidential McAfee Internal Use Only
Optimized Network Security: Solves Root Issues, Symptoms Disappear
PPPPPPP
Results
Incident costs decreasing
Data center security outperfoms @ lower cost
Advanced Persistent Threat protection
Policy in business terms, easy to enforce
IPS alerts minimized, staff re-allocated
Firewall rules streamline change management
Long life reduces CapEx for security hardware
Confidential McAfee Internal Use Only
While We’ve Been Chatting…
Our global sensor grid characterized 229 unique pieces of malicious or unknown code, based on:
570,000 file reputation queries
460,000 IP reputation queries
69,000 attacks were stopped by McAfee IPS across all our customers
Eliminated 64 trouble tickets and 8 critical escalations for our customers
Confidential McAfee Internal Use Only
Thank you for your time
20
Questions?
Email andrew_hoerner@mcafee.com
More info at:
www.mcafee.com/networkdefense
Confidential McAfee Internal Use Only21
Recommended