Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.1
Security MattersNavigating the Hybrid World
John Ayers, Sr. Director of Product Management
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Managing Risk In Today’s Networking Environment
Theperimeterisevolving,increasingcomplexityandrisk.
Scarcityofin-housesecurityexpertisecompoundschallenges.
NetworkefficienthybridWANsandcloudservicedeploymentsincreaserisk.
2
Thecostsofsecurityisgrowingexponentially.
Employeesarethenewperimeter.
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
BranchOffice Campus
Data Center
RemoteOffice
Mobile
PoS
IoT
72%increase in the number of devices managed in the enterprise from 2014-2015
New World & New Perimeter.
61% of workers reporting working outside the office at least part time
BorderlessNetworks
ManywaysINmanywaysOUT
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Security Market Drivers§ ITresourcesarestrained
§ Staffs are too small, lack the expertise and/or are overburdened
§ Increaseinthevolume,variety,andcomplexityofthreatsofalltypes§ Attacks now using 5+ vectors
§ Securityproductsprawl§ Many companies report 15+ vendors in their network!
§ Distributionofworkforceandproliferationofdevices§ Workers connect as many as 5 device to the corporate LAN
*HIS2016
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Organizations are Losing Ground
5
It is hard to get a handle on security…
Spending is up Staffing challengesThe struggle is keeping up; it’s
difficult to get ahead
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Growing Cost of Cyber Crime
Source:HPPonemon Studyt”Feb.2015;Verizon2016BreachReport
Financialimpacthasincreasedbynearly40percentinathreeyearperiod
• Denialofservice(DoS)attacksaccountedfornearlyhalfofallsecurityincidents inthetechnologysector.
• Webappattackswereresponsibleforoverhalfofallbreacheswheredatawasstolen.
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Scarcity of Security Expertise Compounds these Challenges
“Meanwhile, I’mjusttryingtokeepussafe.”
“Managementwantsmetoreducebudget
andprovide predictableoperating expense.”
“Protectingtheenterpriseisharderand
morecomplex.”
“Ican’tfindorkeepgood
securitypeople.”
> 70 security vendors in my IT environment
Should I consider MSS?
0% Unemployment
The adversary is winning
IDC, Market Analysis Perspective: Worldwide Security Services, 2015— Breach Is aForegoneConclusion, Doc #259239, Sep2015
Insights from CISOs
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
The bad guys are getting better AND faster
Timetodiscoveranincident:~270daystodiscoveranincidenthadoccurred.Containmentprovedtobeaslowprocess,withnearlyhalf(48%)ofallincidents takingdaysor
longertocontain.
Source: Verizon2016DataBreachInvestigationsReport
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Risk Based Security
• Technicalandadministrativecontrolsthatareselectedonceanorganizationhasidentifiedthetruerisktotheirbusiness.
§ NGFW- Blocksaccesstoandfromsuspect IPaddresses.
§ WebFiltering– Deniesaccesstomaliciousorblockedwebsites.
§ ApplicationControl– Specificcontrolsbasedonfeatures ofapplications.Blocksattacksthataredesignedtoexploitholesintentionallyallowedthroughacorporatefirewall.
§ Authentication- enablescontrollednetworkaccessandappliesauthenticationtousersofsecuritypoliciesandVPNclients.
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Who is Attacking & Why?
10
• 89%ofbreacheshadafinancialorespionagemotive.• 63%ofconfirmedbreaches involvedleveragingweak,defaultor
stolenpasswords.• 30%ofphishingmessageswereopenedin2015;and12%of
targetsclickedonthemaliciousattachmentorlink.
Source: Verizon2016DataBreachInvestigationsReport
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
How are they doing it
• 35%ofbreaches- Malware§ 84%ofmalwarewasdirectinstall§ 95%ofmalwareevadedAnti-virus
• 12%emailattachments§ Downloadedthroughmaliciousemail§ Phishingattacks,Ransomware
• 63%bruteforceattacks• Confirmedbreaches involved
leveragingweak,defaultorstolenpasswords.
§ DoS
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
PREMISES-BASED SECURITY CHALLENGES NETWORK-BASED SECURITY SOLUTIONS
Unified Threat Management / Firewall
Router
Advanced Security Services
Retail
Remote Office
MobileEmployee
HQ
Data Center
Remote Office
Remote Office
PublicInternet
Internet Access
VPN
Today’s Customer Environment
Level 3®
MPLS/IP VPN
Remote Office Mobile
Employee
Data Center
Remote Office
Remote Office
HQ
Public Internet
Retail
Level 3® Enterprise Security Gateway
• Next-generation firewall
• Intrusion detection
• AV/AS
• Web content /URL filtering
• Application awareness and control
• Malware sandboxing
• Data loss protection
Secure Cellular Internet Access
Future Customer Environment
Organizations Must Evolve To Efficiently Manage Today’s Threats
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Concept of a Clean Pipe
13
The Fresh Water Analogy
Definition: examining and filtering network traffic before that traffic ever reaches the customers premises.
—Frost and Sullivan; “Secure Pipes: Changing The Expectation Of Your Internet Service Providers,” Frank Dickson, Jan. 2015
©2015Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Level 3 Enterprise Security Gateway – What is it?
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Who is Level 3?
15
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Our Solution:The new Level 3 Enterprise Security Gateway (ESG) is a network-based layer of protection against an increasingly complicated threat landscape delivered in the cloud. ESG combines a wide range of next-generation security technologies that help organizations stay ahead of threats.
Level 3 Value: Built on the proven foundation of network-based security, Level 3’s Enterprise Security Gateway delivers cost-effective, flexible and reliable protection wherever business happens — without sacrificing performance.
The Level 3 network acts as a sensor, you have the visibility and control you need to monitor, block and report attempts to break into your network.
16
Level 3 Enterprise Security Gateway
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Aflexible,securegatewayforyourprotectednetwork
17
Level 3 ® Enterprise Security Gateway Service
Network-based security solution offering next-generation firewall protection delivered in the cloud
• Broad security coverage across today’s distributed hybrid networks, data centers, cloud deployments, branches, remote offices and mobile workers
• Cost-effective, flexible and reliable protection wherever business happens — without sacrificing performance
• Optimize infrastructure with flexible, bandwidth- IP agnostic access methods: IPsec and GRE
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Summary
§ The threat landscape is evolving rapidly due to nation-state, organized crime, and cyber terrorism
§ Customers are building a network with multiple perimeters “Hybrid”
§ Hybrid World is here to stay adopt a robust Data encryption approach
§ Organizations must assume the “new normal” -- at least some parts of their networks have been compromised
§ Personal Information are an asset -- understand its value, location, and movement
§ Perform regular security evaluations, risk assessments, and awareness training for employees
§ Determine core competencies, perform functions that you do well, outsource others to trusted, skilled firms
§ Some security functions must be done in partnership with your service provider(s)
18
©2014Level3Communications,LLC.AllRightsReserved.Proprietary andConfidential.
Cloud Security Services ChecklistAre you reaping the benefits of managed security?
ActionableAlerts:Doyougetaccuratealertswithfewfalse positives?Areyouralertscustomizedtoyournetworkandbusiness?
Doyournotificationsdescribethesignificanceofalertsandhowtoreact?ThreatDetection:Doesyourserviceprovideroftendetectcriticalsecuritythreatsthatyouwerecompletelyunawareof?HasyourserviceprovidermodeledtheAPTskillchaintomoreaccuratelydetectIndicatorsofAttackandCompromise?Doesyourserviceproviderutilizeglobalthreatintelligenceforcorrelationandthreatdiscovery?DoesyourproviderincorporateadvancedtoolslikeNext-GenerationSIEM,UseCaseAnalytics,behavioranalysis,businesscontext,andpatterndiscoverytodetectandprioritizethreats?High-TouchSOCServices:AreyourSecurityAnalystsresponsiveandavailablewheneveryouneed them?Doesyourprovider’sSecurityOperationsCenter(SOC) teamproactivelyinvestigatesuspiciouseventsandnotoverlyrelyonsystem-generated alerts?DoesyourSOCteamtrulyunderstandyourlandscapeandactasanaddedmemberofyoursecurityteam?Areyouregularlyconsultedonnewthreats,alerttrendsandhowtobenefityoursecurityposture?CustomizedtoYourNeeds:DoesyourserviceprovidermaintainaRun-bookcustomizedtoyouruniqueenvironment,processes,andrules?Doesyourserviceprovidercreatecustomusecases,rules,andcontenttobenefityourspecifictechnologies,andenvironment?Doesyourserviceprovidercreatedashboardsandreportscustomizedtotheneedsofdifferentusers?AutoResponse:Doesyourserviceproviderallowforautomatingtheresponsetohigh-riskevents forbreachpreventiontoensurethreatsareaddressedinreal-time,24x7?Visibility:Doyouhavefullvisablity toyoursecurityeventsandtheabilitytoanalyzeandinvestigateeachevent?Doesyourserviceproviderprovideeasy-to-use dashboards,logsearch,andreportstovisualizeyoursecurityposture?FlexibleDeployment:Doesyourserviceproviderofferthechoiceofacloud-basedfirewallservices,managedon-premisefirewallservices,orhybriddeploymentmodels?