Skybox customer presentation(20160601)

  • View
    66

  • Download
    0

Embed Size (px)

Text of Skybox customer presentation(20160601)

  • TMTM

    -Skybox-Overview

    June 2016

  • TMTM

    2

    (attack surface).

    97%*

    *Verizon Data Breech Investigation Report

  • TMTM

    (attack surface)

    3

    SECURITY CONTROLS

    FirewallsIPSVPNs

    NETWORK TOPOLOGY

    RoutersLoad BalancersSwitches

    ASSETS

    ServersWorkstationsNetworks

    VULNERABILITIES

    LocationCriticality

    THREATS

    HackersInsidersWorms

    Check Point

  • TMTM

    TechnologyEnergy &Utilities HealthcareGovernment &

    DefenseService

    ProvidersFinancialServices Consumer

    6

    Compliance

    ,

  • TMTM

    Skybox

    7

    Automatically created, interactive, normalized model of your network

    192.170.33.1Prod FW

    192.169.1.1Main FW

    200.160.1.3Partner 1 FW

    200.160.3.0 / 24Partner 1 VPN

    192.170.1.65Finance FW

    192.170.1.64IPS

    192.170.8.1Main Router

    192.170.8.4Core Router

    192.170.27.1Core Router

    192.170.27.254BigIP Load Balancer

    200.160.1.0 / 24Partner 1

    0.0.0.0 / 0Internet

    200.160.2.0 / 24Partner 2

    192.170.34.0 / 24db

    192.170.33.0 / 24

    dmz 192.170.35.0 / 24

    app0 192.170.36.0 / 24

    app1

    192.170.8.0 / 24Backbone

    192.169.1.0 / 28GatewayEastA

    192.170.1.64 / 28

    GatewayNorth

    192.170.1.80 / 28

    GatewaySouth

    192.170.25.0 / 24

    financeWindows

    192.170.27.0 / 24

    financeServers

    192.170.26.0 / 24

    financeUnix

  • TMTM

    90

    8

    PCI DSS 3.0

    FISMA

    NERC

    NIST

    Compliance

    Compliance

  • TMTM

    &

    9

    &

  • TMTM

    &

    Skybox

    10

    90

  • TMTM

    11

  • TMTM

    192.170.33.1Prod FW

    192.169.1.1Main FW

    200.160.1.3Partner 1 FW

    200.160.3.0 / 24Partner 1 VPN

    192.170.1.65Finance FW

    192.170.1.64IPS

    192.170.8.1Main Router

    192.170.8.4Core Router

    192.170.27.1Core Router

    192.170.27.254BigIP Load Balancer

    200.160.1.0 / 24Partner 1

    0.0.0.0 / 0Internet

    200.160.2.0 / 24Partner 2

    192.170.34.0 / 24db

    192.170.33.0 / 24

    dmz 192.170.35.0 / 24

    app0 192.170.36.0 / 24

    app1

    192.170.8.0 / 24Backbone

    192.169.1.0 / 28GatewayEastA

    192.170.1.64 / 28

    GatewayNorth

    192.170.1.80 / 28

    GatewaySouth

    192.170.25.0 / 24

    financeWindows

    192.170.27.0 / 24

    financeServers

    192.170.26.0 / 24

    financeUnix

    Skybox

    12

    Compliance

    &

    &

  • TMTM

    13

  • TMTM

    No Agent

    API

    , ,

    14

    Open Integrated Flexible

  • TMTM

    15

    3rd Partye.g. Helpdesk,

    Dashboard

    HTTPSSkybox Certification Engine

    FA, NA, VC, TM

    Web Services / Files Exch

    CMHTTPS

    Java Swing GWT/ GXTGUI Client

    (Windows, Linux)

    Browser Web Client

    (IE, FF, Chrome)

    HTTPS

    Reporting Engine Inetsoft

    J2EE: Jboss

    MySQL Database

    J2EE: Jboss Perl Script

    iXML

    Client

    Server

    Collector

  • TMTM

    16

  • TMTM

    ,

    -

    17

  • TMTM

    , ,

    / Zone, , NAT, VPN

    , , IPS,

    18

  • TMTM

    Access Analyzer

    NAT

    (ACL)VPN

    19

    Access Analyzer :

  • TMTM 20

    Resellers

    Europe

    US

    LosAngeles

    Paris

    London

    NewYork

    Development

    Finance Servers

    Partners

    DMZ

    Internet / External

    Only port 80

    Only ports 80, 8080, 443, 22

    No Access

    Firewall AssuranceZone-to-Zone Compliance

  • TMTM

    Firewall Assurance Compliance

    PCI DSS, NIST, FISMA, NERC,

    21

    Compliance

  • TMTM

    Network Assurance

    22

    , , zone (ACLs) , NAT, VPN

    ()

  • TMTM

    Change Manager

    23

  • TMTM 24

    Skybox

    Translate

    /

    Change Manager

  • TMTM 25

    NAT Security Gaps

    end-to-end NAT

    / end-to-end

    Change Manager

    Change Manager end-to-end

  • TMTM

    Rule, IP, object service deprovision.

    Deprovision

    provisioning.

    26

    ?

    ?

    ?

    Change Manager

  • TMTM

    Vulnerability ControlSkybox &

    27

    Skybox 20

    1,800 50,000

    , , IPS signatures, , ()

    CVE, CVSS v2

    ADVISORIES SCANNERS IPS OTHERCisco PSIRTMicrosoft Security BulletinOracleRedHat

    eEye RetinaIBM ScannerIMcAfeeFoundstone

    Qualys GuardRapid7 NexsposeTenable NessusTripwire nCircle

    Fortinet FortiGateHP TippingPointIBM Proventia

    McAfee IPSPalo Alto NetworksCisco Sourcefire

    CERTMitre CVENISTs NVD

    Rapid7 MetasploitSecuniaSymantec Security FocusSymantec Worms

    CVE

  • TMTM 28

    Skybox

    (, IPS signatures)

    Vulnerability Control

  • TMTM

    Vulnerability Control

    Skybox

    29

    How do we prioritize for remediation?

    ?

    ?

    ?

  • TMTM 30

    /

    (CPE)OS &

    Skybox

    (CVE)

    Skybox task

    Vulnerability Control

  • TMTM 31

    1

    2

    Microsoft Daily Sync

    Non-Microsoft

    Use rule-driven approach for translating product banners into standard CPE format

    Example:Microsoft Corporation | Microsoft SQL Server 2005 (64bit) | 9.4.5000.00cpe:2.3:a:microsoft:sql_server::2005:sp4:::::x64:CVE-xxxx-xxxx

    Microsoft

    ,

    Hosts

    Vulnerability Control

  • TMTM 32

    CVE 2014-0160

    CVE 2014-0515

    CVE 2014-1776

    Vulnerability Control

  • TMTM 33

    ?

    .

    (zone)

    multi-step .

    Vulnerability Control -

  • TMTM

    Vulnerability Control

    34

  • TMTM

    Appliance

    Server class, Intel Based, 1U server

    Manufactured by Patriot

    OS CentOS (Linux)

    Software Skybox Server software Skybox Administration Web UI

    (Apache, jQuery, Python)

    35

    2 models 5500: 32 GB RAM, 8 threads CPU 6000: 128 GB RAM, 16 threads CPU

    Virtual appliance Similar software as VMWare VM

  • TMTM

    36

  • TMTM

    Compliance

    37

    (G-ISMS)

    G-ISMS

    Firewall Assurance, Network Assurance, Risk Control

    G-ISMS

    G-ISMS

    CHALLENGE XX

    SKYBOX SOLUTION

  • TMTM

    38

    Firewall Assurance & Network Assurance

    SKYBOX SOLUTION

    CHALLENGE KOSCOM

  • TMTM

    39

    SCADA

    ()

    Firewall Assurance, Network Assurance, Risk Control

    SCADA

    Attack Explorer

    CHALLENGE

    SKYBOX SOLUTION

  • TMTM

    40

    Network Assurance & Risk Control

    1

    CHALLENGE BARCLAYS

    26 46

    10

    SKYBOX SOLUTION

  • TMTM

    41

    ()

    Firewall Assurance, Network Assurance, Risk Control Network Map

    ,

    CHALLENGE

    SKYBOX SOLUTION

  • TMTM

    42

    TechnologyEnergy &Utilities HealthcareGovernment &

    DefenseService

    ProvidersFinancialServices Consumer

  • Thank you

    010-7147-6028