Scalar Security Roadshow - Calgary Presentation

1

Scalar Security Roadshow

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 2

Purpose of today’s session:

Provide insights on how Scalar and our partners address today’s complex security challenges

Gartner report highlights

3

• Security spend as % of IT budgets increased

• Strong correlation between Security budget and maturity

• Emphasis on network, applications and endpoint

• Insufficient investment in people and process

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 10, 2023

Scalar – brief overview

4© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 10, 2023


10 Years


16590180


100%Vancouver Calgary

Toronto

Ottawa

London

Montreal


54%


#51#1#1

5

ICT Security Company

Top 250 ICT Companies


An integrator of emerging technologies.


Top tier technical talent.

• Engineers average 15 years of experience

• World-class experts from some of the leading organizations in the industry

• Dedicated teams: PMO, finance, sales and operations

• Canadian Authorized Training Centres

• We employ and retain top talent


Top awards.

• Brocade Partner of the Year~ Innovation

• Cisco Partner of the Year~ Data Centre & Virtualization

• NetApp Partner of the Year~ Central Canada

• VMware Global Emerging Products Partner of the Year

• F5 VAR Partner of the Year~ North America

• Palo Alto Networks Rookie of the Year


Our Focus

• Protection of Data and Systems

• High Performance Computing

• Flexible Solutions

Our security partners


Partners here today


© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

SECURITY

FirePOWER

Jason MaynardSecurity Consulting Systems EngineerCCIE# 29033, [CCN|I|D|P], SFCE, CEH

SECURITY


Agenda:

• New Security Model and Global Intelligence• The POWER in FirePOWER• FirePOWER Appliance• ASA with FirePOWER Services

SECURITY


The New Security Model

BEFOREDiscoverEnforce Harden

AFTERScope

ContainRemediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect Block Defend

DURING

Point in Time Continuous


Cyber Attack Chain

Recon Weaponization Deliver Exploit Install CnC Actions

BEFOREDiscoverEnforce Harden

AFTERScope

ContainRemediate

DuringDetectBlock

Prevent

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis


Visibility Control

0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000

Cisco Security Intelligence Operation (SIO)

Cisco® SIO

WWW Email WebDevices

IPS EndpointsNetworks

More Than 150 Million DEPLOYED ENDPOINTS

100 TBDATA RECEIVED PER DAY

1.6 MillionGLOBAL SENSORS

40% WORLDWIDE EMAIL TRAFFIC

13 BillionWEB REQUESTS

Cloud AnyConnect®IPS

ESA WSAASA WWW

3 to 5 MINUTE UPDATES

More Than 200PARAMETERS TRACKED

More Than 5500IPS SIGNATURES PRODUCED

More Than 8 MillionRULES PER DAY

More Than 70PUBLICATIONS PRODUCED

Information

Actions

More Than 40LANGUAGES

More Than 80PH.D, CCIE, CISSP, MSCE

More Than $100 Million

SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT

24 Hours Daily

OPERATIONS

More Than 800ENGINEERS, TECHNICIANS,

AND RESEARCHERS


Collective Security Intelligence

IPS Rules

MalwareProtection

ReputationFeeds

Vulnerability Database Updates

Sourcefire AEGIS™

Program

Private and Public

Threat FeedsSandnets FireAMP™

Community Honeypots

Advanced Microsoft

and Industry Disclosures

SPARK ProgramSnort and ClamAV

Open Source Communities

File Samples(>380,000 per Day)

Sourcefire VRT®

(Vulnerability Research Team)

SandboxingMachine Learning

Big Data Infrastructure

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

The POWER in FirePOWER

SECURITY


About Sourcefire

• Founded in 2001 by Snort Creator, Martin Roesch, CTO

• Headquarters: Columbia, MD

• Focus on enterprise and government customers

• Global Security Alliance ecosystem

• NASDAQ: FIRE

Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise.

Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)


Integrated Threat Defense Across the Attack Continuum

BEFOREControlEnforceHarden

DURING AFTERDetectBlock

Defend

ScopeContain

Remediate

Attack Continuum

Firewall / VPN

Granular App Control

Modern Threat Control

Advanced Malware Protection

Retrospective Security

IoCs / Incident Response

NGIPS

Security Intelligence

Web Security

Visibility and Automation


FireSIGHT™ Management Center:Full Stack Visibility

CATEGORIES EXAMPLESFirePOWER Services TYPICAL

IPSTYPICAL NGFW

Threats Attacks, Anomalies ✔ ✔ ✔

Users AD, LDAP, POP3 ✔ ✗ ✔

Web Applications Facebook Chat, Ebay ✔ ✗ ✔

Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔

File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔

Malware Conficker, Flame ✔ ✗ ✗

Command & Control Servers C&C Security Intelligence ✔ ✗ ✗

Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗

Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗

Operating Systems Windows, Linux ✔ ✗ ✗

Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗

Mobile Devices iPhone, Android, Jail ✔ ✗ ✗

Printers HP, Xerox, Canon ✔ ✗ ✗

VoIP Phones Cisco phones ✔ ✗ ✗

Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗

Contextual AwarenessInformation Superiority


Correlates all intrusion events to an impact of the attack against the target

Impact Assessment IMPACT FLAG

ADMINISTRATOR ACTION

WHY

Act Immediately, Vulnerable

Event corresponds to vulnerability mapped to host

Investigate, Potentially Vulnerable

Relevant port open or protocol in use, but no vuln mapped

Good to Know, Currently Not Vulnerable

Relevant port not open or protocol not in use

Good to Know, Unknown Target

Monitored network, but unknown host

Good to Know, Unknown Network

Unmonitored network


Cisco FireSIGHT Simplifies Operations• Impact Assessment and Recommended Rules Automate

Routine Tasks





File Sent

File Received

File Executed

File Moved

File Quarantined


Indications of Compromise (IoCs)

IPS Events

Malware Backdoors

CnC Connections

Exploit Kits Admin Privilege Escalations

Web App Attacks

SI Events

Connections to Known CnC IPs

Malware Events

Malware Detections

Malware Executions

Office/PDF/Java Compromises

Dropper Infections


FirePOWER Services: Application Control

• Control access for applications, users and devices

• “Employees may view Facebook, but only Marketing may post to it”

• “No one may use peer-to-peer file sharing apps”

Over 3,000 apps, devices, and more!


…Yet Another Open Source Success Story

• OpenAppID

• Open source application detection and control

Application-focused detection language tied to Snort engine

Enhances coverage and efficacy and accelerates development of application detectors

Empowers the community to share detectors for greater protection

Already over 1300 OpenAppID Detectors

Ties into a Snort Pre-processor for maximum performance and integration

Detection of applications on the network

Reporting on the usage statistics of apps (traffic)

Blocking of applications by policy

Extensions to the Snort rule language to enable application specification

Reporting of an “App Name” along with Security events (e.g. IPS/AMP)


FirePOWER Services: URL Filtering

• Block non-business-related sites by category

• Based on user and user group


1) File Capture

FirePOWER Services: Advanced Malware

Malware Alert!

2) File Storage

4) Execution Report Available In Defense Center

Network Traffic

Collective Security Intelligence Sandbox

3) Send to Sandbox


Reduced Cost and Complexity

• Multilayered protection in a single device

• Highly scalable for branch, internet edge, and data centers

• Automates security tasks

oImpact assessment

oPolicy tuning

oUser identification

• Integrate transparently with third-party security solutions through eStreamer API


FirePOWER Appliances

SECURITY


Setting the New Standard for Advanced Threat Protection

• Industry-bestIntrusion Prevention

• Real-time Contextual Awareness

• Full Stack Visibility

• Intelligent Security Automation with FireSIGHT™

• Unparalleled Performance and Scalability

• Easily add Application Control, URL Filtering and Advanced Malware Protection with optional subscription licenses

Sourcefire FirePOWER™


IPS

P

erfo

rman

ce a

nd S

cala

bilit

y

Data CenterCampusBranch OfficeSOHO Internet Edge

FirePOWER 7100 Series500 Mbps – 1 Gbps

FirePOWER 7120/7125/81201 Gbps - 2 Gbps

FirePOWER 8100/82002 Gbps - 10 Gbps

FirePOWER 8200 Series10 Gbps – 40 Gbps

Platforms and Places in the Network

FirePOWER 7000 Series50 Mbps – 250 Mbps

FirePOWER 8300 Series15 Gbps – 60 Gbps

FirePOWER Feature SummaryNGIPS

• IPS Detection and Prevention• Security Updates• Reports, Alerts, and Dashboards• Centralized Policy Management• Custom IPS Rule Creation• Automated Impact Assessment• Automated Tuning• FireSIGHT Network & User

Intelligence• IT Policy Compliance Whitelists• File Type Determination• Network Behavior Analysis

You can ADD additional license• Application Control• User and User Group Control• Stateful Firewall Inspection

Switching and Routing• Network Address Translation• URL Filtering• File Blocking• Advanced Malware Protection

Virtual Appliances for VMWare and XEN


ASA with FirePOWER Services

SECURITY


FirePOWER Services for ASA: Components

ASA 5585-X

FirePOWER Services Blade

• Models: ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X

• SSD Drive Required• FirePOWER Services Software

Module• Licenses and Subscriptions

• Models: ASA 5585-X-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60

• New FirePOWER Services Hardware Module Required

• Licenses and Subscriptions


Superior Multilayered Protection• World’s most widely deployed, enterprise-class ASA stateful firewall

• Granular Application Visibility and Control (AVC)

• Industry-leading FirePOWER Next-Generation IPS (NGIPS)

• Reputation- and category-based URL filtering

• Advanced malware protection

CISCO ASA

Identity-Policy Control & VPN

URL Filtering(subscription)

FireSIGHTAnalytics & Automation

Advanced Malware

Protection(subscription)

Application Visibility &Control

Network FirewallRouting | Switching

Clustering & High Availability

WWW

Cisco Collective Security Intelligence Enabled

Built-in Network Profiling

Intrusion Prevention

(subscription)


ASA and FirePOWER Features• IPS Detection and Prevention• Security Updates• Reports, Alerts, and Dashboards• Centralized Policy Management• Custom IPS Rule Creation• Automated Impact Assessment• Automated Tuning• FireSIGHT Network & User Intelligence• IT Policy Compliance Whitelists• File Type Determination• Network Behavior Analysis• Application Control• User and User Group Control• Stateful Firewall Inspection Switching and

Routing• Network Address Translation• URL Filtering• File Blocking• Advanced Malware Protection• Identity-Based Firewall for enhanced user ID

awareness.

• Highly Secure remote access (IPSEC and SSL)• Proactive, near-real-time protection against Internet threats• Integrates with other essential network security tech• Supports Cisco TrustSec security group tags (SGTs) and • Extensive stateful inspection engine, • Site-to-site VPN, NAT, IPv6, • Dynamic Routing (including BGP)• HA, Clustering• Protection from botnets • Delivers high availability for high-resiliency application• Change of Authorization (CoA)

Q & A

The Perimeter is Dead, Long Live the Perimeter

Paul Wegiel

Field Systems Engineer

What is The Perimeter?

pe·rim·e·ter1.the continuous line forming the boundary of a closed geometric figure.

"the perimeter of a rectangle"

synonyms: circumference, outside, outer edge

"the perimeter of a circle"

the outermost parts or boundary of an area or object.

"the perimeter of the garden"

synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s), periphery, borderline, verge; More

a defended boundary of a military position or base.

In Networking we call it…DMZ

Defense in Depth?

Defense in depthThe principle of defense-in-depth is that layered security mechanisms increase security of the system as a whole. If an attack causes one security mechanism to fail, other mechanisms may still provide the necessary security to protect the system……Implementing a defense-in-depth strategy can add to the complexity of an application, which runs counter to the “simplicity” principle often practiced in security. That is, one could argue that adding new protection functionality adds additional complexity that might bring new risks with it.

https://www.owasp.org/index.php/Defense_in_depth



What’s a Perimeter without a

F5 Agility 2014 52

Perimeter Security Technologies

Firewalls started out as proxies

Stateless filters accelerated firewalls, but

weakened security

Stateful firewalls added security with deep

inspection, but still fall short of proxies

F5 brings full proxy back to firewalls: highest

security matched by a high-scale and high-

performance architecture

A long time ago… and then… present day… and now with F5!

F5 Agility 2014 53

Protecting against Threats is challenging

Webification of apps Device proliferation

Evolving security threats Shifting perimeter

71% of internet experts predict most people will do work via web or mobile by 2020.

95% of workers use at least one personal device for work.

130 million enterprises will use mobile apps by 2014

58% of all e-theft tied to activist groups.

81% of breaches involved hacking

80% of new apps will target the cloud.

72% IT leaders have or will move applications to the cloud.

F5 Agility 2014 54

Evolving Security Threat Landscape

F5 Agility 2014 55

More sophisticated attacks are multi-layer

Application

SSL

DNS

Network

Its all about the Application.

F5 Agility 2014 57

BIG-IP Application Security Manager

Multiple deployment options

Visibility and analysis

Comprehensive protections

• Standalone or ADC add-on• Appliance or Virtual edition• Manual or automatic policy

building • 3rd party DAST integration

• Visibility and analysis• High speed customizable syslog• Granular attack details • Expert attack tracking

and profiling• Policy & compliance reporting• Integrates with SIEM software• Full HTTP/S request logging

• Granular rules on every HTTP element

• Client side parameter manipulation protection

• Response checks for error & data leakage

• AV integrations

BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.

F5 Agility 2014 58

L7 DDOS

Web Scraping

Web bot identification

XML filtering, validation & mitigation

ICAP anti-virus Integration

XML Firewall

Geolocation blocking

Comprehensive ProtectionsBIG-IP ASM extends protection to more than application vulnerabilities

ASM

F5 Agility 2014 59

90% of security investment focused here Yet 75% of attacks are focused here

Network ThreatsApplication

Threats

Attack Vectors

TCP SYN Flood

TCP Conn Flood

DNS Flood

HTTP GET Flood

Attack Vectors

HTTP Slow Loris

DNS Cache Poison

SQL Injection

Cross Site Scripting

F5 Agility 2014 60

Unique full-proxy architecture

iRule

iRule

iRule

TCP

SSL

HTTP

TCP

SSL

HTTP

iRule

iRule

iRule

ICMP floodSYN flood

SSL renegotiation

DataleakageSlowloris attackXSS

NetworkFirewall

WAF WAF

Who are you?AAA

F5 Agility 2014 62

Who’s Requesting Access?

IT challenged to:• Control access based on user-type and role• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)• Provide fast authentication and SSO• Audit and report access and application metrics

Manage access based on identity

Employees Partner Customer Administrator

F5 Agility 2014 63

Security at the Critical Point in the Network

Virtual

Physical

Cloud

Storage

Total Application Delivery Networking Services

Clients Remote access

SSLVPN

APPfirewall

F5 Agility 2014 64

BIG-IP APM Use Cases

Accelerated Remote Access

Enterprise Data & Apps

FederationSingle Sign-on

Cloud, SaaS,and Partner

Apps

InternetSecure Web Gateway

Internet Apps

BIG-IP APM

App Access ManagementVDIExchangeSharepointOracleWebVPN

F5 Agility 2014 65

Which Threat mitigation to use?

Content Delivery Network

Carrier Service Provider

Cloud-based DDoS Service

Cloud/Hosted Service

Network firewall with SSL inspection

Web Application Firewall

On-premise DDoS solution

Intrusion Detection/Prevention

On-Premise Defense

All of the above

F5 Agility 2014 67

Network

Session

Application

Web application

Physical

Client / Server

L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation

SSL inspection and SSL DDoS mitigation

HTTP proxy, HTTP DDoS and application security

Application health monitoring and performance anomaly detection

Network

Session

Application

Web application

Physical

Client / Server

Full Proxy Security

F5 Agility 2014 68

F5 Provides Complete Visibility and Control Across Applications and Users

IntelligentServicesPlatform

Users

Securing access to applications from anywhere

Resources

Protecting your applications regardless of where they live

TMOS

Network Firewall

Protocol Security

DDoS Protection

Dynamic Threat Defense

DNS Web Access

F5 Agility 2014 69

PROTECTING THE DATA CENTERUse case

• Consolidation of firewall, app security, traffic management• Protection for data centers and application servers

• High scale for the most common inbound protocols

Before f5

with f5

LoadBalancer

DNS Security

Network DDoS

Web Application Firewall

Web AccessManagement

LoadBalancer & SSL

Application DDoS

Firewall/VPN

F5 Agility 2014 70

F5 Bringing deep application fluency to Perimeter security

One platform

SSL inspection

Traffic management

DNS security

Access control

Applicationsecurity

Networkfirewall

EAL2+EAL4+ (in process)

DDoS mitigation

F5 Agility 2014 71

Application attacksNetwork attacks Session attacks

OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods

SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks

BIG-IP ASMPositive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection

DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation

BIG-IP LTM and GTMHigh-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation

BIG-IP AFMSynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding.

Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions.

F5

mit

iga

tio

n t

ec

hn

olo

gie

s

Application (7)Presentation (6)Session (5)Transport (4)Network (3)Data Link (2)Physical (1)

Increasing difficulty of attack detection

F5

mit

iga

tio

n t

ec

hn

olo

gie

s

OSI stack

OSI stack

DDoS MITIGATION

How do I implement perimeter Security with F5?

F5 Agility 2014 73

Reference Architectures

DDoS Protection

S/Gi Network Simplification

Security for Service

Providers

Application Services

Migration to Cloud DevOps

Secure Mobility

LTE Roaming

DNS

Cloud Federation

CloudBursting


Solve the Endpoint Security Challenge with Isolation, not Detection

Chris Cram

Security Solutions Architect

®

76

The Security Landscape

Bromium Overview

Use Cases and Benefits

Summary and Next Steps

Agenda


Security Spending — ’05–’14

Up 294%$30B No!

Up 390%

Are breaches going down?

Malware/Breaches — ’05–’14Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014

3

The IT Security Paradox


The Endpoint Problem

71% of all breaches

are from the endpoint!

Ineffective DetectionAdvanced Threats

Polymorphic Targeted …

Pattern Matching Only known Many ??? Costly remediation

“Anti-virus is dead. It catches only 45% of cyber-attacks.” Brian Dye

SVP, Symantec

5

The Problem


The Endpoint ProblemIneffective DetectionAdvanced Threats

Polymorphic Targeted Zero Day

Pattern-Matching Only known Many false positives Costly remediation

71% of all breaches

start on the endpoint!

Source: Verizon Data Breach Report

4

The Problem


80

@

Threats

@

Firewall IPS Web & Email Gateways

Network Detection Based

PCFirewall

PCAnti-virus

Endpoint Detection Based


Advanced Attacks Evade Legacy Defenses

81

$0

$5B

$10B

$15B

$20B

$25B

Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%

HostIntrusionPreventio

n

EndpointSandboxing

ApplicationWhitelisting

Host WebFiltering

Cloud-based

AV detection

NetworkSandboxing

2004 2005 2006 2007 2008 2009 2010 2011 2012 20142003 2013

Sega

Writerspace.com

RockYou!

Target

AOL

Living Social

CardsystemsSolutions Inc.

Evernote

CheckFree Corporation

Heartland

TK/ TJ Maxx

Blizzard

Auction.com.kr

Virginia Dept. of Health

AOL

Data Processors

International

KDDI

Gawker.com

Global Payments

RBS Worldpay

Drupal

Sony Pictures

MedicaidOhio State

University

Network Solutions Betfair

US Federal Reserve Bank of Clevelan

d

Citigroup

Twitter

Seacoast Radiology,

PA

Restaurant Depot

Washington State court

system

University of California

Berkeley

AT&T

University of Wisconsin – Milwaukee

Central Hudson Gas &

Electric

TD Ameritrade

Sony PSN

San Francisco

Public Utilities

Commission

YahooJapan

Ebay

NeimanMarcus

MacRumour

s.Com

NASDAQ

Ubisoft

South Africa Police

YahooMonster.

com

Hannaford Brothers

Supermarket Chain

Washington Post

Three Iranian banks

KT Corp.

LexisNexisVirginia Prescription Monitoring

Program

UbuntuScribd

Sony Online EntertainmentSouthern

California Medical-Legal

Consultants

NeimanMarcus

Nintendo

Ankle & Foot

Center of Tampa Bay,

Inc.

Bethesda Game Studios

Puerto Rico Department

of Health

American

Express

PF Changs

Home Depo

t

Paytime

Aaron Brothers

Michael’s Stores

Sutherland Healthcare

Adobe

Snapchat

2013614 reported breaches

91,982,172 records

Recent Security Timeline


82

$0

$5B

$10B

$15B

$20B

$25B

HostIntrusionPreventio

n

EndpointSandboxing

ApplicationWhitelisting

Host WebFiltering

Cloud-based

AV detection

NetworkSandboxing

2004 2005 2006 2007 2008 2009 2010 2011 2012 20142003 2013

Breaches Starting from the Endpoint

Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative only to depict the 71%

2013614 reported breaches

91,982,172 records

Recent Security Timeline


Redefining security with isolation technology

Transforming the legacy security model

Global, top investors, leaders of Xen

Top tier customers across every vertical

Bromium—Pioneer and Innovator

8© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

84

Microvisor

Hardware isolates each untrusted Windows task

Lightweight, fast, hidden, with an

unchanged native UX

Based on Xen with a small, secure

code base

Industry-standard desktop, laptop

hardware

Hardware Virtualization

Hardware Security Features


Core Technology

85

Isolate all end user tasks – browsing, opening emails, files…

Utilize micro-virtualization and

the CPU to hardware isolate

Across major threat vectors—Web, email, USB, shares…

Seamless user experienceon standard PCs

How Bromium Solves The Problem


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=mZJBeDFdHST1kM&tbnid=0BVE4EmzgJZc0M:&ved=0CAUQjRw&url=http://email.iyogi.com/outlook/outlook-2010-icon-missing.html&ei=m26jU6rPBNbAoATT_YCIDQ&bvm=bv.69411363,d.cGU&psig=AFQjCNEtovoPOxHl6ssTDbfSx1-0fuJuvA&ust=1403306008872606

Bromium vSentry

OS

Today’s signature and behavioral techniques miss many attacks

They almost always leave endpoints corrupted, requiring re-imaging

All user tasks and malware are isolated in a super-efficient micro-VM

All micro-VMs destroyed, elimi-nating all traces of malware with them

Hardware

OS Kernel

Anti-virus, sandbox and other security tools

Applications

OSHardware

Hardware-isolated Micro VMs

Traditional Endpoint Security

OS

OS

tab

OSOS

tab

10

Different from Traditional Security


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=mZJBeDFdHST1kM&tbnid=0BVE4EmzgJZc0M:&ved=0CAUQjRw&url=http://email.iyogi.com/outlook/outlook-2010-icon-missing.html&ei=m26jU6rPBNbAoATT_YCIDQ&bvm=bv.69411363,d.cGU&psig=AFQjCNEtovoPOxHl6ssTDbfSx1-0fuJuvA&ust=1403306008872606

WHOIs the Target

WHEREIs the Attacker

WHATIs the Goal

WHATIs the Technique

WHATIs the Intent

24© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.

LAVA Understanding the Kill Chain

Java Legacy App

Support

PatchingOff Net Laptop Users

High Value Targets

Threat Intelligence

Secure Browsing

12

Use Cases


89

Defeat Attacks Eliminate compromises on the endpoint Deliver protection in the office or on the road

Streamline IT Reduce operational costs Dramatically increase IT productivity

Empower End Users Remove the burden of security from users Enable users to click on anything…anywhere


Why Customers Deploy Bromium

90

The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era

Current ‘detection’ defenses are ineffective; endpoint is the weakest link

Bromium is redefining endpoint security with micro-virtualization

Enormous benefits in defeating attacks,streamlining IT and empowering users


Summary


Questions?


Beyond Compliance

Rob Stonehouse – Chief Security Architect


The Rush To Compliance

“We have to be compliant!”


What Do We Know?

• The Internet wants all your information

• Law is not a deterrent

• Little risk for huge gains

• Patience = Success

• Users will still click on anything

…It is going to get worse


What have we seen?

- Sophisticated malware

- Teams of attackers

- Persistence & Purpose

20+ Years of Monitoring


Technology

• New strategies

• Hard to realize the value

InfoSec is Expensive

• Resource issues

The Problem


What is The Answer?

Visibility


Get The Help You Need

You Can No Longer Do This Alone


Recap

• Reduce complexity – simplify

• Apply security at the infrastructure, applications and endpoint

• Augment technology with people and process

• Spend on security vs. compliance

• Gain visibility through effective security operations


Managed Security Services

Jamie Hari – Product Manager, Infrastructure & Security


Scalar discovered what they overlooked.


Changing Tactics

103

The way you look at security needs to change.

© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. April 10, 2023


SIEM


The SIEM is the heart and brain of the SOC. It moves data around quickly and analyses it with

continually updated intelligence.

Improved Intelligence

Scalar has the tools and experience to manage security in a complex technical landscape.

Scalar SOC

SIEM SOC Tools

Firewalls IPS VS AV/AM/AS

Servers End Points

Users


What is SIEM?

• Log Management

• Security Event Correlation and Analysis

• Security Alerting & Reporting

A solution which gathers, analyzes, and presents security information.


Reporting

Quickly Identify Patterns of Activity, Traffic, and Attacks


Managed SIEM & Incident Response

• 24 x 7 Security Alert & System Availability Monitoring

• Security Incident Analysis & Response

• Infrastructure Incident, Change, Patch, and Configuration Management

Real-time security event monitoring and intelligent incident response


What should I look for in a provider?

• Breadth and Depth of Technical Capability

• Flexibility in Deployment, Reporting, and Engagement Options

• Experience with Customers in Diverse Industries

• A Partner Model


Proof of Value

4 Week Trial

• Dashboard for Real-time Data

• Weekly Security Report

• Detailed Final Summary Report

• Seamless Continuation into Full Service


Getting Started

You decide how we fit



Questions?


Putting our expertise into practice.


Integrating, securing and managing systems for the most technologically advanced games ever.


Building a centre of excellence that delivers a compute cluster to a global user community.


2 banks. 5 months. 1 great enterprise application.

Mobile

Wallet



What’s next?

Looking for more info on security? Rob Stonehouse, Scalar’s Chief Security

Architect, discusses security beyond compliance on our blog here.

http://blog.scalar.ca/Blog/bid/105049/Security-Beyond-Compliance?utm_content=8235568&utm_medium=social&utm_source=linkedin