HUSSAM ABU-RIDA Threat Defens… · Connected Threat Defense: Better, Faster Protection. RESPOND....
28
www.menaisc.com Connected Threat Defense HUSSAM ABU-RIDA TECHNICAL LEAD TREND MICRO
Transcript of HUSSAM ABU-RIDA Threat Defens… · Connected Threat Defense: Better, Faster Protection. RESPOND....
w w w . m e n a i s c . c o m
Connected Threat Defense
HUSSAM ABU-RIDATECHNICAL LEAD
TREND MICRO
It was already difficult to securethe enterprise five years ago…
3
The modern workplace has noboundaries
On-premise or perimeter defenses aren’t enough
85%HAVE A MULTI-CLOUD STRATEGY
80%OF WORKLOADS ARE VIRTUALIZED
95%RUNNING APPS OR EXPERIMENTING WITH INFRASTRUCTURE AS A SERVICE
5
The threat landscape is
evolving
Ransomware
Macro Malware
Point of SaleRAM Scrapers
Targeted Attacks
Flash Exploits
Difficult to get visibilityacross the
environment
Many points of entry to protect
Risk Management Requires Layered Protection
Servers
Protect server workloads wherever
they may be -- physical, virtual or cloud
Networks
Risk Management Requires Layered Protection
Servers
Detect and block threats hitting the data center and
user environments, maximizing efficiency
Users
Networks
Risk Management Requires Layered Protection
Protect user activities anywhere on any device reducing initial point of
infection Need for connected threat defense and centralized visibility
increases
Servers
Connected Threat Defense: Better, Faster Protection
Gain centralized visibility across the system, and
analyze and assess impact of threats
Enable rapid response through shared threat
intelligence and delivery of real-time security
updates
Detect advanced malware, behavior and communications invisible to standard defenses
Assess potential vulnerabilities and proactively protect endpoints, servers and applications
PROTECT
DETECT
RESPOND
Connected Threat Defense: Better, Faster Protection
PROTECT
DETECT
RESPOND
Connected Threat Defense: Better, Faster Protection
PROTECTAnti-Malware and Content Filtering
Intrusion Prevention
App Control
Integrity Monitoring
Encryption and Data Loss Prevention
Connected Threat Defense: Better, Faster Protection
DETECT
PROTECT
RESPONDRESPOND PROTECT
Connected Threat Defense: Better, Faster Protection
DETECT
“The traditional defense-in-depth components are still necessary, but are no longer sufficient in protecting against advanced targeted attacks and advanced malware.”
Network Content Inspection
Custom Sandbox Analysis
Behavioral Analysis
Machine Learning
Lateral Movement Detection
DETECT
PROTECT
Connected Threat Defense: Better, Faster Protection
RESPOND
DETECT
PROTECT
Connected Threat Defense: Better, Faster Protection
RESPOND 1. Malware infects an endpoint
2. Deep Discovery detects malware
3. Real-time signature pushed to endpoints (logging or blocking)
4. Endpoint Sensor can investigate whether threat had spread
RAPID RESPONSE
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
CUSTOM SANDBOX
OfficeScan URL, File, IPEndpoint Sensor IOC, SHA, IP, DomainOfficeScan ActionEndpoint Sensor
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
CUSTOM SANDBOX
ScanMail for Exchange SHA-1InterScan Mail Security
SHA, IP, DomainScanMail for Exchange Risk Level InterScan Mail Security
Risk Level
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
WEBGATEWAY
CUSTOM SANDBOX
InterScan Web Security
URL, File, IPInterScan Web Security
Action
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
WEBGATEWAY
CUSTOM SANDBOX
HYBRID CLOUDSECURITY
Deep Security URL, FileDeep Security Action
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
WEBGATEWAY
CUSTOM SANDBOX
HYBRID CLOUDSECURITY
TippingPoint IPS URL, File, IP, Domain
INTRUSION PREVENTION
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
WEBGATEWAY
CUSTOM SANDBOX
HYBRID CLOUDSECURITY
Control Manager URL, File, IP,Domain, SHA
INTRUSION PREVENTION
Connected Threat Defense: Better, Faster Protection
RESPOND
CENTRALIZED THREAT SHARING AND VISIBILITY
ENDPOINT PROTECTION
MAILSECURITY
WEBGATEWAY
CUSTOM SANDBOX
HYBRID CLOUDSECURITY
INTRUSION PREVENTION
Connected Threat Defense: Better, Faster Protection
RESPONDThreat Information can be shared with third party applications such as SIEMs, Firewalls, IPS and other applications via Web API
THIRD PARTY SHARING
CUSTOM SANDBOX
NETWORKDETECTION
NEXT GENFIREWALL
SIEM NETWORK IPSIBM Qradar
HP ArcsightSplunkAlienVault
IBMCheck PointPalo Alto NetworksBlue Coat
API
WEB API
DETECT
PROTECT
Connected Threat Defense: Better, Faster Protection
RESPOND
DETECT
RESPOND PROTECT
Connected Threat Defense: Better, Faster ProtectionUser-based visibility,
investigation and management
Strong Central VisibilitySingle dashboard with visibility across
layers of protection
w w w . m e n a i s c . c o m
CONNECTED THREAT DEFENSE
Questions?
HUSSAM ABU-RIDATECHNICAL LEADTREND MICRO
