Intelligent Protection - infosecurityvip.com INFOSECURITY SAN... · Question: Have you or your...
Transcript of Intelligent Protection - infosecurityvip.com INFOSECURITY SAN... · Question: Have you or your...
Question:
Have you or your customers’ business experienced advanced threats such as Ransomware in the last 12 months?
Don’t forget what you are being paid to do.
• Align the goals of IT and IT Security to the goals of the business.
• Support management to reach those goals while mitigating risk to acceptable levels
• Making sure it is done in time and within budget.
• Be proactive
• Plan
• Prioritize
• Collaborate
• Analyze
• Understand
• Educate yourself and others
Steven Covey
What is impacting Businesses
State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute
Cyber attacks affected more SMBs in the past 12 months.
A growing problem for SMBs is the inability to staff their IT functions. The biggest problem is not having the personnel to mitigate cyber risks, vulnerabilities and attacks.
Ransomware: The TOP Security Concern
Ransomware is a form of computer malware that restricts access to your computer and/or its information, while demanding you pay a ransom to regain access.
Ransomware growth:
▪ Ransomware cost U.S. victims $209m in Q1, and $1b for 2016 - FBI
▪ 6 in 10 malware payloads are ransomware in Q1, 2017 – Kaspersky
▪ Ransomware spam up 6000% in 2016 – IBM
▪ Mobile ransomware increases 250% - Kaspersky
▪ A company is hit with ransomware every 40 seconds
▪ 83% of WatchGuard survey respondents believe ransomware #1 threat
Verizon 2017 DBIR
The Challenges of Advanced Malware Detection
ReputationSignatures & Lists of Malicious
URLs, Domains, IPs
HeuristicsCommon Malware Patterns
BehaviorsOdd Processes and
Actions
Deep Analysis
Detonation of Suspicious
Things
Volume of Threats
Only catch what they KNOW is a threatOn average antivirus software was only 61% effective in catching threats two weeks after their discovery.
Large volume of false positivesMore than 80% of the 17,000 malware alerts an average business receives each week are false positives.
Volume of threat indicators overwhelming4% of malware alerts are actually investigated by security teams
Identifying bleeding-edge threats an ongoing problem38% of Malware is zero-day, and 95% of detected Malware is less than 24 hours old
New Industry Focus on Detection and Response
Gartner’s Adaptive Security Architecture – Neil MacDonald
• Experts recommend rebalancing purchasing toward D&R
• Avoid siloed solutions. Look for ones that share info between stages –MacDonald
• If you lack expertise, consider MSSP or MDR.
DELIVERYThe attack payload is delivered through the network perimeter
RECONNAISSANCEThe attacker gathers information on the victim
Cyber Kill Chain 3.0
COMPROMISE/ EXPLOITVulnerabilities from reconnaissance stage are exploited to launch an attack
OBJECTIVES/ EXFILTRATIONThe goal of the attack is accomplished
INFECTION/ INSTALLATIONThe attack payload is installed on the
system and persistence is obtained
LATERAL MOVEMENT/ PIVOTINGThe attacker moves behind the network perimeter
to their final target
COMMAND AND CONTROLThe attack payload calls home for instructions
Packet
FilteringProxies
IPS APT
Blocker
Gateway
AntiVirus
Packet
Filtering
IPS APT
Blocker
Gateway
AntiVirusDLPApplication
ControlReputation
Enabled
Defense
Application
Control
Packet
FilteringWeb
Blocker
IPS APT
Blocker
Gateway
AntiVirus
Reputation
Enabled
Defense
RECONNAISSANCE
COMPROMISE/ EXPLOIT
COMMAND AND CONTROL
OBJECTIVES/ EXFILTRATION
DELIVERY
INFECTION/ INSTALLATION
LATERAL MOVEMENT/PIVOTING
APT
Blocker
Gateway
AntiVirusTDR
IPSWeb
Blocker
TDR Botnet
Protection
Packet
FilteringDLP Botnet
Protection
WatchGuardBreaks
the Kill Chain
What’s Needed?Endpoint Insight
Network Correlation and Threat Scoring
Advanced Threat Triage
Responding to the threat of advanced malware requires the ability to monitor endpoints for behaviors that would indicate an attack, and the means to take action to stop the threat – manually or automatically.
The vast majority of cyber threats are delivered via the network. Correlating network events and endpoint behaviors into a single threat score gives you the insight you need to confidently respond to threats with the appropriate action.
Malware is constantly evolving. Submitting suspicious files for execution in a cloud-sandbox that emulates a physical machine, manually or by policy, means you can protect against the latest threats, and triage security incidents with ease.
Businesses are vulnerable to exploits and malware. Only 39 percent of respondents say the technologies currently used by their organization can detect and block most cyber attacks.
State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute
Our Security, Delivered Your Way1. Simplified Management
2. Intelligent Protection
3. Actionable Visibility
WatchGuard Total Security Suite
• Includes - Threat Detection and Response
that is a collection of advanced
Malware defense tools that correlate
threat indicators from Fireboxes and
Host Sensors to enable real-time,
automated response to stop known,
unknown and evasive threats.
APT BLOCKER – ADVANCED MALWARE PROTECTION APT Blocker uses an award-winning next-gen sandbox to detect and stop the most sophisticated attacks including ransomware, zero day threats and other advanced malware.
THREAT DETECTION AND RESPONSE Correlate network and endpoint security events with enterprise-grade threat intelligence to detect, prioritize and enable immediate action to stop malware attacks. Improve visibility by evolving your existing security model to extend past prevention, to now include correlation, detection and response.
INTRUSION PREVENTION SERVICE (IPS)IPS uses continually updated signatures to scan traffic on all major protocols to provide real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.
GATEWAY ANTIVIRUS (GAV)Leverage our continuously updated signatures to identify and block known spyware, viruses, trojans, worms, rogueware and blended threats –including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don’t slip by.
REPUTATION ENABLED DEFENSE SERVICE (RED)A powerful, cloud-based reputation lookup service that protects web users from malicious sites and botnets, while dramatically improving web processing overhead.
WEBBLOCKER URL FILTERINGIn addition to automatically blocking known malicious sites, WebBlocker’sgranular content and URL filtering tools enable you to block inappropriate content, conserve network bandwidth, and increase employee productivity.
spamBlockerReal-time spam detection for protection from outbreaks. Our spamBlocker is so fast and effective, it can review up to 4 billion messages per day.
Application ControlSelectively allow, block, or restrict access to applications based on a user’s department, job function, and time of day and to then see, in real-time, what’s being accessed on your network and by whom.
DATA LOSS PREVENTION (DLP)This service prevents accidental or malicious data loss by scanning text and common file types to detect sensitive information attempting to leave the network.
NETWORK DISCOVERY A subscription-based service for Firebox appliances that generates a visual map of all nodes on your network so you can easily see where you may be at risk.
Delivered Your Way – Intelligent Protection
Prevent
Detect
Respond
Provide layered threat prevention that shuts down attacks targeted at your customers.
Leverage cutting-edge technology to quickly and effectively detect threats from the network
to the endpoint with actionable alerts.
Take immediate action to mitigate known threats, whether they are on the network, endpoint,
or wireless environment with policy automation.
What about Wi-Fi1. Wi-Fi Password Cracking - Wireless access
points that still use older security protocols, like WEP, make for easy targets because the passwords are notoriously easy to crack.
2. Rogue APs and Clients - Nothing physically prevents a cyber criminal from enabling a foreign access point near your hotspot with a matching SSID, which invites unsuspecting customers to log in. Users that fall victim to the rogue AP are susceptible to a malicious code injection.
3. Planting Malware - A common tactic used by hackers is to plant a backdoor on the network, allowing them to return at a later date to steal sensitive information.
4. Eavesdropping - Guests run the risk of having their private communications detected, or packets sniffed, by nosey cyber snoops while on an unprotected wireless network.
5. Data Theft - Joining a wireless network puts users at risk of losing private documents that may contain highly sensitive information to cyber thieves who opportunistically intercept data being sent through the network.
6. Inappropriate and Illegal Usage - Adult or extremist content can be offensive to neighboring users, and illegal downloads of protected media leave the business susceptible to copyright infringement lawsuits.
7. Bad Neighbors - Mobile attacks, such as Android’s StageFright, can spread from guest to guest, even if victim zero is oblivious to the outbreak.
8. Man in the Middle Attack (MitM) - Mundane communication over Wi-Fi can lead to a breach when a villainous actor secretly intercepts and alters legitimate conversations.
9. Wireless DoS - Attackers can cause a standstill in Wi-Fi access by intentionally sending large amounts of traffic to legitimate access points, which disables the appliance from legitimate use.
10. Masquerading Attacks - Cyber criminals set on breaching Wi-Fi security commonly attempt to disguise their devices as legitimate or known devices by spoofing MAC addresses.
11. Misconfigured AP - Deploying access points without following Wi-Fi security best practices can lead to inadvertent misconfigurations, which often leads to a security risk.
WatchGuard Access Points and WIPS SecurityPatented marker-packet technology automatically classifies each access point so that rogue APs can be blocked
Protection to and from Cloud to On-premise
• Horizontal and Vertical Coverage
• Leverage IaaS, PaaS
• On-Premise and SaaS
• Ecosystem coverage
A Complete Product Portfolio for Managed Security
Deploy
Maintain
Upgrade
Prevent
Detect
Respond
Monitor
Report
Troubleshoot
Never forget what you are being paid to do.
• Align the goals of IT and IT Security to the goals of the business.
• Support management to reach those goals while mitigating risk to acceptable levels
• Making sure it is done in time and within budget.
• Be proactive
• Plan
• Prioritize
• Collaborate
• Analyze
• Understand
• Educate yourself and others
Steven Covey