1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

Microsoft Ignite /16/2017 4:54 PM

LittleOrange Internet Security an Endpoint Security Appliance.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

IBM Security Network Protection (XGS)

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Norman Endpoint Protection Advanced security made easy.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

The Changing World of Endpoint Protection

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Marin Frankovic Datacenter TSP

Synchronized Security Revolutionizing Advanced Threat Protection

Sky Advanced Threat Prevention

Brandon Traffanstedt Systems Engineer - Southeast

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.

1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. PROXYSG POLICY BEST PRACTICES  Thank you for joining today’s Blue Coat Customer Support.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.

How to Make Cyber Threat Intelligence Actionable

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Introducing Dell SonicWALL Capture Advanced Threat Protection Service

Palo Alto Networks - Next Generation Security Platform

1 Sophos Security made simple. Steven Hecht Channel Account Executive Andy Miller Enterprise Account Manager

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

1 Copyright © 2016 Blue Coat Systems Inc. All Rights Reserved. Live Online Q&A Session! We are excited to continue the live online Q&A session immediately.

Blue Coat Cloud Continuum

©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Deployment Planning Services

Critical Security Controls

The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.

Configuring Windows Firewall with Advanced Security

Real-time protection for web sites and web apps against ATTACKS

Active Cyber Security, OnDemand

Threat Management Gateway

Advanced Security Architecture System Engineer Cisco: practice-questions.html.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Panda Adaptive Defense Platform and Services

Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore.

Secure once, run anywhere Simplify your security with Sophos

New Web Security Bundles For 1500 Users and Below

Introduction to Symantec Security Service

OSL150 – Get Hands on with Ivanti Endpoint Security

Presentation transcript:

1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT PROTECTION ZACH SIVERTSON Product Management March 5, 2014

2Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only WHAT’S NEEDED ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation GLOBAL INTELLIGENCE NETWORK

3Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only TAKING A NETWORK-CENTRIC APPROACH TO ANTI-MALWARE Critical Controls For Effective Cyber Defense - SANS Institute, March 2013 Utilize network-based anti-malware tools to analyze all inbound traffic and filter out malicious content before it arrives at the endpoint. “ “ Device-based anti-malware offers incomplete protection: - Proliferation of new devices - BYOD - Guest WiFi - Machine-to-machine comms Device-based anti-malware offers incomplete protection: - Proliferation of new devices - BYOD - Guest WiFi - Machine-to-machine comms Secure Web Gateway provides: - Real-time Rating - URL database - Negative Day Defense Network Anti-Malware needed for: - APTs - Targeted malware attacks Secure Web Gateway provides: - Real-time Rating - URL database - Negative Day Defense Network Anti-Malware needed for: - APTs - Targeted malware attacks Network-based anti-malware adds extra layer of defense against targeted attacks not be detected by mainstream algorithms

4Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only REAL WORLD RESULTS: BENEFIT OF ADDING NETWORK BASED ANTI-MALWARE TO SECURE WEB GATEWAY Global Financial Enterprise Billion attempts to access websites (allowed + blocked) Million attempts to access known malicious sites blocked by WebPulse. -89,192 Malicious files blocked by network perimeter anti-malware 12 months ending 4/13. Over 250,000 employees 4 Enterprise Network Internet Secure Web Gateway Network Anti-malware

5Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational silos limit current defenses

6Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Block Known Web Threats ProxySG Allow Known Good Content Analysis System with Application Whitelisting Block Known Bad Downloads Content Analysis System with Malware Scanning Free up resources to focus on advanced threat analysis Reduce threats for incident containment and resolution Block all known sources/malnets and threats before they are on the network Analyze Unknown Threats Malware Analysis Appliance Block Known Web Threats ProxySG Allow Known Good Content Analysis System with Application Whitelisting Block Known Bad Downloads Content Analysis System with Malware Scanning Analyze Unknown Threats Malware Analysis Appliance INTELLIGENT DEFENSE IN DEPTH Discover new threats and then update you gateways

7Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Non-Blue Coat Sandbox Malicious UPDATE & ALERT Not Malicious Global Intelligence Network CONTENT ANALYSIS SYSTEM WITH MALWARE ANALYSIS Content Analysis System Encrypted & Unencrypted Traffic ProxySG Internet Application Whitelisting Malware Signature Databases Blue Coat Malware Analysis ICAP / S-ICAP Threat Data Sent To WebPulse: - File HASH - URL - Time Stamp - File Name

8Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only File Whitelisting - For Improved Control and Performance -Eliminates need to analyze known “good” files -Ability to block delivery of all but known ‘good’ files -Tests show 29% of files are identified as ‘good’ - Database of over 1 billion files is updated continuously Orchestrated Sandboxing – For Better Performance and Accuracy -Pre-filtering results in 37% reduction in number of files sent to sandbox -Fewer files to analyze improves performance and reduces false-positives -Simultaneously send suspicious files to Malware Analysis Appliance and third- party sandboxes Dual Anti-Malware - For High Accuracy, Comprehensive Protection - Deploying two anti-malware engines increases coverage by 12% (choice of McAfee, Sophos, Kaspersky) - Best practice – network anti-malware engine(s) different from desktop CONTENT ANALYSIS SYSTEM THE FOUNDATION FOR ADVANCED THREAT PROTECTION Expandable High Performance Platform – For Investment Protection -Four models with throughput ranging from 50Mbps to 500Mbps -Scan files up to 5GB in size and analyze compressed archives 99 layers deep -Expandable over time (ex. On-box/Cloud Sandbox planned for mid-2014)

9Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only DISCOVERING NEW THREATS WITH BLUE COAT MALWARE ANALYSIS IntelliVM Replicate your production environment Reduce false positives Pre-filter with application whitelisting and malware scanning Protect immediately New malware discoveries shared via global intelligence network Emulation Replicate your system environment Scale your defenses Protection shifts to the gateway when new threats are discovered

10Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only MALWARE ANALYSIS APPLIANCE IMPROVING ON THE BASIC SANDBOX Hybrid Sandboxing – Dual detection - ‘Bare-metal’ sandbox to detonate VM- aware malware - Customized VM profiles to replicate your specific environment Plug-ins – Simulating user interaction -Replicate mouse movements, click- through dialog boxes etc… Risk Scores – Identify highest risk malware -Allows graduated response -Improve use of security resources Detailed Information – Improving response -Info on process, file system, network and registry events -Pattern matching classifies malware and identifies industry and app-specific attacks

11Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only DEPLOYMENT SCENARIO: GATEWAY ADVANCED THREAT PROTECTION Content Analysis System Proxy SG Malware Analysis Appliance ICAP / S-ICAP HTTPS API For Flexible/Scalable Deployment Threat Data To WebPulse: - File HASH - URL - Time Stamp - File Name

12Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only ATP LIFECYCLE ARCHITECTURE WebPulse Internal Network Web Server Content Analysis System Proxy SG Malware Analysis Appliance Security Analytics Platform Integrated Solution: Web Gateway + Content Analysis + Malware Analysis + Analytics Threat Data To WebPulse: - File HASH - URL - Time Stamp - File Name

13Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation GLOBAL INTELLIGENCE NETWORK ADVANCED THREAT LIFECYCLE DEFENSE Security Analytics Platform with ThreatBlades Content Analysis System with Malware Analysis ProxySG

14Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only BLUE COAT CUSTOMER FORUMS  New Blue Coat Customer Forums now available  Community where you can learn from and share your valuable knowledge and experience with other Blue Coat customers  Research, post and reply to topics relevant to you at your own convenience  Blue Coat Moderator Team ready to offer guidance, answer questions, and help get you on the right track  Access at forums.bluecoat.com and register for an account today!forums.bluecoat.com  Win an iPad mini by participating in the Blue Coat Customer Forums Referral Contest. Visit the forum for details!

15Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only THANK YOU FOR JOINING TODAY!  Please provide feedback on this webcast and suggestions for future webcasts to: Webcast replay and slide deck found here: er-support-technical-webcasts er-support-technical-webcasts (requires BTO login)

16Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only RESOURCE CENTER

17Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only ADDENDUM

18Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only CONTENT ANALYSIS SYSTEM: TOPOLOGY EXTERNAL MAIL RELAY USERS USER DIRECTORY SWITCH INTERNET GLOBAL INTELLIGENCE NETWORK PROXY SG INTERNAL MAIL SERVER CENTRAL MANAGEMENT ADMIN FIREWALL CONTENT ANALYSIS MALWARE ANALYSIS