ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Solidcore Harness the Power of Change John Sebes CTO Solidcore Systems, Inc. Case Study:

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Department Of Computer Engineering

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

EDUCAUSE Security 2006 Internet John Brown University.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

SEC835 Database and Web application security Information Security Architecture.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Web Site Content Protection Solution. Protecting Web Site Content with.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Classification 10/3/2015 Worry-Free Business Security 5.0.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

The ProactiveWatch Monitoring Service. Are These Problems For You? Your business gets disrupted when your IT environment has issues Your employee and.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Network security Product Group 2 McAfee Network Security Platform.

Completing network setup. INTRODUCTION Course Overview Course Objectives.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

IS3220 Information Technology Infrastructure Security

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.

Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Proventia Network Intrusion Prevention System

Critical Security Controls

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Presentation transcript:

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003

The Problem Constant New Threats and Vulnerabilities Current Solutions Not Sufficient Reactive Solutions Incur False Positives Reactive Solutions Miss Unknown Attacks Do not allow for automatic action Inherent Window of Vulnerability High Maintenance and TCO

A New Approach to Network Security Proven IntentAnalysisPolicy Protect By.. Key Issues Identify attacker intent Stop attacker from reaching network Proactive Pattern recognition By Anomaly Forensics Reactive Access list by services offered Characteristics Low Cost Low Complexity Dynamic High Cost To Update To Manage Low Cost Defined Policy Static Cost to Maintain Accurate Confident to act. If ActiveScout identifies a Bad Guy: It’s a BAD GUY! False Positives Not confident to take automatic action Accurate Does exactly what you told it to do! Accuracy (False Positives) ActiveScoutIDS / IPSFirewall Product

Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Server Web Server Reconnaissance 20 types Precedes Majority of Attacks

Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Server Web Server Reconnaissance 20 types Precedes Majority of Attacks

Most network attacks are preceded by reconnaissance activity to determine available services and network resources. AttackerInternetRouter FirewallEnterprise Typical Attack Process

The network sends information about available hosts and services in response to the reconnaissance. AttackerInternetRouter FirewallEnterprise Typical Attack Process

With this information, the attacker utilizes existing or new exploits to break into the network. AttackerInternetRouter FirewallEnterprise Typical Attack Process

ActiveScout Intrusion Prevention ActiveScout identifies all reconnaissance used by a potential attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager

ActiveScout watches the network’s response, and sends its own unique information to the potential attacker. This unique information, or ‘mark’, is not distinguishable from the network’s legitimate response. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention

When the attacker uses the mark to launch an exploit, ActiveScout accurately identifies it and can actively block the attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention

Growing Risk of Unknown Attacks Q1 thru Q3 Only Vulnerability increase of 5000% from 1995 to 2001 Source: CERT Coordination Center, 2002 New Vulnerabilities 89% of corporations successfully attacked had firewalls, 60% had Legacy IDSes. Source: CSI/FBI 2002 Report

The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Blocks Unknown Attacks Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block)

The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block) Blocks Unknown Attacks

Time to Prevention Without ActiveScout Protection available New vulnerabilities (hundreds/month) Exploit is known to security community Spida spreads Spida detected Protection offered Time New Vulnerabilities Window of Vulnerability Time to Protection – Days/Weeks/Months/Never?

Time Spida spreads Spida detected Protection offered Protection available Exploit is known to security community New Vulnerabilities New vulnerabilities (hundreds/month) Time to Protection – Immediate Window of Vulnerability – Zero Instantaneous Prevention With ActiveScout

State of Security Today Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

State of Security Today Firewall Intranet Security Internet Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)

Firewall ActiveScout ActiveScout Prevents intrusions from known and unknown threats in front of the firewall Intranet Security Instantaneous Prevention Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus) Internet

The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention Blocks Unknown Attacks 100% Accurate (no false positives, confidence to block)

ActiveScout Minimal Cost of Prevention Legacy Systems ActiveScout Action Analysis of alerts Correlation analysis Policy tuning Fix the damage Installation Software updates Signature updates Write your own signature $$$$$$$$$$Investment

The ActiveScout Difference False Alarm RateTime to PreventionCost of Prevention 30%-60% 0% Days, Months, Years $$$$$$$ 0% $ Conventional Systems Conventional Systems Conventional Systems ActiveScout

ForeScout’s Intrusion Prevention Solutions ActiveScout Site Solution Precisely identifies and then blocks attackers at a single internet access point with zero false alarms. ActiveScout Enterprise Solution Precisely identifies and then blocks attackers with zero false alarms across a large enterprise. Enterprise Manager ׀Provides centralized management of all Scouts deployed Enterprise Heads-Up ׀Thwarts the rapid spread of attacks from one internet access point to the next.

. Internet Scout Site Manager Router Enterprise Firewall ActiveScout Site Solution Intrusion Prevention for Each Internet Access Point

ActiveScout Enterprise Solution Protects an entire enterprise Centralized viewing of all attack activity around the world Centralized management of groups of Scouts Ability to push new software updates to remote Scouts

Internet Scout Management Server Enterprise Manager Site Manager ActiveScout Enterprise Solution Intrusion Prevention for Multiple Internet Access Points Scout

Enterprise Heads-Up Enterprise deployments only Immediate sharing of threat information across multiple Scouts to assure proactive prevention across the enterprise Provides the fastest way to protect from new attacks traversing the internet

Enterprise Heads-Up Step 3. San Francisco Scout ready to block attacker Step 1. Attacker detected by New York Scout Step 2. Attack information immediately sent to Management Server New York San Francisco Management Server

Summary Accurate Identification Zero False Positives Block Known and Unknown Attacks Instantaneous Prevention Minimal Cost of Prevention

ForeScout Technologies, Inc Campus Drive, Suite 115 San Mateo, CA (650) Ayelet Steinitz Product Manager, ActiveScout Tel. (650)