1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout.

Slides:

Advertisements

Similar presentations

1 Effective, secure and reliable hosted security and continuity solution.

Advertisements

FIREWALLS Chapter 11.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Lisa Farmer, Cedo Vicente, Eric Ahlm

Guide to Network Defense and Countermeasures Second Edition

The State of Security Management By Jim Reavis January 2003.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Network Security Testing Techniques Presented By:- Sachin Vador.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Computer Security and Penetration Testing

Controls for Information Security

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Using Windows Firewall and Windows Defender

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Guide to Network Defense and Countermeasures

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Role Of Network IDS in Network Perimeter Defense.

IS3220 Information Technology Infrastructure Security

-SHAMBHAVI PARADKAR TE COMP  PORT SCANNING.  DENIAL OF SERVICE(DoS). - DISTRIBUTED DENIAL OF SERVICE(DDoS). REFER Pg.637 & Pg.638.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.

Proventia Network Intrusion Prevention System

Working at a Small-to-Medium Business or ISP – Chapter 8

Secure Software Confidentiality Integrity Data Security Authentication

Click to edit Master subtitle style

Virtualization & Security real solutions

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Chapter 4: Protecting the Organization

Firewalls and Security

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Honeypots Visit for more Learning Resources 1.

Using Software Restriction Policies

Presentation transcript:

1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout

2 ActiveScout Solution ActiveScout solution provides:  Preemptive identification of potential attackers  Accurate identification of potential attackers to reduce false positives to zero  Automatic action to block attackers in real time  Minimal installation and daily operational costs

3 Evolution of Perimeter Protection Firewall Provides robust static security according to predefined policies

4 Evolution of Perimeter Protection IDS Sends alerts when attack is recognized and already through the firewall

5 Evolution of Perimeter Protection Frontline Network Defense ActiveScout Provides accurate detection and blockage of known and unknown attacks before they reach the network

6 Port Scan launched Typical Attack Process without ActiveScout Firewall Internet Router Enterprise IDS Attacker The majority of network attacks are preceded by reconnaissance activity. In this example, a port scan is used. These recon techniques seldom change.

7 Typical Attack Process without ActiveScout Firewall Enterprise IDS Attacker The network sends information about hosts and services in response to the recon. This information may be used to subsequently exploit the network. Network responds with legitimate, available services Internet Router

8 Typical Attack Process without ActiveScout Firewall Internet Enterprise IDS Attacker Utilizing the network information received, the attacker uses existing or new exploits to attack network hosts and services and effectively breaks into the network. Exploit is launched Router

9 Port Scan launched ActiveScout Frontline Network Defense Firewall Internet Router Enterprise IDS Attacker ActiveScout The attacker uses reconnaissance techniques, a port scan in this example, to discover potentially vulnerable network resources. ActiveScout Console

10 Firewall Enterprise IDS Router ActiveScout Frontline Network Defense ActiveScout ActiveScout Console Attacker Internet ActiveScout responds with virtual services Network responds with available services ActiveScout identifies recon activity and watches for the network to respond. It then generates marked traffic that is sent back to the potential attacker. This traffic is not distinguishable from legitimate network traffic.

11 Firewall Enterprise IDS When the attacker next uses the marked information to launch an exploit, ActiveScout with ActiveResponse technology then identifies the marked traffic. The attack is accurately identified and optionally blocked by ActiveScout or the firewall if desired. Router ActiveScout Frontline Network Defense ( ) ActiveScout ActiveScout Console Exploit is launched Attacker Internet

12 ActiveResponse Technology Patented technology that:  Identifies all reconnaissance activity  Replies to the recon attempt with an authentic- looking response, created on the fly and registered within ActiveScout  Identifies potential attacks based on this ‘marked information’ and optionally blocks them, regardless of attack method Result: Accurately identifies attackers and then prevents them from implementing new and/or existing attacks against the network.

13 ActiveScout Solution Distinguishes real attacks from the noise  Scarce security resources are focused on the real crises and do not waste time on false positives  Identifies ‘low and slow’ attacks Provides Closed Loop Perimeter Protection  After identifying an attacker ActiveScout can optionally: –Automatically block attackers –Have the firewall automatically block –Update all ActiveScouts when an attacker has been identified to provide automatic perimeter lockdown

14 ActiveScout Management “At-a-glance” attack situation display Map identifies attacker location Shows both current & historical data for trend analysis Generates historical management reports Enterprise Console consolidates information from multiple ActiveScouts

15 Summary The ActiveScout solution utilizes patented ActiveResponse technology to provide Frontline Network Defense that  Eliminates false positives  Prevents Unkown attacks  Reduces OpEx through automation  Provides Enterprise wide protection