Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT.

Published byTamsin Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT."— Presentation transcript:

1 1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT PROTECTION ZACH SIVERTSON Product Management March 5, 2014

2 2Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only WHAT’S NEEDED ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation GLOBAL INTELLIGENCE NETWORK

3 3Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only TAKING A NETWORK-CENTRIC APPROACH TO ANTI-MALWARE Critical Controls For Effective Cyber Defense - SANS Institute, March 2013 Utilize network-based anti-malware tools to analyze all inbound traffic and filter out malicious content before it arrives at the endpoint. “ “ Device-based anti-malware offers incomplete protection: - Proliferation of new devices - BYOD - Guest WiFi - Machine-to-machine comms Device-based anti-malware offers incomplete protection: - Proliferation of new devices - BYOD - Guest WiFi - Machine-to-machine comms Secure Web Gateway provides: - Real-time Rating - URL database - Negative Day Defense Network Anti-Malware needed for: - APTs - Targeted malware attacks Secure Web Gateway provides: - Real-time Rating - URL database - Negative Day Defense Network Anti-Malware needed for: - APTs - Targeted malware attacks Network-based anti-malware adds extra layer of defense against targeted attacks not be detected by mainstream algorithms

4 4Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only REAL WORLD RESULTS: BENEFIT OF ADDING NETWORK BASED ANTI-MALWARE TO SECURE WEB GATEWAY Global Financial Enterprise - 243.21 Billion attempts to access websites (allowed + blocked) - 793.09 Million attempts to access known malicious sites blocked by WebPulse. -89,192 Malicious files blocked by network perimeter anti-malware 12 months ending 4/13. Over 250,000 employees 4 Enterprise Network Internet Secure Web Gateway Network Anti-malware

5 5Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only CURRENT SOLUTIONS OPERATE IN SILOS Technology and Organizational silos limit current defenses

6 6Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Block Known Web Threats ProxySG Allow Known Good Content Analysis System with Application Whitelisting Block Known Bad Downloads Content Analysis System with Malware Scanning Free up resources to focus on advanced threat analysis Reduce threats for incident containment and resolution Block all known sources/malnets and threats before they are on the network Analyze Unknown Threats Malware Analysis Appliance Block Known Web Threats ProxySG Allow Known Good Content Analysis System with Application Whitelisting Block Known Bad Downloads Content Analysis System with Malware Scanning Analyze Unknown Threats Malware Analysis Appliance INTELLIGENT DEFENSE IN DEPTH Discover new threats and then update you gateways

7 7Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Non-Blue Coat Sandbox Malicious UPDATE & ALERT Not Malicious Global Intelligence Network CONTENT ANALYSIS SYSTEM WITH MALWARE ANALYSIS Content Analysis System Encrypted & Unencrypted Traffic ProxySG Internet Application Whitelisting Malware Signature Databases Blue Coat Malware Analysis ICAP / S-ICAP Threat Data Sent To WebPulse: - File HASH - URL - Time Stamp - File Name

8 8Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only File Whitelisting - For Improved Control and Performance -Eliminates need to analyze known “good” files -Ability to block delivery of all but known ‘good’ files -Tests show 29% of files are identified as ‘good’ - Database of over 1 billion files is updated continuously Orchestrated Sandboxing – For Better Performance and Accuracy -Pre-filtering results in 37% reduction in number of files sent to sandbox -Fewer files to analyze improves performance and reduces false-positives -Simultaneously send suspicious files to Malware Analysis Appliance and third- party sandboxes Dual Anti-Malware - For High Accuracy, Comprehensive Protection - Deploying two anti-malware engines increases coverage by 12% (choice of McAfee, Sophos, Kaspersky) - Best practice – network anti-malware engine(s) different from desktop CONTENT ANALYSIS SYSTEM THE FOUNDATION FOR ADVANCED THREAT PROTECTION Expandable High Performance Platform – For Investment Protection -Four models with throughput ranging from 50Mbps to 500Mbps -Scan files up to 5GB in size and analyze compressed archives 99 layers deep -Expandable over time (ex. On-box/Cloud Sandbox planned for mid-2014)

9 9Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only DISCOVERING NEW THREATS WITH BLUE COAT MALWARE ANALYSIS IntelliVM Replicate your production environment Reduce false positives Pre-filter with application whitelisting and malware scanning Protect immediately New malware discoveries shared via global intelligence network Emulation Replicate your system environment Scale your defenses Protection shifts to the gateway when new threats are discovered

10 10Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only MALWARE ANALYSIS APPLIANCE IMPROVING ON THE BASIC SANDBOX Hybrid Sandboxing – Dual detection - ‘Bare-metal’ sandbox to detonate VM- aware malware - Customized VM profiles to replicate your specific environment Plug-ins – Simulating user interaction -Replicate mouse movements, click- through dialog boxes etc… Risk Scores – Identify highest risk malware -Allows graduated response -Improve use of security resources Detailed Information – Improving response -Info on process, file system, network and registry events -Pattern matching classifies malware and identifies industry and app-specific attacks

11 11Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only DEPLOYMENT SCENARIO: GATEWAY ADVANCED THREAT PROTECTION Content Analysis System Proxy SG Malware Analysis Appliance ICAP / S-ICAP HTTPS API For Flexible/Scalable Deployment Threat Data To WebPulse: - File HASH - URL - Time Stamp - File Name

12 12Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only ATP LIFECYCLE ARCHITECTURE WebPulse Internal Network Web Server Content Analysis System Proxy SG Malware Analysis Appliance Security Analytics Platform Integrated Solution: Web Gateway + Content Analysis + Malware Analysis + Analytics Threat Data To WebPulse: - File HASH - URL - Time Stamp - File Name

13 13Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation GLOBAL INTELLIGENCE NETWORK ADVANCED THREAT LIFECYCLE DEFENSE Security Analytics Platform with ThreatBlades Content Analysis System with Malware Analysis ProxySG

14 14Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only BLUE COAT CUSTOMER FORUMS  New Blue Coat Customer Forums now available  Community where you can learn from and share your valuable knowledge and experience with other Blue Coat customers  Research, post and reply to topics relevant to you at your own convenience  Blue Coat Moderator Team ready to offer guidance, answer questions, and help get you on the right track  Access at forums.bluecoat.com and register for an account today!forums.bluecoat.com  Win an iPad mini by participating in the Blue Coat Customer Forums Referral Contest. Visit the forum for details!

15 15Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only THANK YOU FOR JOINING TODAY!  Please provide feedback on this webcast and suggestions for future webcasts to: supportnewsletter@bluecoat.com Webcast replay and slide deck found here: https://bto.bluecoat.com/training/custom er-support-technical-webcasts https://bto.bluecoat.com/training/custom er-support-technical-webcasts (requires BTO login)

16 16Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only RESOURCE CENTER

17 17Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only ADDENDUM

18 18Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only CONTENT ANALYSIS SYSTEM: TOPOLOGY EXTERNAL MAIL RELAY USERS USER DIRECTORY SWITCH INTERNET GLOBAL INTELLIGENCE NETWORK PROXY SG INTERNAL MAIL SERVER CENTRAL MANAGEMENT ADMIN FIREWALL CONTENT ANALYSIS MALWARE ANALYSIS

Download ppt "1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.

Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection

Similar presentations

Ads by Google