1. Taking Control of Cloud Security
Travis Abrams
Taking Control of Cloud Security

2. DG Technology Consulting A Unique Perspective on Security
Consulting and Professional Services
Health checks
Deployment services
Strategic Partner
VAR Board Leadership on product feedback
Technical Advisory Board member on product enhancements
Software Vendor
MEAS-Mainframe Event Acquisition System

3. Why Intel?

4. The Cloud Brings New Challenges
SECURITY
Increasingly sophisticated malware
Increased SSL-encrypted web traffic
Advanced, persistent threats
APPLICATION
VISIBILITY
More people & devices connecting to more applications outside traditional network, often without IT knowledge
FLEXIBILITY
Need to accommodate changing business conditions
Protection needs to travel with the user and device rather than stay in the office
With all this in mind, today I am going to focus on 3 areas causing problems for a lot of organization’s today as they move more and more applications to the cloud: Security, Application Management and Flexibility.
Security: The more your employees use the cloud, the more you’re risking exposure to malware. You need to know that your web protection is keeping up to meet evolving threats.
ApplicationS: With more people & devices connecting to more applications outside traditional network, are users getting where they need to go?
And what about visibility - Do you even know which web applications your employee’s are using?
Are your users acquiring cloud applications without your knowledge or approval?
How can you enforce security or acceptable usage policy over applications you don’t even know about?
Do you know what data is flowing out of your company?
And then there’s flexibility: in today’s mobile world, protection needs to travel with the user and device rather than stay in the office.

5. What's holding back the cloud?

6. What’s holding back the cloud?

7. The Power of Cloud Computing However, security remains the roadblock
Business agility
Cost efficiencies
Enhanced innovation
Improved IT services
The Power of Cloud Computing
However, security remains the roadblock
Data loss
Authentication, Authorization and Audit
Information governance
Data control

8. Cloud Channels Public Cloud Enterprise Partners Cloud Vendors
Applications
Customers
Public Cloud
Data Loss
Data Loss
Authentication
Web
Intrusion
Intrusion
And it’s no wonder people are concerned. Trying to manage the flow of data between your organization and the cloud – public or private – is both complex and cumbersome. And while many people are concerned about data being breached behind the network or within the Cloud, our data <need to verify> reveals that the vast majority of data loss occurs during transit to and from the Cloud via the three primary channels of Cloud traffic – Web traffic, traffic and Identity traffic.
Enterprise
Mobile
Users
Private Cloud
Applications

9. Security How can I block web-borne threats?
What about outbound threats?
What other tools should I be considering?
First, let’s tackle security… the topic that’s top of mind for many IT executives in today’s world of highly publicized, embarrassing and costly breaches.

10. Web Gateway Meets The Challenge
Reputation (GTI)
Geo-location (GTI)
URL categorization & filtering (GTI)
Media & file analysis
Identify all web applications, including shadow IT
Enforce acceptable usage policy
Control access with SSO and multi-factor authentication
Application Visibility
Content Inspection
DLP Engine
Full dictionaries
Enforce data leakage policy
File encryption
Protect data on file-sharing sites
Scrutinize HTTPS traffic
Identify malware and applications hidden in encrypted web session
Data
Leakage eP
SSL
Scanning
Signature-based AV
Zero-day malware detection
Dissect, emulate target platform environment
Evaluate code behavior
Botnet Client
Identify “phone-home” behavior
Aggressive scanning of non-human initiated requests
Anti-Malware
NOTE TO PRESENTER: This slide can be used to deliver an overview of the features in MWG, or as an introduction to the following slides which take a deeper dive into each set of features.
McAfee Web Gateway provides extensive, multi-layered protection for all your users accessing the web. It delivers (build on each bullet):
Extensive content inspection, reputation analysis and site categorization, plus a variety of file filtering techniques, can be used to block undesirable sites or content.
SSL scanning – which examines the contents of encrypted web traffic for both hidden malware as well as applications that IT needs to manage
Anti-malware – both signature-based and zero-day malware detection
Botnet client – The ability to spot malicious applications that may have slipped onto a computer that are trying to contact a command-and-control server
Data leakage – a DLP engine with can enforce policy regarding the movement of sensitive data outside the enterprise network; as well as the ability to transparently encrypt files that are uploaded to Box or some other file-sharing site
Application management – the ability to find all web applications in use, and apply acceptable usage policies on approximately 1,200 popular SaaS applications and social media, to improve security and end-user convenience with SSO and multi-factor authentication.
Outbound Traffic
Inbound Traffic

11. McAfee Cloud Security Platform Modules
Partners
Cloud
Vendors
Applications
Customers
Cloud Ecosystem
Unified Management, Policy and Reporting, ePO Integration
Modules
SaaS or Appliance
Services Gateway
Identity Manager
Web
Authentication
Security
Data Loss
Prevention
Web
Security
We’ve introduced a new Cloud Security Platform, helping businesses more safely and confidently take advantage of the time and cost-saving benefits of Cloud computing. Rather than adopting the unique – and sometimes unknown – security practices and policies of each Cloud vendor, the McAfee Cloud Security Platform allows businesses to extend and apply their OWN security procedures into the Cloud.
Today, this includes securing traffic, identity traffic, and all web traffic, including mobile and app services traffic. In addition, we offer powerful DLP solutions and capabilities, providing an additional layer of security and protection around your most critical information.
Modular by design, the platform gives users the flexibility to choose both security modules they want or need and the deployment options best for their situation, be it appliance, Software-as-a-Service, or a hybrid combination of both. And like all McAfee solutions, the various security modules are powered by McAfee’s legendary Global Threat Intelligence Network, providing the world’s fastest and most accurate threat detection capabilities in the world.
And finally, through ePO organization, we’re able to provide centralized management and reporting.
Global Threat Intelligence
Cloud Security Platform
Enterprise
Mobile
Users
Enterprise
Users
Private Cloud
Applications

12. Malware Detection McAfee Beats The Competition 1170 malware samples
In late 2014, McAfee tested current versions from McAfee and four other secure web gateway vendors, using 1170 malware samples. The results showed that McAfee detected 83.9% of the malware, while the nearest competitor identified 69.1%.
1170 malware samples

13. McAfee Gateway Anti-Malware Engine Scanning
DISSECT
Unique McAfee technology
Emulation provides real- time protection
Most effective zero-day protection
ANALYZE
EMULATE
McAfee’s proven anti-virus software can block known threats that have a recognized signature. However, this ability, while essential, is not sufficient as malware authors become more proficient at creating attacks that evade signature detection.
Therefore, what’s needed is a proactive analysis engine that uses a heuristic approach to emulate and evaluate the behavior of a payload, without depending on a signature. McAfee Gateway Anti-malware (GAM) Engine is just such an engine.
Other vendors evaluation processes look at the category, reputation and signature of an incoming web page.
GAM, on the other hand, dissects the page into its various components, then analyzes each component in detail. Finally, it emulates the target environment to evaluate the behavior of the payload. Is it doing anything suspicious, like trying to unpack an encrypted set of code?
Based on the proactive intent analysis of the payload, GAM does a superior job of identifying zero-day malware and blocking it. In fact, in the 2014 Magic Quadrant for Secure Web Gateways, Gartner said, “MWG has strong malware protection due to its on-box browser code emulation capabilities. The solution provides the ability to adjust the sensitivity of malware detection. A rule-based policy engine enables flexible policy creation.”
I should point out that this is not a true sandbox platform. That capability is part of McAfee Advanced Threat Defense, which we’ll discuss in a moment. However, short of running a sandbox, GAM is the most effective zero-day malware detection you can run.

14. Data Loss Prevention
In addition to controlling the applications, McAfee also protects data being sent to cloud applications. In this screen shot we see a hacker attempting to send a web with a file attachment containing credit card numbers.
McAfee Web Gateway includes Data Loss Prevention technology as part of its web protection capabilities. It includes predefined DLP dictionaries and enables custom dictionaries to be created through either keyword matching or regular expressions. This enables you to apply comprehensive DLP rules to your outbound web traffic, ensure and document regulatory compliance, and provide forensic data in the event of a breach – all without purchasing another solution.
In this example you can see that an employee at “Acme Rocket Co.” is attempting to send credit number data (protected by PCI DSS) in a LinkedIn message – but a DLP rule blocked the attempt.
McAfee DLP is recognized as a Leader in the Gartner DLP Magic Quadrant,. Most of our competition either provide much weaker DLP technology, or use third-party DLP software which is not under their control.

15. Encryption protects cloud-based files
Proactive Encryption
Data loss prevention can also be extended to protect uploads to file sharing/collaboration sites containing sensitive information, such as credit card numbers, and (based on your policies) automatically encrypt or block the file before uploading it. This prevents the file from being accessed by anyone who attempts to download it without going through the Web Gateway first.
This file encryption feature is unique to McAfee and was called out as one of our strengths in the most recent Gartner Magic Quadrant: “In addition to its existing data loss prevention (DLP) support, MWG also protects sensitive data stored in public clouds from unauthorized access. It can automatically encrypt files transmitted to Dropbox and other file sharing and collaboration sites, and users cannot retrieve and decrypt files without going through the MWG.”
Encryption protects cloud-based files

16. Aggressive scanning blocks malware
Security
Block Infected Client Communications
Patent pending, outbound detection of botnet client phone-home behavior
Understand difference between normal user and application-initiated requests
Dynamically adjust proactive detection level
Real user clicks link
Unsolicited download
Normal response
Malware
McAfee’s advanced malware protection applies to scanning and evaluating outbound traffic behavior, as well.
This is critical for organizations that don’t protect roaming users or off network laptops – user goes to the coffee shop and brings back an infected machine. The challenge becomes, how do I identify these machines and block them from phoning home?
The proactive anti-malware engine can tell the difference between user based browsing requests and malicious applications attempting to contact a command-and-control server.
When we detect this kind of outbound traffic, we can dynamically adjust the aggressiveness of the heuristic scanning of that traffic.
Normal Scanning
Normal response
Aggressive scanning blocks malware

17. Managing Cloud Environments

18. Managing Cloud Environments

19. Managing Cloud Environments

20. Application Visibility
Application Discovery
What applications are your users actually using?
Application Controls
Can you enforce security or manage application entitlements?
Application Access
Can you deliver user access and strong authentication?
A major challenge for many organizations is the shadow IT problem caused by users purchasing applications without considering the security ramifications of deploying them in your network.
As a system administrator you have to know what SaaS applications your users are actually using. Otherwise, they may be exposing your organization to security risks you’re not even aware of.
Once you’ve identified the specific applications in your environment, the next step is to implement your acceptable usage policy and enforce any restrictions you need to place on end-user entitlements.
Finally, the last stage is to enable and manage application access for the web applications your users are using. For those applications that contain sensitive data, you should also consider using multi-factor authentication to validate a user’s identity before granting him/her access to the application.

21. Frost & Sullivan: The Hidden Truth Behind Shadow IT
TODAY’S REALITY:
More than 80% of employees worldwide use SaaS applications without IT approval.
Frost & Sullivan: The Hidden Truth Behind Shadow IT
“shadow IT” is not a trivial problem. In a recent world-wide survey of both IT professionals and line-of-business users (non-IT) conducted for McAfee by industry analyst firm Frost & Sullivan, we discovered that more than 80% of employees in the surveyed organizations were using SaaS applications that IT knew nothing about.
The survey also uncovered the disturbing fact that on average, 15% of employees worldwide have experienced a security, access, or liability incident while using SaaS.

22. Consistent Security Across Cloud Traffic Channels
App-to-Cloud
User-to-Cloud
McAfee Identity Manager
Cloud SSO, Strong Auth, Provisioning
McAfee Services Gateway
App API & Web Service Security
McAfee ePO
Integrated monitoring for Cloud apps
McAfee Web Gateway
To the Cloud- web filtering
From the Cloud- AV & Malware
McAfee DLP
To /From the Cloud-Data leak protection
McAfee Global Threat Intelligence
Provides real-time URL and connection reputation

23. Application Discovery
What applications are on your network?
What applications are on your network?
Which are blocked?
Which are blocked?
The bottom line is you can’t control what you don’t know about. How do you solve this problem?
McAfee Web Gateway includes Content Security Reporter (CSR), which enables you to create dashboards that you can use to identify any and all SaaS/cloud applications your users are accessing.
Application discovery exposes which applications are in your network, who’s accessing them and what impact they’re having on your infrastructure, eliminating the uncertainty of shadow IT.
Who are the top users?
Who are the top users?
How much bandwidth are they using?
How much bandwidth are they using?

24. Web Application Controls
Enable/Disable specific applications
Control entitlements, access, data sharing
Apply policy based on application, user, group, risk, …
Now that you know WHO has is running cloud applications in your environment, the next step is to control WHAT they can do with those applications.
With McAfee, you can choose from more than 1,200 controls to enforce your organization’s acceptable usage policy for most popular web applications: enabling or disabling access or specific functionality as needed.
You control who uses a web application and how it is used. Do you want to enable access to Facebook but not allow Facebook chat or posting? Block users from sending out LinkedIn messages? No problem.

25. Customize block page with your logo, colors, instructions…
Application Controls
Query for YouTube category in real-time
Set policy by: Category, Author, Channel
Customize block page with your logo, colors, instructions…
For example, you can allow access to YouTube but control what content your users are accessing such as Music videos.
Note that YouTube has their own categories on the left side. Real-time look-ups of YouTube content categories enable you to easily incorporate YouTube categories into access policies.
This allows you to, for example, block users from playing music videos during work hours.
Note, also, that you can customize the block page message with your own logo, color scheme, and user instructions.

26. Application Access SSO Launch Pad Single Sign On One Time Password
Laptop
Internal User
When your employees get access to multiple SaaS applications , a common result is password chaos – with passwords written down or stored in (unprotected) lists in the employee’s mobile device. Employees hate to have to remember and manage multiple passwords.
Just ask yourself, “how many web application passwords do you have?”
With McAfee Web Identity, a Web Gateway optional add-on, McAfee is the only vendor to give you the flexibility and convenience of integrated web application single sign-on that eliminates the hassle of managing all those passwords. Plus, your help desk will appreciate the reduction in password reset calls.
You can also use McAfee One Time Password with multi-factor authentication to reliably verify a user’s identity before giving them access to SaaS applications that contain corporate secrets or personally identifiable information.
A final consideration is provisioning and de-provisioning capabilities that can be used to automatically create and terminate accounts as users profiles in your enterprise directory are added or removed.
Built-in reporting helps you monitor SaaS application usage and compliance with regulatory requirements.
This integrated solution includes easy to deploy and user-friendly access management capabilities that make life more convenient for users, cut down on help desk calls, while at the same time providing the enterprise with stronger security.
Mobile
SSO Launch Pad

27. The Offer Free Risk Assessment
McAfee security experts will conduct a free content security risk assessment
Deploy McAfee Web Gateway 30-day trial
Transparently collect web traffic (including from your existing SWG vendor) and evaluate:
Correct URL filtering/categorization
Web traffic containing known and zero-day malware
Acceptable usage policy enforcement
Provide you with a results report
Risk Assessment

28. Thank you!