Download presentation
Presentation is loading. Please wait.
Published byCarol Weaver Modified over 9 years ago
1
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security
2
McAfee Confidential What Is Advanced Malware? 2 Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) Evades Legacy-based Defenses Typically Criminal Discovered After the Fact Key Challenges Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signature- based mechanisms. Theft Sabotage Espionage Stealthy Targeted Unknown Data loss Costly clean-up Long-term damage
3
McAfee Confidential Advanced Targeted Attack Challenges 2 Theft Sabotage Espionage Criminal High Value Data Key Systems Exploit Weakness Stealthy After the Fact Expensive Public Uncertainty CONTAINMENT ATTACK COMPROMISE DISCOVERY Replacement Process Preparation Sadder but Wiser
4
McAfee Confidential Another set of challenges Disconnected Security 4 Multiple products operate in separate functional silos No efficiency, no effectiveness Stale defenses lack adaptive, context- aware capabilities Increasingly complex to manage Constantly rising costs of operational security
5
McAfee Confidential Challenges Faced by Security Professionals 5 Black Hat Conference, USA False Positives 20% Detection 35% Other 3% Protection 22% Damage Repair 9% Timely Response 11%
6
McAfee Confidential Data Exchange Layer 6 Adaptive Security Architecture Asset Threat Identity Activity BPM Risk Data Location An innovative, real-time, bi-directional communications fabric providing with product integration simplicity. Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security.
7
McAfee Confidential Advanced Malware 7 Market wisdom Identified However, Sandboxing by Itself Should Not be Your Only Defense Resource Intensive Not Real Time Lacks Scalability ??? Because of Behavior Analysis Because No Signature Match ??? Sandboxing Safe ? Malware ? ? Alert vs Actions Not effective against all malware
8
McAfee Confidential 8 Organizational Intelligence Security Administrators SOC IR Global Threat Intelligence McAfee Global Threat Intelligence Third-Party Feeds Threat Intelligence Assemble, override, augment, and tune the intelligence source information. Other Data Sources Future ? Local Threat Intelligence McAfee Web Gateway McAfee Email Gateway McAfee Network Security Platform McAfee Next Generation Firewall McAfee Endpoint Security McAfee Enterprise Security Manager McAfee Threat Intelligence Exchange Server McAfee Threat Intelligence Exchange Applying the power of knowledge McAfee Advanced Threat Defense
9
McAfee Confidential 9 FIXFREEZE FIND
10
McAfee Confidential 10 FIXFREEZE FIND Advanced Threat Defense McAfee Email Gateway McAfee Web Gateway Network Security Platform Next Generation Firewall
11
McAfee Confidential 11 FIXFREEZE FIND Advanced Threat Defense McAfee Email Gateway McAfee Web Gateway Next Generation Firewall Network Security Platform
12
McAfee Confidential 12 FIXFREEZE FIND Advanced Threat Defense Next Generation Firewall Network Security Platform McAfee Email Gateway McAfee Web Gateway McAfee Enterprise Security Manager (SIEM) McAfee ePO
13
McAfee Confidential IOC 1 IOC 2 IOC 3 IOC 4 ATD Sandbox ESM SIEM Adaptive Threat Prevention and Detection Web Gateway Email Gateway NGFW NSP Network & Gateway Endpoints network and endpoints adapt payload is analyzed new IOC intelligence pinpoints historic breaches previously breached systems are isolated and remediated TIE Endpoint Module DXL Ecosystem
14
McAfee Confidential Continuous Visibility to Detect Advanced Attacks 14 Instant visibility into the presence of advanced targeted attacks Automatically transform events into actionable intelligence allowing automated triage Identify evidence of compromise and forensic artifacts Provide the visibility and threat intelligence for incident response Security components operate as one regardless of physical boundaries
15
McAfee Confidential Threat Intelligence Exchange Lowers TCO and Improves Your ROI 15 Integration simplicity through McAfee’s data exchange layer Reduces implementation and operational costs Extends existing McAfee security detection, prevention, and analytics technology investments Enables unmatched operation effectiveness and agility
16
McAfee Confidential Numerous appliances Protocol-Specific Deployment Firewall Data Center Servers End-user Endpoints DMZ Email/DNS/App Web Gateway Email Gateway IPS Web Malware Analysis Email Malware Analysis File Server Malware Analysis Internet 16 Endpoint Sandbox Manager Management and Forensics SIEM ePO Malware Analysis/ Forensics Central Manager
17
McAfee Confidential Lower cost of ownership and scalability Firewall Data Center Servers End-user Endpoints DMZ Management and Forensics Email/DNS/App Web Gateway Email Gateway IPS Malware Analysis/ Forensics Central Manager Web Malware Analysis Email Malware Analysis File Server Malware Analysis Centralized Deployment Advanced Threat Defense Internet 17 SIEM ePO
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.