Upload
cisco-russia
View
365
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
AGILE SECURITY™: Security for the Real World
Present Name
Presenter Title
Date
Prepared for:
2 2
Sourcefire is Trusted Security
Trusted for over 10 years
Security from network to endpoint
▸ IPS, NGFW, Endpoint | Physical, Virtual, Cloud
Protecting organizations in over 180 countries
Innovative: 41+ patents awarded or pending
World-class research
Open source projects
▸ Snort®, ClamAV®, Razorback®
IPS MQ Leader America’s Fastest-Growing Tech Companies 2011
3 3
IT Environments are Changing Rapidly
Virtualization
Consumerization
Mobilization
Application
s
Networks Devices
VoIP
4 4
Threats are Increasingly Complex
Client-side Attacks
Targeted | Organized
Relentless | Innovative
Advanced Persistent Threats
Malware Droppers
5 5
Threats Change — Traditional Security Products Do Not
Static | Inflexible
Closed/Blind | Labor Intensive
“Begin the
transformation to
context-aware and
adaptive security
infrastructure now as
you replace legacy
static security
infrastructure.”
- Neil MacDonald VP & Gartner Fellow
Source: Gartner, Inc., “The Future of Information Security is Context Aware
and Adaptive,” May 14, 2010
6 6
What the World Needs is…
…a continuous process to respond to continuous change.
Agile Security
7 7
You Can’t Protect What You Can’t See
Breadth: who, what, where, when
Depth: as much detail as you need
Real-time data
See everything in one place
Sourcefire provides information superiority
Agile Security OS Users
Device
s
Threat
s
Applications
Files Vulnerabilities
Network
8 8
Leverage Awareness For Knowledge
Gain insight into the reality of your IT and security posture
Get smarter by applying intelligence
Correlate, prioritize, decide
Collective intelligence elevates overall defense
Agile Security
9 9
Change is Constant
Automatically optimize defenses
Lock down your network to policy
Leverage open architecture
Configure custom fit security
Sourcefire invented customized security & self-tuning
Agile Security
10 10
Act Decisively & Efficiently
Block, alert, log, modify, quarantine, remediate
Respond via automation
Reduce the ‘noise’
Superior protection through intelligence & automation
Agile Security
11 11
How Sourcefire Delivers Agile Security
COLLECTIVE
SECURITY
INTELLIGENCE
MANAGEMENT
Management Center
PREVENTION & ENFORCEMENT
NGIPS | NGFW
IPSx | Virtual | SSL
Cutting-edge technologies for comprehensive protection
Advanced Malware Protection
MANAGEMENT: Sourcefire Defense Center®
13 13
Sourcefire Defense Center®
Customizable dashboard
Comprehensive reports & alerts
Centralized policy administration
Hierarchical management
High availability
Integrates with existing security
Centralized Command & Control
FireSIGHT™ Sees “Everything”
Categories
Samples
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
Client Applications Firefox, IE6, Chrome ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel ✔ ✗ ✗
Wireless Access Points Linksys, Netgear ✔ ✗ ✗
Mobile Devices iPhone, Android ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Avaya, Polycom ✔ ✗ ✗
Virtual Machines VMware, Xen ✔ ✗ ✗
FireSIGHT™ Sees “Everything”
Categories
Samples
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
Client Applications Firefox, IE6, Chrome ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel ✔ ✗ ✗
Wireless Access Points Linksys, Netgear ✔ ✗ ✗
Mobile Devices iPhone, Android ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Avaya, Polycom ✔ ✗ ✗
Virtual Machines VMware, Xen ✔ ✗ ✗
Complete network and endpoint visibility.
Firesight delivers a level of environmental
awareness and automation never seen before in
the industry.
FireSIGHT Fuels Automation
IT Insight Spot rogue hosts, anomalies,
policy violations, and more
Impact Assessment Threat correlation reduces
actionable events by up to 99%
Automated Tuning Adjust IPS policies automatically
based on network change
User Identification Associate users with security
and compliance events
Collective Security Intelligence
Private & Public Threat Feeds
Honeypots
Advanced Microsoft & Industry Disclosures
50,000 Malware Samples per Day Snort® & ClamAV™
Open Source Communities
Sourcefire AEGIS™ Program
Sourcefire FireCLOUD™
IPS Rules
Malware Protection
IP & URL Blacklists
Vulnerability Database Updates
Sourcefire
Vulnerability
Research
Team
Global Visibility Through Open Community
NETWORK: Sourcefire Network Security Solutions
Gartner Defines NGIPS & NGFW
Next-Gen IPS (NGIPS)
Standard first-gen IPS
Application awareness and full-stack visibility
Context awareness
Content awareness
Agile engine
Next-Gen Firewall (NGFW)
Standard first-gen firewall
Application awareness and full-stack visibility
Integrated network IPS
Extrafirewall intelligence
Source: “Defining Next-Generation Network Intrusion Prevention,” Gartner, October 7, 2011.
“Defining the Next-Generation Firewall,” Gartner, October 12, 2009
“Next-generation network IPS will be incorporated
within a next-generation firewall, but most next-
generation firewall products currently include first-
generation IPS capabilities.“
20 20
Our Approach to Next-Generation Network Security
Access Control Contextual Awareness Threat Prevention App Control
Typical IPS Typical Firewall
Typical NGFWs
Sourcefire NGFW | NGIPS with FireSIGHT Technology
Single platform, with single pass engine,
providing the benefits of a converged infrastructure…
…and the benefits of Agile Security
Sourcefire Next-Generation Security
Key Capabilities
NGIPS
NGIPS with
App Control
NGFW
Network Intelligence ✔ ✔ ✔
Impact Assessment ✔ ✔ ✔
Automated Tuning ✔ ✔ ✔
Threat Prevention ✔ ✔ ✔
Application Control ✔* ✔
Stateful Firewall ✔
Switching, Routing & NAT ✔
URL Filtering Subscription Subscription
* Control license required
+ + +
One Universal Platform, Three Flexible Configurations
22 22
Custom-designed,
specialized network
processor powers industry-
leading performance
Techno logy
FirePOWER™ Technology
Enterprise Performance and Scale
NSS Labs Test Results
▸ Highest throughput ever tested
▸ Lowest price per Mbps
▸ Lowest energy cost per Mbps
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
Comparisons
Next-
Closest
IPS Throughput 27.6 Gbps 11.5 Gbps
Price / Mbps $19 $33
Annual Energy
Cost per Mbps
4¢ 6¢
Unprecedented Performance Delivered
“The 3D8260 offers the
highest accuracy and
throughput of any product
we’ve tested to date.”
-NSS Labs Test Report
Te c h n o l o g y
The Industry’s Best Threat Prevention
NSS Labs Test Results
▸ #1 in default protection
▸ #1 in tuned protection
▸ 100% evasion free
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
“This is the second year
in a row that Sourcefire
blocked the most attacks
of all products.”
-NSS Labs Test Report
Period.
Default
Protection
Tuned
Protection
Sourcefire
Industry
Average
25 25
NSS Labs Testing
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
Ratings*
99% detection & protection
34Gbps inspected throughput
60M concurrent connections
$15 TCO / protected Mbps
Leadership*
#1 in detection
Class leader in performance
Class leader for TCO
100% evasion free
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Bob Walder NSS Labs, Inc.
Ratings*
99% protection
10Gbps inspected throughput
15M concurrent connections
$33 TCO / protected Mbps
Leadership*
#1 in detection
#1 in performance
#1 in vulnerability coverage
100% evasion free
NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 NSS Labs, “Network IPS Product Analysis Sourcefire 3D8260 v4.10,” April 2012 NSS Labs, “Next-Generation Firewall Product Analysis – Sourcefire” October 2012
*
26 26
FirePOWER NGIPS: NSS Labs Test
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
Leadership*
#1 in detection
#1 in performance
#1 in vulnerability coverage
100% evasion free
Ratings (NGIPS – 8260)**
99% detection & protection
34Gbps inspected throughput
60M concurrent connections
$15 TCO / protected Mbps
** NSS Labs, “Network IPS Product Analysis
Sourcefire 3D8260 v4.10,” April 2012
* NSS Labs, “Network IPS 2010 Comparative Test
Results,” December 2010
27 27
FirePOWER NGFW: NSS Labs Test
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Bob Walder, NSS Labs, Inc.
NGFW Leadership*
#1 in detection
Class leader in performance
Class leader for TCO
100% evasion free
Ratings (8250 – NGFW)*
99% protection
10 Gbps real-world throughput
15M concurrent connections
$33 TCO / protected Mbps
* NSS Labs, “Next-Generation Firewall Product
Analysis – Sourcefire” October 2012
28 28
Reduce Risk Through Granular Application Control
Control access to Web-enabled apps and devices
▸ “Employees may view Facebook, but only Marketing may post to it”
▸ “No one may use peer-to-peer file sharing apps”
Over 1,000
apps, devices,
and more!
29 29
Reduce Client-Side Threats and Improve Productivity with URL Filtering
Block non-business-related sites by category
Configure policies based on users and groups
Over 280 million URLs
Over 80 URL categories
30 30
What Makes Sourcefire Different?
Total Network Visibility
▸ Passive, real-time visibility of apps, users, content, hosts, attacks, and more
Control Without Compromise
▸ Achieve granular network and application access control without compromising threat prevention
Intelligent Security Automation
▸ Leverage rich contextual awareness to automate key security functions, including impact assessment and policy tuning
Unparalleled Performance & Scalability
▸ Purpose-built appliances with FirePOWER™ technology
The Only
NGFW with
NGIPS!
Advanced Malware Protection: FireAMP
32 32
Threats Continue to Evolve
“Nearly 60% of respondents were at least ‘fairly certain’ their company
had been a target.” – Network World (11/2011)
The likelihood that you will be attacked by
advanced malware has never been greater.
Of attacks are seen on
only one computer
75%
33 33
Introducing FireAMP
The only way to get the
visibility & control needed to
fight threats missed by other
security layers.
Analyze & Block Advanced Malware Utilizing Big Data Analytics
34 34
Our Approach to Advanced Malware Protection
Lightweight Connector
• Watches for move/copy/execute
• Traps fingerprint & attributes
Web-based Manager
• Transaction Processing
• Analytics
• Intelligence
Mobile Connector
• Watches for apps
• Traps fingerprint & attributes
35 35
Visibility & Control with FireAMP
Reporting
Trajectory
Analysis
Control
36 36
Spotlight: Reporting
Customize by Group – Schedule or On Demand
Applications Introducing Malware
Threats Resident on First Scan
Possible APT
37 37
Spotlight: File Trajectory
Malware “Flight Recorder” shows point of entry
and extent of outbreak
Discover the
malware gateway to
reduce the risk of re-
infection
Identify systems that
have
downloaded/executed
a specific malware file
38 38
Original file, network capture and screen shots of malware execution
Understand root cause and remediation
Spotlight: File Analysis
FireAMP &
Clients
Sourcefire
VRT
Sandbox
Analysis
Sourcefire VRT Powered Insight into Advanced
Malware Behavior
Infect
ed
File
File 4E7E9331D2
2190FD41CA
CFE2FC843F
Infect
ed
File
File 4E7E9331D2
2190FD41CA
CFE2FC843F
Infect
ed
File
File 4E7E9331D2
2190FD41CA
CFE2FC843F
39 39
Spotlight: Outbreak Control
Tool How it Works When to Use
Simple Custom
Detections
Cloud-based, uses SHA or original file Fastest way to block specific malware.
Advanced Custom
Signatures
Client-based, uses advanced
techniques (e.g. offsets, wildcards,
regular expressions)
Useful for families of malware or to close gap
when waiting on sig. from security vendor
Application
Blocking Lists
Cloud-based, uses SHA or original file Blocks execution of applications based on
group policy (e.g. no Skype in HR) – good for
Zero Day
Custom Whitelists Cloud-based, uses SHA or original file Prevent false positives on trusted apps and
standard images
Create custom protection policies to stop
outbreaks without updates
Cloud Recall quarantines malware based on past exposure
40 40
FireAMP is Enterprise Ready
Manageability
▸ Complete deployment, policy configuration, integration with AD/LDAP
Performance
▸ Lightweight connector, heavy lifting in the cloud
Privacy
▸ Metadata based analysis
41 41
What Makes Sourcefire Different?
Key
Questions
Traditional
Endpoint
Forensic
Analysis
NW-based
AMP
Do we have an
advanced
malware
problem?
Reports No Not really Yes
Which endpoint
was infected
first?
How extensive
is the outbreak?
File Trajectory No Sort of… No
How does the
malware
behave? File Analysis No Yes Yes
What is needed
to recover? File Analysis No Not really Sort of…
How can we
stop the
outbreak? Outbreak Control No Not really No
V
I
S
I
B
I
L
I
T
Y
C
O
N
T
R
O
L
Advanced Malware Protection: FireAMP Mobile
43 43
Mobile Malware Trends
No question. Mobile
devices introduce risk.
Malware is on the rise. Source: Juniper
BYOD brings a
unique challenge.
44 44
The BYOD Divide
40% IT decision makers who say that workers access corporate information from employee-owned devices.
80% Employees in same
survey who say they access corporate information from their
own devices.
Source: IDC
How can you protect the enterprise if you don’t know…
1. what to protect… or…
2. the nature of the threat
45 45
FireAMP Mobile
Advanced Malware Protection Using Big Data Analytics
Visibility: detect & analyze
▸ Android (2.1+) threats
▸ Cloud-based, real time
Control: contain & remediate
▸ Blacklists
Enterprise Ready
Thank You.