Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall...
Transcript of Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall...
![Page 1: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/1.jpg)
Walter Doria
Technical Director – Exclusive Networks
How to bind Network Admission Controlwith
Advanced Threat Protection
![Page 2: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/2.jpg)
FireEye and ForeScout – The Partnership
ForeScout is a Cyber Security Coalition Partner
integrations with many FireEye products
NX, TAP, EX, HX
40+ Joint customers
Executive sponsorship at highest levels
Commitment to build the best integrations and strategically approach the market
![Page 3: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/3.jpg)
FireEye and ForeScoutTwo Sets of Eyes Provide a More Complete Picture
Makes the invisible visible
Provides the full context of all devices in the network
Enables policy-based access and controls
Ownership of the entire threat lifecycle and kill chain
Experts in forensics and investigative tools
![Page 4: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/4.jpg)
WITHIN VMs
ACROSS VMs
CROSS ENTERPRISE
DETONATE2 MILLION
OBJECTS
PER HOUR
ANALYZE
Detection and Prevention - Technology
CORRELATE
![Page 5: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/5.jpg)
FireEye Intelligence — A Global Defense Community
4,000 CUSTOMERS IN 67 COUNTRIES
10M+ VIRTUAL MACHINES5M+ ENDPOINTS
REAL-TIME INFORMATION SHARING
RISK AND CONTEXT TO PRIORITIZE RESPONSE
TACTICAL AND STRATEGIC INTELLIGENCE WITH ATTRIBUTIONTHAT IS APPLICABLE AND ACTIONABLE TO YOUR ORGANIZATION
DYNAMICTHREAT
INTELLIGENCE
![Page 6: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/6.jpg)
What It does.
How It is different.
ForeScout Basics
![Page 7: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/7.jpg)
CONTINUOUS
AGENTLESS
Not VisibleVisible
See withIoT
Managed Unmanaged
Computing Devices
Network Devices
Applications
Antivirus out-of-date
Broken agent
Vulnerability
SEE
![Page 8: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/8.jpg)
CONTROL
AUTOMATED
POLICY-DRIVEN
INFORMADJUSTALERT SEGMENT
Users EndpointsNetwork Existing IT
![Page 9: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/9.jpg)
ORCHESTRATE
AUTOMATE WORKFLOWS
SHARE CONTEXT
ControlFabric Open APIs
IBM
![Page 10: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/10.jpg)
ForeScout & FireEye
How Do They Fit Into Your Network
![Page 11: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/11.jpg)
Detection and Incident Response
• ForeScout + NX, EX, HX,TAP
HX Managed DevicesBYOD Devices Rogue DevicesIoT Devices
NX / EX HX MTP
ForeScoutCounterACT™
Internet
Network
!
1
2
3
4
5
6
NX or EX discovers a new day zero threat and informs ForeScout and HX of the IOCs
HX Managed Devices – HX finds devices with IOCs and manually quarantines; if automated containment is needed, HX turns over to ForeScout for automated containment
Non-HX Managed Devices – ForeScout finds devices with IOCs, identified by FireEye, and stops malware, automatically and in real time.
ForeScout limits access to the network for any infected devices
ForeScout feeds additional contextual info (including network, user, location, compliance) of the compromised devices to TAP ,enabling an organization to prioritize threats and assess risk
Scenariocorporate user downloads a malicious file
Malware proliferation is stopped
As devices declared clean, ForeScout allows devices back on the network.
TAP
![Page 12: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/12.jpg)
Full Endpoint Protection
• ForeScout + HX and MTP
HX / Managed DevicesBYOD Devices IoT Devices
NX / EX HX MTP
ForeScoutCounterACT™
Internet
Network
1
2
3
4
5
ForeScout discovers ALL devices on the network – managed or unmanaged.
Managed Endpoints – ForeScout validates the HX agent is installed, fully functional and up to date; if needed, ForeScout restarts/ reinstalls HX, or triggers HX server to reinstall it
BYOD – ForeScout inspects device security against corp policy; if compliant, device is granted access; if not, it is blocked or assigned to guest network.
Mobile Corp Devices – ForeScout validates if the MTP agent is installed. If needed, ForeScout triggers installation of the MTP agent; MTP then scans all applications for malware and if compromised, ForeScout limits or blocks access
IoT Devices – ForeScout classifies IoT devices and dynamically assigns them to a dedicated network; it monitors device traffic, and limits abnormal behavior, while providing contextual information about the device
ScenarioForeScout and HX/ MTP protect all Endpoints in a corporation
TAP
MTP / Mobile Devices
![Page 13: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/13.jpg)
Firewall SIEM ATD VA Endpoint Patch EMM
… is breaking down the silos
The Real Value
![Page 14: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/14.jpg)
Combined Value Proposition
• Visibility• Compliance• Network/Access
Control• Guest/BYOD
Management• Continuous
monitoring• Orchestration
• Threat Detection• Threat Response• Email Protection• Threat Analytics• Forensics• Incident Response• Mobile Security
• Complete threat and security posture visibility
• Automated, policy –based incident response
• Security automation and 3rd party orchestration
![Page 15: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/15.jpg)
VIDEO
![Page 16: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/16.jpg)
> A host connects to the Network via a Wifi Device
> CounterACT which monitor the network is aware of this host and knows where it is
> An infected object is downloaded by the client and analysed by FireEye which is in the middle
> As per FireEye decision, the object is classified as malicious
> FireEye informs CounterACT about the security event
> CounterACT block the infected client by asking the Wifi to rewoke its authentication
![Page 17: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/17.jpg)
> The benefit of the integration of these three security platform explain the CARM concept
> Cyber Attack Remediation and Mitigation
> The attack has happened and the host was infected
> The network reacts to the malicious event
> The impact has been minimized
![Page 18: Advanced Threat Protection - Exclusive Networks · Detection and Incident Response ... Firewall SIEM ATD VA Endpoint Patch EMM ... • Visibility • Compliance • Network/Access](https://reader030.fdocuments.us/reader030/viewer/2022020303/5b43c3777f8b9a64608b6931/html5/thumbnails/18.jpg)