© 2013 Skybox Security Inc. 2

Agenda

Skybox Security Introduction

Challenges for Network Security Today

– More critical, more complex

Practical Steps to Optimize Network Security

Management Process

– The macro view - manage the enterprise network

– The micro view - manage every device

– Powerful analytics incorporating risk and

vulnerabilities to identify attacks

– Change management at the core


Skybox Security Overview

Protect the Network and the Business

Visibility and Intelligence to decipher complicated

network security interactions

Eliminate Attack Vectors to protect business

services and data

Automate and Optimize complex security

management processes

Powerful Risk Analytics for Cyber Security

“Skybox…considers risk to systems by taking into consideration the

network topology and prioritizes vulnerabilities for remediation.”

–How to Assess Risk and Monitor Compliance for Network Security Policies

Gartner (2013)


High Performing Organizations

Choose Skybox Security

Service

Providers

Energy &

Utilities

Government

& Defense

Others

Financial

Services


Network Security:

Mission Impossible?


Your Mission: Continuously Maintain Network

Security Controls in a Complex Environment

500 network devices

7 different vendor

languages to deal with

25,000 FW rules

1,000 IPS signatures

55,000 nodes

65 daily network changes

Infrastructure spanning

three continents

No room for error


While Meeting Challenging Expectations

Maintain Compliance

Keep Out Attackers

Enable New Services

Optimize Performance

Troubleshoot Efficiently


Traditional Tech – More Hinder than Help?

Firewalls Constant Changes

IPS Is it effective?

Ping, Traceroute

Inefficient?

Vulnerability Data How old?

Network Topology Visualize?

Pen Test Large Scale?


Time to Rethink Security


Rule 1: Network Security Management

Requires a Macro View

Normalize all infrastructure data from multiple vendors

– Configs

– Hosts

– Assets

Enhance network visibility

– Model Topology

– Map to hosts

– Detect missing info

Update continuously

‘What if’ analysis


Highly Scalable Access Path Analysis

Access Analyzer takes

into consideration:

- Routing

- NAT

- Firewall rules (ACL)

- VPN


Rule 2: Daily Device Management Requires

a Micro View

Rule, access policy and

config compliance,

Take into account

network complexities –

segments/zones,

routing,

vendors,routers/switches

/IPS, FWs

Optimize to streamline

rule-set


NGFW Application Policy Management

Skybox Survey (2012):

46% enable BYOD and external social apps

• Enable automated

policy compliance

• View access policy

violations by

application

• Block or limit access

checks by

applications

• Network modeling of

users and

applications


Rule 3: Attack Simulation to Identify Attack

Vectors

© 2012 Skybox Security

Probable attack vector to Finance servers asset

group “Multi-step” attack,

crossing several network zones

Connectivity Path

Attack

Vector

How to Block

Potential

Attack?


Incorporate Vulnerability and Risks

Firewalls are not just

firewalls

IPS

Anti-malware

Application control

Today you need to

understand risk,

vulnerabilities, IPS

signatures, applications,

and availability needs


Verify Effective IPS Coverage

Skybox Survey (2012)

62% plan to use IPS in active protection mode

• Review and report on

configuration of recent

threats

• Understand overall

signature coverage

• Activate only necessary

signatures, maximize

performance and

prioritize vulnerabilities


Plan Contextual and Actionable Remediation

Install security patch on server

Change firewall access

rule

Activate signature on

IPS


Rule 4: Change Management Process is Key

Monitor changes

Troubleshoot access

Follow standard

processes

Handle exceptions

Reconcile changes

Benefits:

– Continuously monitor

change and minimize

risks

– Link and automate

security processes

Pre & Post Change Control

Capture

Assess

Design Implement

Verify


Combined Effect: Verify Network Security

Controls on a Continuous Basis

Network change

exposes vulnerabilities • CVE 2013-203

• CVE 2013-490

New

attack

scenario

blocked

by IPS

Unauthorized access

path from Partner to

Internal zone

Will change cause

compliance or

availability risks?

Firewall is allowing

access to risky

services


Skybox Security Integration with McAfee

Continuous monitoring of vulnerabilities

Risk-based prioritization

Risk metrics and reports

Remediation planning

Threat impact analysis

Continuous monitoring for compliance

Change management

Configuration management

Network visibility

Skybox Network Security Management

Skybox Vulnerability and Threat Management

Firewall

Assurance

Network

Assurance

Change

Manager

Risk

Control

Threat

Manager

McAfee Firewall Enterprise

McAfee Stonesoft McAfee Vulnerability

Management


Network Visibility

Predictive Risk

Analytics

Extensive Integration

Complete Platform

Unique Technology Delivers Business Value

Network path

analysis,

multi-step

attack

simulation,

KPI metrics

Over 70

network

devices and

management

tools

Non-

disruptive

network

topology

modeling, &

simulation

Consolidate

security

management

solutions


Summary: Best Practices Checklist

1: Macro view - Consistent, comprehensive, up-to-

date view of network topology at all times

2. Micro view - Have detailed device level view for

granular control

3: Powerful Analytics, Attack simulation

– Leverage analytical tools to quickly find attack

vectors and troubleshoot access

– Be responsive to changing risks – take

vulnerability and threat data into account

4: Verify changes in advance


Questions & Answers

26

POST-CONFERENCE, ACCESS PRESENTATIONS AT:

• www.mcafee.com/focus13

• Password: presentations13

STAY CONNECTED. JOIN THE PLACE: www.mcafeetheplace.com

LEARN MORE AT:

• [insert links if you have any or highlight other sessions]

RATE THIS SESSION!

From the FOCUS App select session # [inserted by FOCUS staff]


Thank you

www.skyboxsecurity.com

Best Practices for Network Security Management

Technology

Transcript of Best Practices for Network Security Management