Optimizing Network Security Greg Brown McAfee Network Defense
description
Transcript of Optimizing Network Security Greg Brown McAfee Network Defense
Optimizing Network Security
Greg BrownMcAfee Network Defense
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
CRM SaaSOrganizedHackers
TargetedAttacks Bots
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
Salesforce SaaSOrganizedHackers
TargetedAttacks Bots
Fragmented technology management
Multi-product solutions(NAC, Data Protection)
Compliance requirements
Increased operational cost Data and productivity risk Reduced business agility
Complexity Impact
A Better Way
• Security technology worked together seamlessly
What if…
4
• Threat protection was prevalent throughout your network
• Investigation escalations could be simplified
• Compliance was a natural result of your security investment
• Security could reduce your operating costs
Security Management Platform
System
Sustained Compliance
Global Threat Intelligence
Security Innovation
Alliance (SIA)Network
Network
Optimized Security Architecture
Network
McAfee Network Security Portfolio
• Comprehensive threat/vulnerability protection
• Enabled by Global Threat Intelligence
• User-aware policy controls
• Flexible policy definition
• Compliance monitoring
• Common Management framework
• Optimized workflow
• Role-based administration
Protection Policy Management Platform
• High performance• Scalability• Enterprise-class
reliability• Flexible delivery
(appliance, blades, virtual)
Network
McAfee Network Security Portfolio
Internet Gateways
NetworkDefense
IntrusionPrevention NAC
UTM
FirewallUserBehavior
DLPEmailWeb
Every Day is Day Zero
• Over 1,200,000 malware detections identified in first half 2009
• 80% of malware is obfuscated with packers and compression technologies
• Password stealing Trojans increased 225% in 2007
• 80% of attacks financially motivated; up from 50% two years ago
# of Threats
Being prepared requires continual research on a
global scale
78,381271,197
1,500,000
1,200,000
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
2006 2007 2008 1H 2009
Global Threat IntelligenceUnique to McAfee
System Network
Security Management Platform
Automated Compliance
Global Threat Intelligence
Most Comprehensive NetworkSecurity Research
System
Automated Compliance
Network
Global Threat Intelligence
Security Management Platform
WebSecurity
Research
McAfeeCustomers
MalwareResearch
EmailSecurity
Research
NetworkSecurity
Research
RegulatoryComplianceResearch
VulnerabilityResearch
Global Threat Intelligence Technology Capabilities
• Protocol definition/behavior/ reputation
• Network attack definitions
• Phishing/Malware
• Protocol definition/behavior/ reputation
• Network attack definitions
• IP reputation• Anti-Malware
• Protocol definition/behavior/reputation
• Vulnerability assessment
• Anti-malware
IntrusionPrevention NAC
UTM
FirewallUserBehavior
DLPEmailWeb
• IP/URL reputation• Spam profiles• Anti-malware
• IP/URL reputation• Content based
malware• Exploits
• IP/URL reputation• Spam profiles• Network attack
profiles• Anti-malware
Global Threat IntelligenceZero Day Response Environment
Internet
BOTSGotyou.com
Firewall - IPS
Email Gateway
Web Gateway
1. New phishing email on webmail
2. User clicks
3. Malware detected even without a signature
Global Threat IntelligenceZero Day Response Environment
InternetGlobal ThreatIntelligence
BOTSGotyou.com
Firewall - IPS
Email Gateway
Web Gateway
4. Samples Fingerprinted5. Attributes analyzed in real time
6. Reputations and Signatures Updated
Security Management
Network Security sees BOT instruction channel
activity
Incident Investigations
Calls local sysdmin to have system diagnosed
Leaves voicemail.Leaves voicemail.
Leaves voicemail.
“Got your message. I am in the middle of a critical database upgrade. I’ll check
into it ASAP.”
And the process repeats with each new incident
McAfee ePolicy OrchestratorOptimizes Your Security Architecture
WebSecurity
Research
McAfeeCustomers
MalwareResearch
EmailSecurity
Research
NetworkSecurity
Research
RegulatoryComplianceResearch
VulnerabilityResearch
Security Management PlatformCommon Reporting/Status Common Information Base Automation and Workflow
Global Threat Intelligence
System Network
Automated Compliance
Automation and Workflow
Incident Identified
Network IPS
Adminstrator sees Bot instruction channel being
blocked by IPS
Automation and Workflow
System Health
VulnerabilityManager
Gets health and security info about the source from ePO
System flagged for remediation
Automation and Workflow
Scope of the Incident
To see who they haveexchanged data with Network User
BehaviorePO Vulnerability
Manager
Automation and Workflow
Data at Risk
And see what data was potentially impacted Network User
BehaviorNetwork DLP
Capture
Management IntegrationTurns Days into Clicks
Confidential McAfee Internal Use Only
Comprehensive Security Portfolio
Global Threat Intelligence
Common Management Framework
Firewall/UTM
Intrusion Prevention
UBA
NAC
Email Security
Web Security
Network DLP
Best in Class Partial None/inferior
Analysts Agree: McAfee LeadsA
bilit
y to
Exe
cute
Web IPS
Web
E-mailDLP
Gartner Forrester
Niche Players Visionaries
Challengers Leaders
Completeness of Vision
Strategy
Cur
rent
Offe
ring
LeadersStrong Performers
Firewall
Industry Quotes
“Organizations must take a more unified approach to security.The days of managing network defense, Web and messaging security and data security as separate activities simply won’t succeed in today’s economic and threat environment. Effective Network Security must have global intelligence and must be integrated into the broader organizational security management infrastructure. For the next three to five years, reducing cost of ownership will drive security investments.”
Chris Christiansen, Vice President, Security Practice, IDC
Industry Quotes
“The opportunity for customers to save money and improve protection is incredible. McAfee has taken leading products and bundled them in a way that can fundamentally change the customer’s economics. With Web 2.0 threats growing, this provides us with a compelling value proposition for our customers.”
Douglas Hollenshead, President and CEO, Future Com
County of Orange, California
• Brittle, sprawling, aging firewalls• Increasing malware risks• High compliance bar• Extreme budget pressures
Challenge
24
• Consolidated 57 firewalls to 8 McAfee Firewall Enterprise (Sidewinder) • Replaced existing mail and Web with McAfee Mail Gateway (Ironmail)
and Web Gateway(Webwasher)
Evaluated each Product Category Standalone
• Reduced infrastructure change time from 45 days to 4. • Met all outbound compliance and reporting requirements• Estimated taxpayer savings of $42K/day!
Benefits from Single-Vendor Solution
County of Orange, California
25
“In four years we haven’t had an outbreak or a breach. {With Secure Computing} they got stopped at our edge …other counties called us and said, “Why? What did you do different than we’ve done? Because we got infected…”
Tony Lucich, CISO
Adena Health Systems
• Detect and block malicious traffic from outside the firewall• Protect 100 servers, 1,700 workstations, and highly
specialized medical applications• Reclaim network bandwidth
Challenge
26
• Delivered complete perimeter protection for a large, regional network• Immediately identified malicious traffic• Reduced the cost of protection while simplifying management• Scaled easily to meet network growth
Benefits of McAfee Network Security Platform
Adena Health Systems
27
Summary of Financial Results Risk-Adjusted
Return On Investment (ROI) 142%
Payback Period Within 5 Months
Total Costs (Present Value) ($244,659)
Total Cost Savings and Benefits (PV) $593,276
Total (Net Present Value $348,617
Adena Health Systems
28
“McAfee Network Security Platform …has been running without a problem since it was installed. Its functionality is fully deployed …We’re very happy with McAfee Network Security Platform.”
Brian Young , Sr. Network Security & System Administrator
Your Opportunity
29
• Enhance your business agility• Improve your network protection
• Improve security responsiveness•Enhance the ROI of your security investments
See how McAfee can…
• Face to Face demo with a product specialist
• Scope a solution for your environment
Learn more about the products
Product Features and Benefits
IntrusionPrevention NAC
DLP
FirewallUserBehavior
UTMEmailWeb
McAfee Firewall Enterprise Appliance
Firewall
• Comprehensive, high performance firewall• Robust central management• Fully integrated anti-virus, URL filtering, SSL
decryption and on-firewall IPS• Reputation-based filtering• Virtualized and rugged deployment options
• Streamlined firewall management processes • Improved protection through reduced attack surface\• Improves responsiveness to emerging business needs
Customer Benefits
McAfee Network Intrusion Prevention
IntrusionPrevention
• Award-winning, network-class protection for absolute security confidence
• 10-Gigabit Ethernet performance• Real-time risk-aware IPS• System-aware IPS with McAfee ePO™ integration• Dynamic network access control
• Improved network availability and performance• Stream-lined security management processes through
ePO integration• Reduced risk and cost associated with patching cycles
Customer Benefits
McAfee Network Access Control Appliance
NAC
• Access Protection for Unmanaged Endpoints• Tightly integrated with ePO for Managed Endpoint
NAC• Identity-based access control• Comprehensive post-admission control• Network class reliability and availability
• Flexible deployment and policy definition• Reduced risks from guest and infected systems• Reduced cost of management and administration
Customer Benefits
McAfee Network User Behavior Analysis
UserBehavior
• Real-time, enterprise-wide visibility of user activities• Intuitive interface instantly pinpoints most relevant
user behavior• Out of band deployment gives visibility with no risk• Integrates with existing infrastructure (user
directories, network & flow data) for seamless adoption
• Minimize IT and business risks• Unparalleled visibility for compliance• Optimization of security investments
Customer Benefits
McAfee Web Gateway
Web
• Next Generation Web 2.0 security proxy• Enables Safe Secure Web access• High Performance: robust, enterprise class
proxy cache• Enables Productive use of Web 2.0 applications
• Protects against Web 2.0 blended and targeted malware attacks
• Flexible policy and scalable reporting to enable compliance
• Flexible and agile deployment to fit any infrastructure
Customer Benefits
McAfee Email Gateway
• Inbound Protection against spam, email-borne threats and malware
• Outbound Protection – Complete DLP and Advanced Compliance included; integrated encryption
• Administrative Empowerment – Flexible policy creation and robust reporting
• Reduce costs associated with spam and email-borne malware
• Stop data leakage via email• Comply with regulations requiring email security
Customer Benefits
McAfee Network Data Loss Protection
DLP
• Complete Protection for data at rest and in motion• High Performance: 2-3x faster than the competition• Fast Deployment• Low Cost: Appliance form-factor removes need for
expensive servers and databases
• Universal DLP protects data everywhere• Easy to own/deploy appliances, no complexity• Integrated incident management and enterprise-
wide reporting and monitoring
Customer Benefits
McAfee Email and Web Gateway
• Reduces cost and complexity• Simplifies email and web controls• Removes barriers to improving security
Customer Benefits
• Integrated email and web protection• Enterprise-class security • Inbound and outbound traffic inspection• Packaged for medium to small businesses
Email/Web
McAfee UTM for SMBs and Branch Offices
UTM
• Consolidated technologies within one interface - simple• Protection for every threat vector• Cost: More value for the customer’s money
Customer Benefits
• Leverage enterprise-class technology packaged for the SMB
• No nickel and diming - Includes reporting, and unlimited user and VPN licensing
• Only SMB multi-function firewall withglobal reputation
• Support: One year 24/7 included
Confidential McAfee Internal Use Only
Security Management Comparison
Global Threat Intelligence
Common Management Framework
Firewall/UTM
Intrusion Prevention
UBA
NAC
Email Security
Web Security
Network DLP
Best in Class Partial None/inferior
Total Protection
for Gateway
Total Protection
for Network
Unified Management and Threat Intelligence
Executive Threat Deck
43
4,500
3,500
0
2,500
1,500
Jul Aug Sep Oct
Unique Koobface Binaries Discovered
4,000
3,000
2,000
1,000
NovDec Jan Feb Mar Apr May Jun20092008
500
Malware Writers Love Facebook
18
14
0
10
6
Oct
Last 2 Years in Messaging
16
12
8
4
Nov Dec
2008
B
2
Jul SepAug
2008 2009
Jan Feb Mar Oct Nov DecApr May Jun Jul SepAug Jan Feb Mar Apr May Jun Jul
Amount of HamAmount of SpamTotal Messaging Volume Percentage Spam
100
0
80
60
40
20
%
Spam at a New All-Time High
350
250
0
150
50
1997 1998 2008 2009
MS Vulnerabilities
300
200
100
2006 20072004 20052002 200320011999 2009
Overall and Microsoft Vulnerability Growth
7000
5000
0
3000
1000
1997 1998 2008 2009
Yearly Vulnerability Count
6000
4000
2000
2006 20072004 20052002 200320011999 2009
Overall and Microsoft Vulnerability Growth