PR Web Gateway - u.b5z.netu.b5z.net/i/u/10210123/f/PR_Web_Gateway.pdf · " Powerful policy engine:...
Transcript of PR Web Gateway - u.b5z.netu.b5z.net/i/u/10210123/f/PR_Web_Gateway.pdf · " Powerful policy engine:...
McAfee Confidential—Internal Use Only
McAfee Web GatewayCustomer NameYour Name, Your Title
August 26, 2013
McAfee Confidential—Internal Use Only
Rank Country Population Date of Estimate
1 China 1,349,560,000 November 20112 India 1,247,288,000 November 20113 Facebook 800,000,000 November 20114 USA 314,028,000 November 20115 Indonesia 243,162,000 November 20116 Brazil 197,238,000 November 2011
If Facebook Was a Country
Internet’s Number One Site
August 26, 20132
• People spend over 750 billion minutes per month on Facebook
• 65% of adults use social networking (Pew Research, May 2011)
McAfee Confidential—Internal Use Only
Social Media Value and Threats
August 26, 20133
“Facebook easily infiltrated by data-harvesting bots, researchers find” PCWorldNovember 2011
“Facebook and YouTube dominate workplace traffic and bandwidth”SC MagazineApril 2010
“Researcher plants rogue app in Apple’s App Store”ComputerworldNovember 2011
“Loudmouth workers leaking data through social networking sites”The RegisterApril 2009
“Hackers take over NBC Twitter account”The New York TimesSeptember 2011
New Marketing Channels
Employee Life/ Work Balance
Collaboration Tools/Business Apps
Find Employees
McAfee Confidential—Internal Use Only
Traditional Web Gateway Solutions
August 26, 20134
Web 1.0 block /allow technology• Web Filtering• Outbound URL requests are only filtered by
the URL category or content of the Web site• Inbound traffic may not be filtered• Block or allow—don’t allow granular,
controlled access to interactive social media sites
• Completely block access to infected sites—no granularity
Anti-Virus• Protection gap with signature-only gateway
anti-virus solutions—can’t build signatures fast enough, when are systems updated
• No protection again zero-day attacks and non-executables such as JavaScript and HTML docs
Most companies have a security blind spot because they don’t decrypt SSL
Web 1.0 Gateway• Outbound Proxy• URL Web Filter• Web usage logs
Anti-Virus Gateway• AV Signatures only• No Zero-day
protections
McAfee Confidential—Internal Use Only
Today’s Web Business Challenges
5
SECURITY Proactive Malware Protection
CONTROLEnable and Manage Inbound/Outbound Access
PERFORMANCE Scalability, Flexibility, Manageability
McAfee Confidential—Internal Use Only
McAfee Web Protection: Designed For Today’s Web
6
SECURITY
CONTROL
PERFORMANCE
• Hybrid security• Local: Proactive anti-malware protection • Global: McAfee File Reputation, Web Reputation
• Deep content inspection including SSL traffic
• Robust proxy / cache• Enterprise scalability• Flexible delivery: Appliances, VMware, SaaS, blade
• Flexible deployment: Proxy, transparent bridge, transparent router
• Inbound / outbound filtering of multiple Web protocols • Powerful policy engine: application control, prevent
data loss• Extensive reporting/auditing
McAfee Confidential—Internal Use Only
McAfee Web Gateway: Safe Productive Use of Today’s Web
7
http:80
Gnutella:80
Malicious SQL injection
Keylogger
McAfee Web Gateway
Inappropriate Use
Spyware phoning home
Leaking data
Web FilteringAnti-Malware and Anti-Virus
SSL ScanningApplication Control
AAA ProxyCache
Data leakage/complianceComprehensive reporting
McAfee Confidential—Internal Use Only9
Unprecedented Malware Growth
Cumulative Malware Threats
20,000,000
40,000,000
10,000,000
30,000,000
50,000,000
60,000,000
2011
• On track to reach 75 million samples by year end
• Collect on average 2 million new samples every month
• Detections surpass a frightening 60,000 samples per day
2007 2008 2009 2010
5,987 7.9Million
18.6Million
34.8Million
Source: McAfee Labs
70,000,00075
Million
McAfee Confidential—Internal Use Only
Sample malicious traffic from financial institution
10
HTML Documents (Incl. embedded scripts)
Windows Executables
Standalone JavaScript
Graphics (JPEG, GIF)
McAfee AV: Signature coverage
McAfee Anti-Malware: Proactive coverage
30%
1% 0.5%
5%
16%
47%
McAfee Confidential—Internal Use Only
Gateway Defense in DepthProtects against known and unknown threats quickly and efficiently
11
GeolocationGeolocation
Web ReputationWeb Reputation
Web CategorisationWeb Categorisation
Media/File AnalysisMedia/File Analysis
File ReputationFile Reputation
McAfee Anti-VirusMcAfee Anti-Virus
Gateway Anti-MalwareGateway Anti-Malware
McAfeeWeb
Gateway
McAfee Confidential—Internal Use Only
Gateway Anti-Malware“Zero Day” Protection—Behavioral Intent Analysis
August 26, 201312
Visual Basic for AppsMacros in Office Docs
Java Applets andApplications
JavaScript and Visual Basic Script
Windows Executablesand Dynamic Link Libraries
ActiveX Controls andBrowser Helper Objects
Adaptive Policy Based on Location, Risk Posture, and Categorization
AnalyzeIntent
Emulate
Dissect
McAfee Confidential—Internal Use Only13
McAfee Labs
EmailFirewallIPS DLPWeb AWLePO AV
13
File Reputation Engine
Web Reputation Engine
Network Reputation Engine
Email Reputation Engine
Vulnerability Information
Threat Intelligence FeedsOther feeds & analysisServers FirewallsEndpoints Appliances
Mobile
100+ BILLION Queries/Month
How Global Threat Intelligence WorksDelivering the Most Comprehensive Intelligence in the Market
McAfee Confidential—Internal Use Only
Overview of Testing by AVTEST
August 26, 201314
PE Malware Test: Detection of relevant current malicious Win32 portable executable (PE) files, also referred as “Zoo viruses”, which are not older than three months at the start of the review
Zero-Day Testing: Testing of the effectiveness of dynamic URL filtering capabilities and protection against zero-day malware by accessing real URLs that host malicious downloads
Non-PE Malware Test: Detection of current malicious non-PE files, such as PDF exploits, as well as files including malicious scripts and macros for Microsoft Office and other applications, which are also not older than three months
McAfee Confidential—Internal Use Only
Malware Detection
15
91%
99% 99%
74%
94%97%
25%
85%
71%
58%
91%
16%
0%
20%
40%
60%
80%
100%
Zero Day Protection Rate PE Malware Detection Non-PE Malware Detection
McAfeeBlue CoatCiscoWebsense
• Cloud intelligence• Ability to open content
and inspect• Proactive scanning
• Signature-based protection
• Worms, Trojans• PW stealing programs
• PDF exploits• Macros for MS Office• Malicious scripts
AV-Test.orgPerformance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.
McAfee Confidential—Internal Use Only
McAfee Web Gateway
August 26, 201316McAfee Web Gateway
CONTROL
McAfee Confidential—Internal Use Only
Powerful Rules-Based Engine
• McAfee Web Gateway includes a powerful policy engine that enables unmatched flexibility in creating and applying policy
– Enable/disable specific functionality– Remove malicious links or extract only the malicious code while letting the
balance of the page display• Application Control: Point/Click control for over 1000 web applications
– BitTorrent, Kazaa, Youtube, Facebook, LinkedIn, etc.• Flexible Control
– Apply policy based on specific application, user, group, risk, etc.• Enable data loss prevention for web mail• More strict malware policy on high-risk or specific applications• Enable or disable specific functionality as needed
– Allow Facebook but block all Games or specific games: Mafia Wars
• Additional applications– Flexible rules engine detects/applies policy beyond listed web applications
McAfee Confidential—Internal Use Only
Control: Remove functionality
August 26, 201319
Remove Inbox and Search functions from
McAfee Confidential—Internal Use Only
Web Filtering for Endpoints v3.0
8/26/201321
• Web Filtering for Endpoints (WFE): Add-on Module to SiteAdvisor Enterprise Plus v3.0
– Common database and category set – Common reporting:
• Domain and download reporting with ePO • Detailed reporting with Web Reporter
– Gateway aware• Disable SAE/WFE when behind a web
gateway
– Tamper resistant– Added value
• Educates and warns end users – before they click
• Advanced phishing protection • Indicates amount of potential spam/email
from each website
McAfee Confidential—Internal Use Only
McAfee Web Gateway
August 26, 201322McAfee Web Gateway
PERFORMANCE
McAfee Confidential—Internal Use Only
McAfee Web Security
23
Per
form
ance
Branch Office Corporate HQ
WG4000
WG4500
WG5000
WG5500
Content Security Blade Server
McAfee Confidential—Internal Use Only
Understand Traffic and Simplify Investigations
24
• Pre-built and customizable reports and dashboards
• Real-time views with extensive drill-down capability
• Scheduled reporting in multiple languages quickly process GBs of data
• Enterprise features: delegated reporting options
McAfee Confidential—Internal Use Only
ePolicy Orchestrator
25
• Integrate data from multiple sources into a single hub– Web, email, end points, networks, vulnerabilities and more
• McAfee Web Gateway and ePO– Customizable dashboard– Actionable reports– Launch UI and view system information
McAfee Confidential—Internal Use Only
Success: Trusted By Enterprises Around the World
26
T R U S T E D
McAfee Confidential—Internal Use Only
Recognized Web Gateway Leader
27
“MWG has strong on-box malware protection through use of the McAfee Gateway Anti-Malware Engine...”
“[McAfee] received the highest score on the technology portion of the evaluation...thanks to its innovative Web reputation technology and high-performing appliance,…”
IDC ranks McAfee #1 in Appliance Market Share –for web security appliances
SC Magazine Awards 2012 Best Web Content
Management Finalist
SC Magazine Awards 2012 Best Anti-Malware
Gateway Finalist
McAfee Confidential—Internal Use Only
Experience the Benefits
28
Estimated ROI
• Fortune 100 US corporation • Existing web proxy/gateway installation
30-Day POC Evaluation
One sixth of usersmoved to Web Gateway
280,000 URLs categorized incorrectly by current proxy
16,000 discrete web objects containing malware
Scanned Results
50,000 URLs with unacceptable reputations
Ninety-two million URLs
346,000 websites andweb objects
Background
1,000 desktops saved from infection
Savings:
Remediation costs: $150-$200 per desktop
During POC: $150,000-$200,000 savings
Extrapolated to entire organization: $900k to 1.2M savings per month
McAfee Confidential—Internal Use Only
Heuristic Detections
99%
File Reputation
1%Virus0%
Trojan0%
- 2,000 4,000 6,000 8,000
10,000
2011
-01
2011
-02
2011
-03
2011
-04
2011
-05
2011
-06
2011
-07
2011
-08
Detection Results at FedEx
August 26, 201329 Source: FedEx
Web Gateway deployment begins Feb 5
Malware download blocks
McAfee Confidential—Internal Use Only
McAfee Web Gateway Summary
30
Security: proactive, layered protection on all web traffic
Control: enable and manage inbound/outbound access
Performance: scalability, flexibility, manageability
Value: Minimize risk, say yes to Web 2.0, consolidate features