SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
-
Upload
imperva -
Category
Technology
-
view
193 -
download
0
Transcript of SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
![Page 1: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/1.jpg)
© 2015 Imperva, Inc. All rights reserved.
SecureSphere ThreatRadar Improve Security Team Productivity and Focus Pravin Rasiah, Sr. Product Manager, Web Application Security, Imperva Morgan Gerhart, VP Product Marketing, Imperva
![Page 2: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/2.jpg)
© 2015 Imperva, Inc. All rights reserved.
Speakers
Confidential 2
Pravin Rasiah Senior Product Manager
Morgan Gerhart VP, Product Marketing
![Page 3: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/3.jpg)
© 2015 Imperva, Inc. All rights reserved.
Hackers Exploiting Same Old Vulnerabilities
Confidential 3
Source: Verizon 2015 Data Breach Investigation Report
![Page 4: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/4.jpg)
© 2015 Imperva, Inc. All rights reserved.
Hackers Exploiting Same Old Vulnerabilities
Confidential 4
“99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED.”
Source: Verizon 2015 Data Breach Investigation Report
![Page 5: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/5.jpg)
Confidential 5
96% of applications
have vulnerabilities Source: Cenzic
![Page 6: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/6.jpg)
6 Confidential
![Page 7: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/7.jpg)
Confidential 7
Industrialized Hacking gives hackers extreme leverage
![Page 8: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/8.jpg)
90% of security events
from known bad actors Source: Imperva
![Page 9: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/9.jpg)
90% 60%+ of security events
from known bad actors of website traffic
is non-human Source: Imperva Source: Imperva
![Page 10: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/10.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 1: Global Financial Services Firm
• Suspected it had a known bad traffic problem – Some visibility from feeds from other vendors – Way too much chaff/noise – No visibility into how this traffic was impacting apps – Only detection, no protection
Confidential 10
![Page 11: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/11.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 2: SaaS Provider
• Security team overwhelmed by web events – 6 million per hour – Knew many/most from script kiddies, malware sources and maliscious IPs – But unable to filter, focus and prioritize noise from the truly worrisome
Confidential 11
![Page 12: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/12.jpg)
© 2015 Imperva, Inc. All rights reserved.
SecureSphere ThreatRadar
Confidential 12
• Global Threat Intelligence Service
• Globally crowdsourced
• Curated by Imperva ADC
• Adds “gods-eye” context of threat landscape to WAF
![Page 13: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/13.jpg)
© 2015 Imperva, Inc. All rights reserved.
SecureSphere ThreatRadar
Confidential 13
More productive, more focused security engineering team
Cut infrastructure costs Demonstrate better
security posture
![Page 14: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/14.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 1: Global Financial Services Firm
• Suspected it had a known bad traffic problem – Some visibility from feeds from other vendors – Way too much chaff/noise – No visibility into how this traffic was impacting apps – Only detection, no protection
Confidential 14
![Page 15: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/15.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 1: Global Financial Services Firm
• Suspected it had a known bad traffic problem – Some visibility from feeds from other vendors – Way too much chaff/noise – No visibility into how this traffic was impacting apps – Only detection, no protection
• ThreatRadar showed known bad was several times worse than suspected – 12 million events in last 6 months, 11 million filtered by ThreatRadar – Geographic reputation spotlighting potential state-funded/state-sponsored actors
• Today – 90-95% of protections utilize ThreatRadar – Business trusts SecureSphere (not worried about false positives/blocking legit traffic) – Less network traffic (behind the WAF, of course)
Confidential 15
![Page 16: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/16.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 2: SaaS Provider
• Security team overwhelmed by web events – 6 million per hour – Knew many/most from script kiddies, malware sources and maliscious IPs – But unable to filter, focus and prioritize noise from the truly worrisome
Confidential 16
![Page 17: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/17.jpg)
© 2015 Imperva, Inc. All rights reserved.
Example 2: SaaS Provider
• Security team overwhelmed by web events – 6 million per hour – Knew many/most security events from script kiddies, malware sources and malicious IPs – But unable to filter, focus and prioritize noise from the truly worrisome
• ThreatRadar showed – 10-30% of traffic was from known bad sources – 80-90% of security alerts associated with traffic from known bad
• Today – Filter and ignore the 80-90% that is known bad – Prioritize and focus on what is left – “that’s the really worrisome stuff” – Noticed some actors have “given up”
Confidential 17
![Page 18: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/18.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Focused, More Productive Team
Confidential 18
Eliminate the “noise” from known bad, and prioritize on truly worrisome
Before
![Page 19: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/19.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Focused, More Productive Team
Confidential 19
Eliminate the “noise” from known bad, and prioritize on truly worrisome
Before After
![Page 20: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/20.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Focused, More Productive Team
Confidential 20
Suspicious SQL Syntax
![Page 21: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/21.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Focused, More Product Team
Confidential 21
Suspicious SQL Syntax
vs.
Suspicious SQL Syntax + Know SQLi IP
![Page 22: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/22.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Focused, More Product Team
Confidential 22
Suspicious SQL Syntax
vs.
Suspicious SQL Syntax + Know SQLi IP
Increased WAF Accuracy
![Page 23: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/23.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 23
Spam Marketing
Spamdexing: Reputation
Impact
Fraud
DDoS
Manual Reviews
Malicious Traffic
![Page 24: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/24.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 24
Spam Marketing
Spamdexing: Reputation
Impact
Fraud
DDoS
Manual Reviews
Malicious Traffic Keep Forms Safe
Gain Backend Efficiencies
![Page 25: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/25.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 25
10-50% OF WEBSITE TRAFFIC FROM
KNOWN BAD ACTORS
![Page 26: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/26.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 26
10-50% OF WEBSITE TRAFFIC FROM
KNOWN BAD ACTORS
![Page 27: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/27.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 27
10-50% OF WEBSITE TRAFFIC FROM
KNOWN BAD ACTORS
![Page 28: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/28.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reduce Infrastructure Costs
Confidential 28
10-50% OF WEBSITE TRAFFIC FROM
KNOWN BAD ACTORS
More efficient WAF Fewer logs entries Less disc needed
Fewer events to SIEM
![Page 29: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/29.jpg)
© 2015 Imperva, Inc. All rights reserved.
Globally Crowdsourced
Confidential 29
Malicious IPs Phishing URLs
Anonymous Proxy
ToR IPs
Comment Spam IPs
RFI IP Forensics
SQLi IPs
Scanner IPs
Scraping BOTS
Credit Card Cycling
Registration BOTS
![Page 30: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/30.jpg)
© 2015 Imperva, Inc. All rights reserved.
Demonstrate Better Security Posture
• Who’s on your network?
• Who’s trying to get on your network?
• Where are they coming from?
• How are they attacking?
• How effectively are you mitigating “known bad”?
Confidential 31
![Page 31: SecureSphere ThreatRadar: Improve Security Team Productivity and Focus](https://reader033.fdocuments.us/reader033/viewer/2022042701/55b6a5aabb61eb08368b46dd/html5/thumbnails/31.jpg)