Trustport - Roman Veleba
-
Upload
jan-fried -
Category
Technology
-
view
167 -
download
4
description
Transcript of Trustport - Roman Veleba
![Page 1: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/1.jpg)
Know what is going on in your network!
Advanced Security Network Monitoring
![Page 2: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/2.jpg)
Cyber security situation today
2
Main targets: governments,
infrastructure, corporates,
financial institutions…
80% acts organized activity
![Page 3: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/3.jpg)
Cyber crime – Targeted Attacks
3
- 5 Chinese military officers charged with
stealing data from six US companies
- steal blueprints, manufacturing processes,
test results, about nuclear & solar power
- periodically revisit the victim’s network over
several months
Source: The Guardian 20.5.2014
WATERING HOLE ATTACKS
-Focus on websites that employees
from targeted organizations visit
-Malware inserted to gain sensitive
information
![Page 4: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/4.jpg)
TrustPort in a nutshell
− World most effective antivirus
− Network Behavior Analysis using
Artificial Intelligence
4
− Producer of security solutions
− Daughter of Cleverlance
![Page 5: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/5.jpg)
TrustPort
− World most effective antivirus
Virus Bulletin RAP continuous 1st place (08/13 – 02/14)
5
![Page 6: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/6.jpg)
Threat Intelligence overall
6
− Monitoring of network flows and
security incidents (all in one solution)
− Real time analysis of network behavior
(performance monitoring, application
awareness, bandwidth usage etc.)
− Detection of attack symptoms in
network traffic
Specific features
Network Behavior Analysis (NBA)
Signature based network analysis (IDS)
Flow based network analysis
Performance network analysis
Antivirus
Honeypots
![Page 7: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/7.jpg)
Example – case study
The client: a European service provider
500 employees, 3 branch offices
Filling Gaps
− Detection of severe security events not detected by other
means
− Continuous affirmation that the perimeter defense is
working correctly
− Detection of anomalous and outlier network behavior
7
![Page 8: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/8.jpg)
Example – case study
Testing of Three Competing Solutionsthree competing products:
− McAfee NTBA
− IBM Qradar
− Cisco Cognitive Analytics
Problems:
− Large data transfers
− Several serious security incidents
− Solutions did not discover any unknown threats
8
![Page 9: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/9.jpg)
Example – case study
Deployment and Results of Threat Intelligence
− Three hardware network probes were deployed at the
three border routers
− The most serious incident discovered by TI was 10
trojanized smart phones (connected to the network
through WiFi)
− The malware was sending data (based communication) to
IP in Japan
− TI detected these Trojans mostly by recognizing repetitive
behavioral patterns (machine behavior different v human)
− Detected in first 15 mins after implementation
9
![Page 10: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/10.jpg)
Results
− Tested for six weeks
− reports were analyzed by TP
− results were handed over to the client
− the solution was fully deployed
− client's network personnel was trained
− high detection capabilities of TrustPort Threat Intelligence
− high value for money
− an intuitive user interface
− the integration of IDS
10
Example – case study
![Page 11: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/11.jpg)
11
NBA Detection Core
![Page 12: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/12.jpg)
Why TI?
12
− All in one solution
− High sensitive protection (zero day, APT’s etc.)
− Adaptive detection (latest detection methods)
− Fast Detection (unknown attacks 1-2 min)
− Machine Learning (Self configuration during the first 24
hrs.)
− Easy deployment (in hours, easy deployment, most
networks)
− Most detailed NBA (frequency characteristics analysis)
− Most advanced AI (winners of NIST challenge)
− Intuitive GUI (program designed from past experience)
![Page 13: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/13.jpg)
13
![Page 14: Trustport - Roman Veleba](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c446974a79592a078b45fb/html5/thumbnails/14.jpg)