Data Center System Incident Management Data Leakage Protection Public Key Infrastructure

1. Rational Unified Process
Bezpieczeństwo
in Action
Data Center
Szymon Dowgwiłłowicz-Nowicki
Styczeń 2012 roku

2. Bezpieczeństwo informatyczne
 Audyty bezpieczeństwa
 Testy bezpieczeństwa aplikacji
 Bezpieczny Cykl Rozwoju
Oprogramowania (SDL)
 Zarządzanie tożsamością
 Badanie zabezpieczeń sieci
 Projektowanie zabezpieczeń
 Analiza podatności zabezpieczeń
 Rekomendacje naprawcze
 Pen-Testing
 Badanie zgodności
 Coaching / Szkolenia
2

3. Motywy kryjące się za incydentami bezp.
Source: Breach/WASC 2007 Web Hacking Incident Annual Report

4. Data Center Security
System Incident Management
Q1Radar/INVEA-TECH

5. Juniper STRM / IBM Q1Labs QRadar Architecture
 STRM – Real time network &
security visibility
 Data collection provides
network, security, application,
and identity awareness
 Embedded intelligence &
analytics simplifies security
operations
 Prioritized “offenses”
separates the wheat from the
chafe
 Solution enables effective
Threat, Compliance & Log
Management

6. Unrivalled Data & log Management Log
Management
• Networking events
– Switches & routers, including flow data
• Security logs Compliance Forensics Policy
– Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway Templates Search Reporting
AV, Desktop AV, & UTM devices
• Operating Systems/Host logs
– Microsoft, Unix and Linux
• Applications
– Database, mail & web
• User and asset
– Authentication data
• Support for leading vendors including:
– Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com,
TopLayer and others
– Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS,
McAfee,Snort, SonicWall, Sourcefire, Secure Computing,
Symantec, and others
– Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow
– Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat,
SuSe), SunOS, and others
– Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange,
and others
• Security map utilities:
– Maxmine (provides geographies)
– Shadownet
– Botnet
• Customization logs through generic Device
Support Module (DSM) Adaptive Logging Exporter

7. Q1Radar Key Value Proposition
Threat Detection:
Detect New
Threats That Others Miss
Log Management:
Right Threats at the Right
Time
Compliance:
Compliance and Policy
Safety Net
Enterprise
Value
Complements
Juniper’s Enterprise
Juniper’s STRM Mgmt Portfolio
Appliance

8. INVEA-Tech: FlowMon

9. INVEA-Tech: Lawful Intercept

10. DLP – Data Leakage Protection
Fidelis Security

11. Exfiltration
• Business Partners
• Webmail
Leakage
• Social Networking
Uneducated User
• Cloud
Theft
• Nation States
Malicious Insider
• Organized Non-State
Actors (e.g., Terrorist
groups)
Exfiltration • Organized Crime
External Threat Actors • Advanced Persistent
Threats

12. Fidelis XPS Products

13. ®
The Secret Sauce: Deep Session Inspection
• Total visibility and control over inbound and outbound network traffic
• Deep, session-level application, payload and content decoding and analysis
• Flexible, multi-level policy engine with multiple real-time enforcement options
(visualize, alert, prevent, etc)
• Scalable up to multiple Gbps of analyzed throughput in a single device

14. Fidelis SSL Inspector Solution
• Identifies and decrypts all SSL/TLS encrypted traffic
– Based on SSL/TLS handshake detection, not on TCP port (port-independent)
– Decrypts everything over SSL (HTTP, POP3, SMTP….) – not just HTTPS
• Forwards ALL traffic (SSL and non-SSL) to XPS for analysis
• Completely transparent to endpoints at the IP, TCP and HTTP levels
– Don’t need to configure endpoints to “point at” it – it’s an SSL proxy, not an HTTP proxy
– Just need to install an endpoint-trusted CA certificate on the SSL Inspector
• Scales up to 1 Gbps in a single device

15. Fidelis Extrusion Prevention System®―Fidelis XPS™
Comprehensive Information Protection
• Content protection
• Application activity control
• Encryption policy enforcement
• Threat mitigation
Deep Session Inspection™ Platform
• Comprehensive visibility into content
and applications
• Prevention on all 65,535 ports The Power to Prevent:
• Wire-speed performance It’s the Next Generation
Network Appliance
• Fast to deploy = quick time-to-value
• Easy to manage
• Enables zones of control

16. Policy Engine: Power of Context
•In addition to pre-built policies, customer-specific policies can
easily be built using Fidelis XPS’ powerful policy engine.
• Policy = group of one or more rules
• Rule = logical combination of one
or more triggers delivers context
Trigger > Content Trigger > Location Trigger > Channel
Sensitive information defined Sender and recipient Details about the
in content information information flow
analyzers
1. Smart Identity Profiling 1.source IP address 1.Application / protocol
2. Keyword 2.destination IP address (port -independent)
3. Keyword Sequence 3.Geographical Data–the country in 2.Application-specific Attributes
4. Regular Expressions which the IP address is registered (e.g., user, e-mail address, subject,
5. Binary Signatures 4.Username filename, URL, encrypted, cipher,
6. Encrypted Files 5.LDAP directory attributes and many more)
7. File Names 3.Port (Source / Destination)
8. Exact File Matching 4.Session length / size
9. Partial Document Matching 5.Day of week / Time of day
10.Embedded Images 6.Session duration
7.Decoding path

17. Social Network whilst Mitigating Risk
• Technical and Business Controls
• Ensure employees code-of-conduct policies covers social networking
– Who can speak on behalf of the company
– What can employees use social network for
• Train employees on roles and risks of social networking
• Create official profiles for corporate executives
– Even if they will not actually be used
– Request sites block executives account
• Implement technical controls that address how social network is used
• Social Networking is here to stay
– Security Policy needs to address how it is used
17

18. Fidelis XPS: Risk assessment in vivo
• 88 suspects culled out of >150,000 transactions in a 24
hour period.
Price list trawling in password-
protected areas
PII over FTP in clear text
File transfers of confidential office
documents using MSN Messenger.

19. Public Key Infrastructure
Nexus Security

20. Nexus PKI – System Overview

21. Nexus - PortWise Authentication Suite

22. Nexus IT Security - Corporate Environment

23. Nexus PKI – System Overview

24. Dziękuję za uwagę
Szymon Dowgwiłłowicz-Nowicki
sdow@premiumtechnology.pl
601.890.080
Copyright © 2011 Premium Technology Sp. z o.o. All rights reserved.