SlideShare ist ein Scribd-Unternehmen logo

Network cloaking sansv2_

CMR WORLD TECH
CMR WORLD TECH

Network cloaking Death of the Internet Firewall. Firewalls are an excellent defense

Daten & Analysen
1 von 9
Downloaden Sie, um offline zu lesen
NETWORK CLOAKING ™ AS A DEFENSIVE STRATEGY FOR INTRUSION PREVENTION SYSTEMS By David A. Lissberger CEO – EcoNet.com, Inc Network Cloaking™ (nĕt` wûrk` klōk`-ing) n. 1. A combined technology and methodology that prevents network intrusions by making protected networks invisible to malicious external users. v. 2. The act of utilizing the Sentinel IPS™ to protect a network. Etymology: Created in 2002 by econet.com, Inc. to describe the functionality of their Sentinel IPS™ product.
2 Introduction Chinese General, Circa 500 B.C. The ultimate in disposing one's troops is to be without ascertainable shape. Then the most penetrating spies cannot pry in, nor can the wise lay plans against you. ** Sun Tzu ** This can be a powerful intrusion prevention strategy, if we apply this way of thinking to the protection of your network. Imagine your network and its resources were “without ascertainable shape”. If your network were invisible to hackers and malicious users, then the wise would truly be unable to “pry in”, nor lay plans against you. “You can’t hack, what you can’t see.” The goal of this paper is to have you consider “Network Cloaking”™ and the EcoNet Sentinel IPS™ Intrusion Prevention System as an addition to your layered network security solution. We will review several of the leading intrusion prevention strategies, so we can compare and contrast them to Network Cloaking™. Whether you have a simple T-1 Internet connection with a couple of servers, or a complex network with a security event management system, Sentinel IPS™ with “Network Cloaking”™ is the best way to protect your network from intrusions and malicious code at the Internet gateway. Finally, this paper will review the Sentinel IPS™ deployment with regard to the ease of network integration. Attempting to integrate in-line network devices has been problematic for network administrators. In-line devices suffered some setbacks when first introduced. False positives have been the “Bain of existence” for many IPS “early adopters”, but as you will see the Sentinel IPS deployment methodology provides effective, affordable, easy integration and management of an IPS solution.
3 The Death of the Internet Firewall. Firewalls are an excellent defense against network intrusions. With all the ports closed, the firewall may be considered "non-breachable." It is unlikely, if not impossible, to be hacked through a closed port of a quality firewall. Most of the major firewall manufacturers have reported vulnerabilities in the firewall applications. However, most intrusions occur through the ports that have been opened, usually by personnel entrusted by the organization requiring protection. By definition, opening a port on a firewall anonymously is the same as "turning off" the firewall on that port. Companies routinely turn off several ports on their firewalls for a number of reasons. Since intrusions generally occur through the open ports on a firewall, in a sense, most companies no longer have a firewall. We would not consider letting a passenger onto a commercial flight without a complete inspection, including the contents of their bags. I would suggest that we NOT let a user into our trusted private network without such an inspection as well, including the contents (payload) of their packets. CSI’s annual survey, released in the first half of 2001, found that fully 85% of companies had experienced a security breach. The total combined losses for the 186 companies that were willing to state how much money they lost to these breaches was a staggering $378 million. (Keep in mind that only about 35% of companies surveyed agreed to divulge their financial losses.) 1 According to Computer Economics , an independent research firm, enterprises worldwide spent $1.2 billion in 2001 fixing vulnerabilities related to the Code Red worm alone.2 A Firewall is not enough. There has been an enormous increase in the range, frequency, sophistication, and success of intrusion attempts propagated on the Internet. This table helps explain why. 2 1 2001CSI/FBI Computer Crime and Security Survey 2 What You Need to Know About Network Security, New opportunities in Internet business bring with them new security challenges. By Kim Austin Peterson and Fred Sandsmark
4 Available at http://www.cert.org/present/cert-overview-trends/module-2.pdf It is fair to say that for most firms a firewall is not an appropriate intrusion prevention solution and the firms included in the foregoing statistics would most certainly agree. In the slide above from a CERT presentation it becomes clear why intruders are becoming more successful over time. Notice that the technical knowledge an intruder must possess is declining, yet the attacks are becoming more sophisticated. Why would this be so? A search of “hacker tools” in Yahoo will provide a wealth of “easy to run software” available for free download. In an effort to remediate the vulnerabilities around open ports in firewalls, firms have turned to a variety of solutions. Many are expensive and quite complex. The intrusion detection systems or IDS was quickly adopted as a mechanism for identifying attacks and the malicious source IP (internet protocol) address. An onslaught of signature definitions, detection methods, and deployment methodologies ensued. Good IDS units proved effective at detection, but remediation became an issue that in the end has proven unsolvable for most companies. This situation has lead some industry experts to the mindset, described below. STAMFORD, CONN., June 11, 2003 — Protecting enterprises from hackers, viruses and other security vulnerabilities is a primary concern for all IS departments, and many have relied on intrusion detection systems (IDSs) as a solution. However, according to the Gartner, Inc. (NYSE: IT and ITB) Information Security Hype Cycle, IDSs have failed to provide value relative to its costs and will be obsolete by 2005. The Gartner Information Security Hype Cycle shows that IDS technology does not add an additional layer of security as promised by vendors. In many cases IDS implementation has proven to be costly and an ineffective investment. Gartner recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product. "Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled," said Richard Stiennon, research vice president for Gartner.3 Regardless of your views on IDS, good network protection still requires detection as a component to the solution. Once a source IP is detected and determined to be malicious, then remediation must be accomplished as quickly as possible. Either someone writes a new rule to the firewall or it is done automatically. Automated remediation, when combined with detection, falls into a new category of security products called intrusion prevention systems or IPS. These systems are, generally, either host based or in-line. Host-based Intrusion Prevention System - Host based Intrusion Prevention System is software that is installed on your individual servers to protect the servers from attack and compromise. While host based Intrusion Prevention can also be effective it can be costly to deploy and cumbersome to manage. . . . 4 While this might provide an important additional layer of security, it is not a viable gateway intrusion prevention strategy because it does not prevent intrusions through the firewall. The firewall represents the primary boundary of the private network and by definition a successful host based solution means that this boundary has been breached. Host-based IPS are not designed to be a viable gateway intrusion prevention strategy. Since a gateway strategy is 3 Gartner Press Release June 11, 2003 4 CIO Magazine What's the best way to prevent an infection? by Joseph Magee
5 needed to keep intruders outside the firewall, you therefore need something more than Host- based Intrusion management at the application server. Better that an intruder is prevented from entering the private network versus the host, making host IPS an appropriate additional layer of defense versus reliance as the only means of protection. There are downsides to host-based intrusion prevention, however. It's useless against intrusions aimed at your network in general—such as denial-of-service attacks. You also need to install it on every system you want to protect, which can create a deployment headache.5 The other type of is the inline IPS and this approach holds great promise. Critical factors are and ability to inspect, detect malicious content, and drop packets before they can enter the network. False positives, creating service interruptions for users, are also a fear for early adopters of the in-line approach. A recent flood of IPS products, vaporware, and outright misrepresentation of product capabilities has created a very noisy IPS marketplace. In the rush to be included in the IPS marketplace, many suppliers are calling their products intrusion prevention systems, but they are, in fact, only one of the required components of an IPS strategy. Many products are only capable of monitoring specific ports and others are unable to remediate attacks that occur in the initial packet entering the network. Separating fact from fiction takes time and most network administrators lack the time or expertise to determine which IPS vendor should protect their network gateways. If an in-line strategy is chosen, you had better be able to deal with false positives, or the IPS will not stay on the network for very long. Blocking legitimate traffic, creates extreme frustration for those that rely on unimpeded communications across the Internet. Any active in-line IPS product must provide some mechanism for the management of false positives. It is interesting to watch the innovative approaches firms utilize to deal with this issue. Before reviewing the EcoNet strategy utilizing Network Cloaking™, here are two recent approaches that will serve to highlight and contrast issues related to false positives. Honey Pots A few systems utilize either a “honey pot” or a “baiting” strategy to engage the hacker. The idea is that the hacker will interact with some false or fake data in such a way as to reveal that their intentions are indeed malicious. Once this determination is made, the source IP address can be blacklisted. Note that it is the hacker interaction with the fake data that will trigger the IPS to prevent the user from engaging the network. While this strategy almost completely eliminates the false positives, it has a few serious security vulnerabilities. First it provides no protection for intrusion attempts that are not preceded by interaction with the honey pot. The network is completely available to any exploit from a new IP address. Nothing prevents the network from being the subject of many methods of finger printing and subsequent intrusion attempts. Second, a honey pot provides proof for the hacker that the network is available for exploit. Why put bait for a hacker on your corporate network? Group the signatures and disable those that cause trouble A recently introduced IPS product, sold as a firewall add-on, inspects incoming packets for malicious content and will drop the offending packet. The device has no capacity to dynamically create a blacklist, so malicious source IP’s are never denied access to the protected network. Their packets containing malicious payloads may be dropped, but the hacker is free to attempt entry into the network without interruption. This approach will 5 Defensive Postures Intrusion prevention systems offer the latest countermeasures in the war against hackers, worms and viruses BY DYLAN TWENEY CIO MAGAZINE
6 generate frequent false positives, so the signature database used to identify malicious packet content is divided into three tiers, based on the likelihood that the signature might cause a false positive. The maker suggests that the sensitive groups of signatures be disabled from blocking packets as a methodology for dealing with false positives. While this method may effectively reduce the effects of false positives, it opens a large vulnerability for the network administrator. Namely, no remediation for a large number of attacks and since there is no blacklist, an attacker can continuously try new ideas until one matches a disabled signature or an attack for which there is no signature present. While these approaches may lack the desired level of protection, that is not to say they lack utility for the protection of private networks. As part of an overall “layered” security strategy, each component and the interplay with other network elements, must be given due consideration. For many network administrators, the help of a trusted advisor is money well spent. Our experience has shown that most network administrators are still unaware they have open ports on their firewalls. They, along with those charged with a fiduciary responsibility to protect the assets of the firm, understand little about this type of vulnerability or that such a condition exists. In the face of new legal requirements and standards of liability, most organizations are ill equipped to deal with the threat of network intrusions. External vulnerabilities pose a special type of threat for private networks, because this type of vulnerability is ubiquitously available and exploitable. Quite literally, a world of exploitable possibilities exists. The nature of such a threat calls directors, officers, and others responsible for network security to be diligent in securing the organizations Internet connections. What is being offered to the market are products, specifications, testing services, service offerings, certifications, and seminars. What companies need is an effective intrusion prevention strategy for their Internet gateways. The truth for network administrators is that they are simply “out gunned”. There are more resources deployed attempting to penetrate their network than they have time or money to employ for its protection. Organized crime syndicates, identity thieves, industrial espionage agents, those attempting ransom, political spies, vandals, disgruntled employees, script kiddies, and cyber-terrorist, just to list a few. There are simply too many stories to spend time reviewing them here. It’s time to change the rules Instead of going “toe to toe” and working to counter each new threat with a new method of remediation, why not simply avoid the fight. Never engage the hacker in the first place. Let them spend their time elsewhere. It may not be very “macho”, but it is extremely effective. For almost three years, EcoNet.com, Inc. has used "Network Cloaking™ “ as a successful intrusion prevention strategy. Network Cloaking™ is EcoNet’s proprietary technology that results in the Sentinel IPS™ Protected Network being invisible to a malicious user while maintaining the utility of the network for other users. Hackers and other malicious users are unable to communicate with the Sentinel IPS™ protected network, while legitimate network traffic remains unaffected. The Wounded Goat A federal law enforcement group conducted an experiment to test the effectiveness of this strategy. First they connected a PC with a public IP address to the Internet. It was loaded with a default installation of Windows XP Service Pack 1 (they called the sacrificial machine, the wounded goat). The machine was compromised within the first day and within the week ,
7 several hackers had established administrator accounts and were logged on to the machine and using it to attack other machines on the Internet. After a week or so, this federal bureau replaced the hard drive with an identical fresh install, but this time the PC was protected by a Sentinel IPS™ IPS with Network Cloaking™ activated. The machine has been on the web since the fall of 2003 and has never been compromised. The PC is still perfectly available on the web, but it is completely invisible to malicious users. This demonstration shows "Network Cloaking™” is one of the most powerful tools available in preventing intrusions into private networks. Hackers cannot determine if the Sentinel IPS™ Protected network is “cloaked” and if they attempt to determine if such may be the case, their attempt becomes the cause of their inability to make the determination. If an external user initiates a malicious act against a “Sentinel IPS™ Protected Network”, then the Sentinel IPS™ will automatically engage Network Cloaking™ as a defense against that user. It is this feature that makes it impossible to portscan, or stealth portscan, or Penetration Test a Sentinel IPS™ Protected Network. What does a typical installation look like? Generally, The Sentinel IPS™ IPS is installed as a Layer 2 Bridge, behind your network's router, and in front of your current firewall. Most Sentinel IPS™s are installed on networks with access to the Internet through a T1 connection. EcoNet first started deploying the commercial version of its Sentinel IPS™ product almost three years ago. The first significant technical accomplishment was active remediation of malicious IP addresses using AP-Core™ Technology (Active Packet Correlation). Sentinel IPS™ is able to inspect and drop packets so fast that the destination IP address appears unused to the offender. This means that the packet is inspected, correlated, the event logged, a copy of the packet recorded for administrative use, the network admin is alerted, the packet is dropped, and a new rule is written preventing the source IP from communicating with the Sentinel Protected Network before the packet can leave the Sentinel IPS™ Appliance. This is accomplished so quickly as to be imperceptible to the users of the network. How invisible is Network Cloaking™? We wanted to see how a Sentinel IPS™ Protected Network might respond to a hacking tool or strong scan vulnerability assessment tool. What information would such a tool yield from a Sentinel Protected Network. Billy Austin, CSO for Saint Corporation, has been working with high-level government agencies, top colleges, and universities, and major
8 financial institutions for many years in this area. SAINT security consultants provide security assessments including penetration testing, as well as other services including security planning, implementation, management, and support. Mr. Austin provided the opportunity for EcoNet to find out what a Sentinel Protected Network using Network Cloaking™ looks like to the hacker. The Sentinel IPS™ performed flawlessly in vulnerability testing conducted by the security firm. IP addresses on either side of the Sentinel IPS™ protected networks were easily exploited, however those IP addresses protected by Sentinel IPS™ were completely invisible. Our cyber neighbors were easy to spot, but there was no evidence the Sentinel IPS™ Protected Network existed. @stake, another well known security firm was hired by one of EcoNet’s clients to perform intrusion testing on the Sentinel IPS™ protected Internet gateway. They were unaware that the network was Sentinel-protected as Sentinel IPS units are invisible to the traffic that passes through. The penetration testing showed no evidence that the client’s protected network existed, however there was an interesting consequence of the test for the security consulting firm. Since Sentinel IPS™ disables all communication between the malicious source IP and the protected network, @stake was unable to send email to their client explaining that they were not able to perform the penetration test on the protected network. This was because their outbound mail server was on the same network from which their pen- test was initiated. @stakes’ IP’s was easily released in the Sentinel IPS™, so they could resume communications with their client. New channel strategy provides ease of integration In the traditional channel for IT products manufacturers sell through distributors to Resellers or VARs. Competitive market pressures usually create gray market product channels and eventually erosion of product margins for the VAR. VAR’s tend to be less interested in products they do not sell and they generally are unable and unwilling to be price competitive with the large online resellers. Manufacturers rely on these same VARs for integration and configuration of network equipment, usually through some type of certified training program. An in-line IPS requires a high level of support. Such an IPS is the opposite of “set it and forget it”. In fact, the more you work on it and “tweak it” the more effective it will be in protecting the network. It takes a considerable amount of training and experience, perhaps a few years, before a technician can be totally proficient in the tuning, administration, and care, of a sophisticated IPS solution. The technicians performing this work are NOT generally the employees of the IPS manufacturers and distributors, so there are many cross company barriers that effect quality and reduce performance of the deployed IPS product. Some of these barriers include variability in the skills of the installation technicians, margin pressures reducing the amount of time a VAR can devote to specific product mastery, reduced speed of disseminating new procedures, longer times for knowledge transfer to integrators and end users. Sentinel IPS™ is deployed through a unique and cooperative Team Approach, whereby a Sentinel IPS™ Certified Reseller (VAR) does the physical needs assessment, installation, and overall security policy management for the end user and EcoNet delivers the network integration, tuning, updating, maintenance, and technical support from a centralized Sentinel IPS™ management facility in Dallas, TX. This process is optimal for matching those skill sets needed, with the best possible resources, to service the end user customer. Who else better to manage the IPS device than the engineers that write the IPS security application. And,
9 who else better to manage the requisition, installation, and on-premise security policies than a trusted service firm (VAR). Capitalizing the R&D investments of your vendors There are not many true IPS products in the Sentinel IPS™ category at this time. Network World did an IPS round up at the beginning of this year and found less than ten entries, of which Sentinel was the only product sold with management, monitoring, and support. Although cost was not a factor in the review, most of the appliances cost between $25,000.00 and $75,000.00 with Sentinel being the most affordable. When you buy a $50,000.00 appliance, you really purchase a box worth a thousand or two, some margin for the VAR, and $40,000.00 for the future use of the makers Intellectual Property (IP). The manufacturer must recover the R&D cost (and other costs as well) incurred in development of the product. EcoNet sells the Sentinel IPS one month at a time. This approach dramatically reduces the cost of an IPS solution, because the customer is not forced to pay for the use of the IP until they are ready to actually consume it. Using the same philosophy, costs are further reduced by bundling the support, management, and monitoring into one low monthly payment, starting at only $299.00/month. With Sentinel IPS™, the customer never pays in advance for value they have not actually received. This approach dramatically reduces IT cost. It eliminates the large upfront capital cost associated with sophisticated technology products. It also moves the expenditure from an asset on the balance sheet to an expense on the income statement, which for most companies is financially very attractive. Product life cycles are now so short for most of these types of products, that the items are still being depreciated after they are no longer in service. Advanced security functionality, expert management and support, and reduced cost of ownership make the Sentinel IPS™ the best product for protecting open ports on your network firewall. If any of the ideas expressed in this paper hold interest for you, I would invite you to contact our firm. You will find a dedicated team ready to answer questions and help you learn how Sentinel IPS™ can make a difference for your network. Companies large and small have utilized our “Free 14 day Network Gateway Security Assessment” to discover what is actually happening on their networks. For more information about deploying Network Cloaking™ and Sentinel IPS™, call a Sentinel IPS™ Certified Reseller or contact us directly by phone or via the website; www.networkcloaking.com info@econet.com EcoNet.com, Inc. 13237 Montfort Suite 850 Dallas, Texas 75240 Office: 972.991.5005 Fax: 972.991.4242

Empfohlen

Five IDS mistakes people make
Five IDS mistakes people makeFive IDS mistakes people make
Five IDS mistakes people makeAnton Chuvakin
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Zoe Gilbert
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...United Security Providers AG
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 

Empfohlen

Five IDS mistakes people make
Five IDS mistakes people makeFive IDS mistakes people make
Five IDS mistakes people makeAnton Chuvakin
 
The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Zoe Gilbert
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...United Security Providers AG
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)GuardEra Access Solutions, Inc.
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksMighty Guides, Inc.
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos, Inc.
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Select idps
Select idpsSelect idps
Select idpsInfo-Tech Research Group
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryIntel IT Center
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)GuardEra Access Solutions, Inc.
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksMighty Guides, Inc.
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysBryson Bort
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos, Inc.
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 

Was ist angesagt? (20)

Cloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research SummaryCloud Security Survey Peer Research Summary
Cloud Security Survey Peer Research Summary
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber AttacksLessons Learned: Protecting Critical Infrastructure from Cyber Attacks
Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in Review
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point Final
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 

Ähnlich wie Network cloaking sansv2_

29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies viaIJNSA Journal
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESIJNSA Journal
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical HackingJennifer Wood
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
GartnerComodo_AEP_Newsletter2016
GartnerComodo_AEP_Newsletter2016GartnerComodo_AEP_Newsletter2016
GartnerComodo_AEP_Newsletter2016Eric Staudinger
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 

Ähnlich wie Network cloaking sansv2_ (16)

Select idps
Select idpsSelect idps
Select idps
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies via
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
GartnerComodo_AEP_Newsletter2016
GartnerComodo_AEP_Newsletter2016GartnerComodo_AEP_Newsletter2016
GartnerComodo_AEP_Newsletter2016
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 

Mehr von CMR WORLD TECH

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCMR WORLD TECH
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiroCMR WORLD TECH
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomationCMR WORLD TECH
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-enCMR WORLD TECH
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeCMR WORLD TECH
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementCMR WORLD TECH
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure CMR WORLD TECH
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance CMR WORLD TECH
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitectureCMR WORLD TECH
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-appsCMR WORLD TECH
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1CMR WORLD TECH
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_CMR WORLD TECH
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-toneCMR WORLD TECH
 

Mehr von CMR WORLD TECH (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ Básico
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiro
 
Apexbasic
ApexbasicApexbasic
Apexbasic
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomation
 
Process automationppt
Process automationpptProcess automationppt
Process automationppt
 
Transcript mva.cesar
Transcript mva.cesarTranscript mva.cesar
Transcript mva.cesar
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-en
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volume
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagement
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensus
 
Master lob-e-book
Master lob-e-bookMaster lob-e-book
Master lob-e-book
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitecture
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-apps
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-tone
 

Kürzlich hochgeladen

代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxJohnnyPlasten
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxolyaivanovalion
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 

Kürzlich hochgeladen (20)

代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 

Network cloaking sansv2_

  • 1. NETWORK CLOAKING ™ AS A DEFENSIVE STRATEGY FOR INTRUSION PREVENTION SYSTEMS By David A. Lissberger CEO – EcoNet.com, Inc Network Cloaking™ (nĕt` wûrk` klōk`-ing) n. 1. A combined technology and methodology that prevents network intrusions by making protected networks invisible to malicious external users. v. 2. The act of utilizing the Sentinel IPS™ to protect a network. Etymology: Created in 2002 by econet.com, Inc. to describe the functionality of their Sentinel IPS™ product.
  • 2. 2 Introduction Chinese General, Circa 500 B.C. The ultimate in disposing one's troops is to be without ascertainable shape. Then the most penetrating spies cannot pry in, nor can the wise lay plans against you. ** Sun Tzu ** This can be a powerful intrusion prevention strategy, if we apply this way of thinking to the protection of your network. Imagine your network and its resources were “without ascertainable shape”. If your network were invisible to hackers and malicious users, then the wise would truly be unable to “pry in”, nor lay plans against you. “You can’t hack, what you can’t see.” The goal of this paper is to have you consider “Network Cloaking”™ and the EcoNet Sentinel IPS™ Intrusion Prevention System as an addition to your layered network security solution. We will review several of the leading intrusion prevention strategies, so we can compare and contrast them to Network Cloaking™. Whether you have a simple T-1 Internet connection with a couple of servers, or a complex network with a security event management system, Sentinel IPS™ with “Network Cloaking”™ is the best way to protect your network from intrusions and malicious code at the Internet gateway. Finally, this paper will review the Sentinel IPS™ deployment with regard to the ease of network integration. Attempting to integrate in-line network devices has been problematic for network administrators. In-line devices suffered some setbacks when first introduced. False positives have been the “Bain of existence” for many IPS “early adopters”, but as you will see the Sentinel IPS deployment methodology provides effective, affordable, easy integration and management of an IPS solution.
  • 3. 3 The Death of the Internet Firewall. Firewalls are an excellent defense against network intrusions. With all the ports closed, the firewall may be considered "non-breachable." It is unlikely, if not impossible, to be hacked through a closed port of a quality firewall. Most of the major firewall manufacturers have reported vulnerabilities in the firewall applications. However, most intrusions occur through the ports that have been opened, usually by personnel entrusted by the organization requiring protection. By definition, opening a port on a firewall anonymously is the same as "turning off" the firewall on that port. Companies routinely turn off several ports on their firewalls for a number of reasons. Since intrusions generally occur through the open ports on a firewall, in a sense, most companies no longer have a firewall. We would not consider letting a passenger onto a commercial flight without a complete inspection, including the contents of their bags. I would suggest that we NOT let a user into our trusted private network without such an inspection as well, including the contents (payload) of their packets. CSI’s annual survey, released in the first half of 2001, found that fully 85% of companies had experienced a security breach. The total combined losses for the 186 companies that were willing to state how much money they lost to these breaches was a staggering $378 million. (Keep in mind that only about 35% of companies surveyed agreed to divulge their financial losses.) 1 According to Computer Economics , an independent research firm, enterprises worldwide spent $1.2 billion in 2001 fixing vulnerabilities related to the Code Red worm alone.2 A Firewall is not enough. There has been an enormous increase in the range, frequency, sophistication, and success of intrusion attempts propagated on the Internet. This table helps explain why. 2 1 2001CSI/FBI Computer Crime and Security Survey 2 What You Need to Know About Network Security, New opportunities in Internet business bring with them new security challenges. By Kim Austin Peterson and Fred Sandsmark
  • 4. 4 Available at http://www.cert.org/present/cert-overview-trends/module-2.pdf It is fair to say that for most firms a firewall is not an appropriate intrusion prevention solution and the firms included in the foregoing statistics would most certainly agree. In the slide above from a CERT presentation it becomes clear why intruders are becoming more successful over time. Notice that the technical knowledge an intruder must possess is declining, yet the attacks are becoming more sophisticated. Why would this be so? A search of “hacker tools” in Yahoo will provide a wealth of “easy to run software” available for free download. In an effort to remediate the vulnerabilities around open ports in firewalls, firms have turned to a variety of solutions. Many are expensive and quite complex. The intrusion detection systems or IDS was quickly adopted as a mechanism for identifying attacks and the malicious source IP (internet protocol) address. An onslaught of signature definitions, detection methods, and deployment methodologies ensued. Good IDS units proved effective at detection, but remediation became an issue that in the end has proven unsolvable for most companies. This situation has lead some industry experts to the mindset, described below. STAMFORD, CONN., June 11, 2003 — Protecting enterprises from hackers, viruses and other security vulnerabilities is a primary concern for all IS departments, and many have relied on intrusion detection systems (IDSs) as a solution. However, according to the Gartner, Inc. (NYSE: IT and ITB) Information Security Hype Cycle, IDSs have failed to provide value relative to its costs and will be obsolete by 2005. The Gartner Information Security Hype Cycle shows that IDS technology does not add an additional layer of security as promised by vendors. In many cases IDS implementation has proven to be costly and an ineffective investment. Gartner recommends that enterprises redirect the money they would have spent on IDS toward defense applications such as those offered by thought-leading firewall vendors that offer both network-level and application-level firewall capabilities in an integrated product. "Intrusion detection systems are a market failure, and vendors are now hyping intrusion prevention systems, which have also stalled," said Richard Stiennon, research vice president for Gartner.3 Regardless of your views on IDS, good network protection still requires detection as a component to the solution. Once a source IP is detected and determined to be malicious, then remediation must be accomplished as quickly as possible. Either someone writes a new rule to the firewall or it is done automatically. Automated remediation, when combined with detection, falls into a new category of security products called intrusion prevention systems or IPS. These systems are, generally, either host based or in-line. Host-based Intrusion Prevention System - Host based Intrusion Prevention System is software that is installed on your individual servers to protect the servers from attack and compromise. While host based Intrusion Prevention can also be effective it can be costly to deploy and cumbersome to manage. . . . 4 While this might provide an important additional layer of security, it is not a viable gateway intrusion prevention strategy because it does not prevent intrusions through the firewall. The firewall represents the primary boundary of the private network and by definition a successful host based solution means that this boundary has been breached. Host-based IPS are not designed to be a viable gateway intrusion prevention strategy. Since a gateway strategy is 3 Gartner Press Release June 11, 2003 4 CIO Magazine What's the best way to prevent an infection? by Joseph Magee
  • 5. 5 needed to keep intruders outside the firewall, you therefore need something more than Host- based Intrusion management at the application server. Better that an intruder is prevented from entering the private network versus the host, making host IPS an appropriate additional layer of defense versus reliance as the only means of protection. There are downsides to host-based intrusion prevention, however. It's useless against intrusions aimed at your network in general—such as denial-of-service attacks. You also need to install it on every system you want to protect, which can create a deployment headache.5 The other type of is the inline IPS and this approach holds great promise. Critical factors are and ability to inspect, detect malicious content, and drop packets before they can enter the network. False positives, creating service interruptions for users, are also a fear for early adopters of the in-line approach. A recent flood of IPS products, vaporware, and outright misrepresentation of product capabilities has created a very noisy IPS marketplace. In the rush to be included in the IPS marketplace, many suppliers are calling their products intrusion prevention systems, but they are, in fact, only one of the required components of an IPS strategy. Many products are only capable of monitoring specific ports and others are unable to remediate attacks that occur in the initial packet entering the network. Separating fact from fiction takes time and most network administrators lack the time or expertise to determine which IPS vendor should protect their network gateways. If an in-line strategy is chosen, you had better be able to deal with false positives, or the IPS will not stay on the network for very long. Blocking legitimate traffic, creates extreme frustration for those that rely on unimpeded communications across the Internet. Any active in-line IPS product must provide some mechanism for the management of false positives. It is interesting to watch the innovative approaches firms utilize to deal with this issue. Before reviewing the EcoNet strategy utilizing Network Cloaking™, here are two recent approaches that will serve to highlight and contrast issues related to false positives. Honey Pots A few systems utilize either a “honey pot” or a “baiting” strategy to engage the hacker. The idea is that the hacker will interact with some false or fake data in such a way as to reveal that their intentions are indeed malicious. Once this determination is made, the source IP address can be blacklisted. Note that it is the hacker interaction with the fake data that will trigger the IPS to prevent the user from engaging the network. While this strategy almost completely eliminates the false positives, it has a few serious security vulnerabilities. First it provides no protection for intrusion attempts that are not preceded by interaction with the honey pot. The network is completely available to any exploit from a new IP address. Nothing prevents the network from being the subject of many methods of finger printing and subsequent intrusion attempts. Second, a honey pot provides proof for the hacker that the network is available for exploit. Why put bait for a hacker on your corporate network? Group the signatures and disable those that cause trouble A recently introduced IPS product, sold as a firewall add-on, inspects incoming packets for malicious content and will drop the offending packet. The device has no capacity to dynamically create a blacklist, so malicious source IP’s are never denied access to the protected network. Their packets containing malicious payloads may be dropped, but the hacker is free to attempt entry into the network without interruption. This approach will 5 Defensive Postures Intrusion prevention systems offer the latest countermeasures in the war against hackers, worms and viruses BY DYLAN TWENEY CIO MAGAZINE
  • 6. 6 generate frequent false positives, so the signature database used to identify malicious packet content is divided into three tiers, based on the likelihood that the signature might cause a false positive. The maker suggests that the sensitive groups of signatures be disabled from blocking packets as a methodology for dealing with false positives. While this method may effectively reduce the effects of false positives, it opens a large vulnerability for the network administrator. Namely, no remediation for a large number of attacks and since there is no blacklist, an attacker can continuously try new ideas until one matches a disabled signature or an attack for which there is no signature present. While these approaches may lack the desired level of protection, that is not to say they lack utility for the protection of private networks. As part of an overall “layered” security strategy, each component and the interplay with other network elements, must be given due consideration. For many network administrators, the help of a trusted advisor is money well spent. Our experience has shown that most network administrators are still unaware they have open ports on their firewalls. They, along with those charged with a fiduciary responsibility to protect the assets of the firm, understand little about this type of vulnerability or that such a condition exists. In the face of new legal requirements and standards of liability, most organizations are ill equipped to deal with the threat of network intrusions. External vulnerabilities pose a special type of threat for private networks, because this type of vulnerability is ubiquitously available and exploitable. Quite literally, a world of exploitable possibilities exists. The nature of such a threat calls directors, officers, and others responsible for network security to be diligent in securing the organizations Internet connections. What is being offered to the market are products, specifications, testing services, service offerings, certifications, and seminars. What companies need is an effective intrusion prevention strategy for their Internet gateways. The truth for network administrators is that they are simply “out gunned”. There are more resources deployed attempting to penetrate their network than they have time or money to employ for its protection. Organized crime syndicates, identity thieves, industrial espionage agents, those attempting ransom, political spies, vandals, disgruntled employees, script kiddies, and cyber-terrorist, just to list a few. There are simply too many stories to spend time reviewing them here. It’s time to change the rules Instead of going “toe to toe” and working to counter each new threat with a new method of remediation, why not simply avoid the fight. Never engage the hacker in the first place. Let them spend their time elsewhere. It may not be very “macho”, but it is extremely effective. For almost three years, EcoNet.com, Inc. has used "Network Cloaking™ “ as a successful intrusion prevention strategy. Network Cloaking™ is EcoNet’s proprietary technology that results in the Sentinel IPS™ Protected Network being invisible to a malicious user while maintaining the utility of the network for other users. Hackers and other malicious users are unable to communicate with the Sentinel IPS™ protected network, while legitimate network traffic remains unaffected. The Wounded Goat A federal law enforcement group conducted an experiment to test the effectiveness of this strategy. First they connected a PC with a public IP address to the Internet. It was loaded with a default installation of Windows XP Service Pack 1 (they called the sacrificial machine, the wounded goat). The machine was compromised within the first day and within the week ,
  • 7. 7 several hackers had established administrator accounts and were logged on to the machine and using it to attack other machines on the Internet. After a week or so, this federal bureau replaced the hard drive with an identical fresh install, but this time the PC was protected by a Sentinel IPS™ IPS with Network Cloaking™ activated. The machine has been on the web since the fall of 2003 and has never been compromised. The PC is still perfectly available on the web, but it is completely invisible to malicious users. This demonstration shows "Network Cloaking™” is one of the most powerful tools available in preventing intrusions into private networks. Hackers cannot determine if the Sentinel IPS™ Protected network is “cloaked” and if they attempt to determine if such may be the case, their attempt becomes the cause of their inability to make the determination. If an external user initiates a malicious act against a “Sentinel IPS™ Protected Network”, then the Sentinel IPS™ will automatically engage Network Cloaking™ as a defense against that user. It is this feature that makes it impossible to portscan, or stealth portscan, or Penetration Test a Sentinel IPS™ Protected Network. What does a typical installation look like? Generally, The Sentinel IPS™ IPS is installed as a Layer 2 Bridge, behind your network's router, and in front of your current firewall. Most Sentinel IPS™s are installed on networks with access to the Internet through a T1 connection. EcoNet first started deploying the commercial version of its Sentinel IPS™ product almost three years ago. The first significant technical accomplishment was active remediation of malicious IP addresses using AP-Core™ Technology (Active Packet Correlation). Sentinel IPS™ is able to inspect and drop packets so fast that the destination IP address appears unused to the offender. This means that the packet is inspected, correlated, the event logged, a copy of the packet recorded for administrative use, the network admin is alerted, the packet is dropped, and a new rule is written preventing the source IP from communicating with the Sentinel Protected Network before the packet can leave the Sentinel IPS™ Appliance. This is accomplished so quickly as to be imperceptible to the users of the network. How invisible is Network Cloaking™? We wanted to see how a Sentinel IPS™ Protected Network might respond to a hacking tool or strong scan vulnerability assessment tool. What information would such a tool yield from a Sentinel Protected Network. Billy Austin, CSO for Saint Corporation, has been working with high-level government agencies, top colleges, and universities, and major
  • 8. 8 financial institutions for many years in this area. SAINT security consultants provide security assessments including penetration testing, as well as other services including security planning, implementation, management, and support. Mr. Austin provided the opportunity for EcoNet to find out what a Sentinel Protected Network using Network Cloaking™ looks like to the hacker. The Sentinel IPS™ performed flawlessly in vulnerability testing conducted by the security firm. IP addresses on either side of the Sentinel IPS™ protected networks were easily exploited, however those IP addresses protected by Sentinel IPS™ were completely invisible. Our cyber neighbors were easy to spot, but there was no evidence the Sentinel IPS™ Protected Network existed. @stake, another well known security firm was hired by one of EcoNet’s clients to perform intrusion testing on the Sentinel IPS™ protected Internet gateway. They were unaware that the network was Sentinel-protected as Sentinel IPS units are invisible to the traffic that passes through. The penetration testing showed no evidence that the client’s protected network existed, however there was an interesting consequence of the test for the security consulting firm. Since Sentinel IPS™ disables all communication between the malicious source IP and the protected network, @stake was unable to send email to their client explaining that they were not able to perform the penetration test on the protected network. This was because their outbound mail server was on the same network from which their pen- test was initiated. @stakes’ IP’s was easily released in the Sentinel IPS™, so they could resume communications with their client. New channel strategy provides ease of integration In the traditional channel for IT products manufacturers sell through distributors to Resellers or VARs. Competitive market pressures usually create gray market product channels and eventually erosion of product margins for the VAR. VAR’s tend to be less interested in products they do not sell and they generally are unable and unwilling to be price competitive with the large online resellers. Manufacturers rely on these same VARs for integration and configuration of network equipment, usually through some type of certified training program. An in-line IPS requires a high level of support. Such an IPS is the opposite of “set it and forget it”. In fact, the more you work on it and “tweak it” the more effective it will be in protecting the network. It takes a considerable amount of training and experience, perhaps a few years, before a technician can be totally proficient in the tuning, administration, and care, of a sophisticated IPS solution. The technicians performing this work are NOT generally the employees of the IPS manufacturers and distributors, so there are many cross company barriers that effect quality and reduce performance of the deployed IPS product. Some of these barriers include variability in the skills of the installation technicians, margin pressures reducing the amount of time a VAR can devote to specific product mastery, reduced speed of disseminating new procedures, longer times for knowledge transfer to integrators and end users. Sentinel IPS™ is deployed through a unique and cooperative Team Approach, whereby a Sentinel IPS™ Certified Reseller (VAR) does the physical needs assessment, installation, and overall security policy management for the end user and EcoNet delivers the network integration, tuning, updating, maintenance, and technical support from a centralized Sentinel IPS™ management facility in Dallas, TX. This process is optimal for matching those skill sets needed, with the best possible resources, to service the end user customer. Who else better to manage the IPS device than the engineers that write the IPS security application. And,
  • 9. 9 who else better to manage the requisition, installation, and on-premise security policies than a trusted service firm (VAR). Capitalizing the R&D investments of your vendors There are not many true IPS products in the Sentinel IPS™ category at this time. Network World did an IPS round up at the beginning of this year and found less than ten entries, of which Sentinel was the only product sold with management, monitoring, and support. Although cost was not a factor in the review, most of the appliances cost between $25,000.00 and $75,000.00 with Sentinel being the most affordable. When you buy a $50,000.00 appliance, you really purchase a box worth a thousand or two, some margin for the VAR, and $40,000.00 for the future use of the makers Intellectual Property (IP). The manufacturer must recover the R&D cost (and other costs as well) incurred in development of the product. EcoNet sells the Sentinel IPS one month at a time. This approach dramatically reduces the cost of an IPS solution, because the customer is not forced to pay for the use of the IP until they are ready to actually consume it. Using the same philosophy, costs are further reduced by bundling the support, management, and monitoring into one low monthly payment, starting at only $299.00/month. With Sentinel IPS™, the customer never pays in advance for value they have not actually received. This approach dramatically reduces IT cost. It eliminates the large upfront capital cost associated with sophisticated technology products. It also moves the expenditure from an asset on the balance sheet to an expense on the income statement, which for most companies is financially very attractive. Product life cycles are now so short for most of these types of products, that the items are still being depreciated after they are no longer in service. Advanced security functionality, expert management and support, and reduced cost of ownership make the Sentinel IPS™ the best product for protecting open ports on your network firewall. If any of the ideas expressed in this paper hold interest for you, I would invite you to contact our firm. You will find a dedicated team ready to answer questions and help you learn how Sentinel IPS™ can make a difference for your network. Companies large and small have utilized our “Free 14 day Network Gateway Security Assessment” to discover what is actually happening on their networks. For more information about deploying Network Cloaking™ and Sentinel IPS™, call a Sentinel IPS™ Certified Reseller or contact us directly by phone or via the website; www.networkcloaking.com info@econet.com EcoNet.com, Inc. 13237 Montfort Suite 850 Dallas, Texas 75240 Office: 972.991.5005 Fax: 972.991.4242