Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Copyright © 2016 Forcepoint. All rights reserved.
Advance cyber security strategy
for
Insider threat and Ransomware
Copyright © 2016 Forcepoint. All rights reserved.Copyright © 2016 Forcepoint. All rights reserved. | 2
Ransomware
Insider ...
Copyright © 2016 Forcepoint. All rights reserved.Copyright © 2016 Forcepoint. All rights reserved. | 3
Ransomware
Insider ...
Copyright © 2016 Forcepoint. All rights reserved. | 4
CYBER THREAT LANDSCAPE IS CHANGING
4
Are we Secure from
today’s cybe...
Copyright © 2016 Forcepoint. All rights reserved. | 5
Ransomware –New Way of damage
Copyright © 2016 Forcepoint. All rights reserved. | 6
Copyright © 2016 Forcepoint. All rights reserved. | 7
Copyright © 2016 Forcepoint. All rights reserved. | 8
Ransomware is malware for data kidnapping, an exploit in which
the a...
Copyright © 2016 Forcepoint. All rights reserved. | 9
Ransomware spreads through e-mail attachments, infected programs and...
Copyright © 2016 Forcepoint. All rights reserved. | 10
A CLOSER LOOK AT CERBER
When infected, a victim's data files will b...
Copyright © 2016 Forcepoint. All rights reserved. | 11
UNDERSTANDING OF 7 STAGE IS MUST…..
Copyright © 2016 Forcepoint. All rights reserved. | 12
THE CORE TECHNOLOGY
ACE
Copyright © 2016 Forcepoint. All rights reserved. | 17
1. Internal Security program
2. Continuous Security Awareness
3. En...
Copyright © 2016 Forcepoint. All rights reserved. | 19Copyright © 2016 Forcepoint. All rights reserved. | 19
Ransomware
In...
Copyright © 2016 Forcepoint. All rights reserved. | 20
Worldwide Sales Conference 2016, Proprietary & Confidential | 20
Ho...
Copyright © 2016 Forcepoint. All rights reserved. | 21
Abnormal after hours
access by a contractor in
Hawaii
INSIDER CYBER...
Copyright © 2016 Forcepoint. All rights reserved. | 22
INSIDER THREAT ARCHITECTURE
Application
General
Application
(AIM, I...
Copyright © 2016 Forcepoint. All rights reserved. | 23
INSIDER THREAT – INCIDENT CAPTURE
Copyright © 2016 Forcepoint. All rights reserved. | 24Copyright © 2016 Forcepoint. All rights reserved. | 24
Ransomware
In...
Copyright © 2016 Forcepoint. All rights reserved. | 25
DATA LEAKS – REALITY
Copyright © 2016 Forcepoint. All rights reserved. | 26
CHANNEL DETECTION AND RESPONSE
Network
DLP
Web
Audit
*Block
Alert
N...
Copyright © 2016 Forcepoint. All rights reserved. | 29
Ransomware
Insider Threat
Data Theft
NGFW
NETWORK OPERATIONS - AVAILABILITY & SCALABILITY
Native active-active clustering
v5.8
v5.7
v5.6
Node 3: Software
Node 5: So...
NETWORK OPERATIONS - AVAILABILITY & SCALABILITY
Network resiliency and cost savings
Multi-Link
Business Continuity
• Trans...
CENTRALIZED MANAGEMENT
NETWORK OPERATIONS - CENTRALIZED MANAGEMENT
Stonesoft
Management Center
Plug-and-play deployment for fast and easy remote ...
Copyright © 2016 Forcepoint. All rights reserved. | 34
SECURITY OPERATIONS -ADVANCED EVASION PREVENTION
Discover and block...
THREAT
INTELLIGENCE
WEBSENSE
MOBILE
SECURITY
WEBSENSE
SureView Stonesoft
CLOUD & ON-PREMISE SERVICES
TRITON
NETWORK
SECURI...
Copyright © 2016 Forcepoint. All rights reserved. | 37
THANK-YOU!
Ajay Dubey
98456-40322
adubey@forcepoint.com
Nächste SlideShare
Wird geladen in …5
×

elets 2nd eJharkhand Summit 2016 - Ajay Dubey, Channel Head-India, Forcepoint

358 Aufrufe

Veröffentlicht am

elets 2nd eJharkhand Summit 2016 -
Industry Presentations: Ajay Dubey, Channel Head-India, Forcepoint

  • Als Erste(r) kommentieren

elets 2nd eJharkhand Summit 2016 - Ajay Dubey, Channel Head-India, Forcepoint

  1. 1. Copyright © 2016 Forcepoint. All rights reserved. Advance cyber security strategy for Insider threat and Ransomware
  2. 2. Copyright © 2016 Forcepoint. All rights reserved.Copyright © 2016 Forcepoint. All rights reserved. | 2 Ransomware Insider Threat Data Theft NGFW
  3. 3. Copyright © 2016 Forcepoint. All rights reserved.Copyright © 2016 Forcepoint. All rights reserved. | 3 Ransomware Insider Threat Data Theft NGFW
  4. 4. Copyright © 2016 Forcepoint. All rights reserved. | 4 CYBER THREAT LANDSCAPE IS CHANGING 4 Are we Secure from today’s cyber attacks? OR Can you move with out fear? • Ransomware • Insider threat • Data theft
  5. 5. Copyright © 2016 Forcepoint. All rights reserved. | 5 Ransomware –New Way of damage
  6. 6. Copyright © 2016 Forcepoint. All rights reserved. | 6
  7. 7. Copyright © 2016 Forcepoint. All rights reserved. | 7
  8. 8. Copyright © 2016 Forcepoint. All rights reserved. | 8 Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. EXPERTS HAVE ESTIMATED THAT THE TOTAL AMOUNT PAID TO RANSOMWARE AUTHORS COULD BE AS MUCH AS $325 MILLION (USD) FOR SOME VARIANTS OF RANSOMWARE. WHAT IS RANSOMWARE?
  9. 9. Copyright © 2016 Forcepoint. All rights reserved. | 9 Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm. RANSOMWARE – HOW DOES IT WORK?
  10. 10. Copyright © 2016 Forcepoint. All rights reserved. | 10 A CLOSER LOOK AT CERBER When infected, a victim's data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back
  11. 11. Copyright © 2016 Forcepoint. All rights reserved. | 11 UNDERSTANDING OF 7 STAGE IS MUST…..
  12. 12. Copyright © 2016 Forcepoint. All rights reserved. | 12 THE CORE TECHNOLOGY ACE
  13. 13. Copyright © 2016 Forcepoint. All rights reserved. | 17 1. Internal Security program 2. Continuous Security Awareness 3. Enforce backup program 4. Remove admin rights where possible 5. Institute privilege management program 6. Implement controls at network egress points  Rules to block CnC  Email Security gateway to block spam, anti-phising, malicious attachment  Web security gateways to block unknown/uncategorized destinations 7. Implement endpoint controls  Keep antivirus current  Deploy endpoint tool to block bad applications RANSOMWARE – HOW DO I PREVENT IT?
  14. 14. Copyright © 2016 Forcepoint. All rights reserved. | 19Copyright © 2016 Forcepoint. All rights reserved. | 19 Ransomware Insider Threat Data Theft NGFW
  15. 15. Copyright © 2016 Forcepoint. All rights reserved. | 20 Worldwide Sales Conference 2016, Proprietary & Confidential | 20 How to Address Insider Threat? Photo: Jeramey Jannene
  16. 16. Copyright © 2016 Forcepoint. All rights reserved. | 21 Abnormal after hours access by a contractor in Hawaii INSIDER CYBER THREAT INDICATORS Unusual Lateral Movement on the network Huge transfers of data to USB Abnormal Administrator account activity Abnormal account usage across 20-25 peer accounts all linked to attacker’s IP Address AH –MR.SNOWDEN.
  17. 17. Copyright © 2016 Forcepoint. All rights reserved. | 22 INSIDER THREAT ARCHITECTURE Application General Application (AIM, ICQ, Yahoo, Sametime) Clipboard Email File Keyboard Logon Printer Process System Info Video Web Web URL Webmail (Gmail, Yahoo, Outlook) Insider Threat Analyst Dashboard Events & Collected Data Policies On network users Internet Off network users
  18. 18. Copyright © 2016 Forcepoint. All rights reserved. | 23 INSIDER THREAT – INCIDENT CAPTURE
  19. 19. Copyright © 2016 Forcepoint. All rights reserved. | 24Copyright © 2016 Forcepoint. All rights reserved. | 24 Ransomware Insider Threat Data Theft NGFW
  20. 20. Copyright © 2016 Forcepoint. All rights reserved. | 25 DATA LEAKS – REALITY
  21. 21. Copyright © 2016 Forcepoint. All rights reserved. | 26 CHANNEL DETECTION AND RESPONSE Network DLP Web Audit *Block Alert Notify Email Audit Block Quarantine Encrypt** Alert Notify FTP Audit *Block Alert Notify Network Printer Audit Block Alert Notify Active Sync Audit Block Alert Notify IM & Custom Channel s Audit Block Alert Notify Permit Confirm Block Encrypt to USB Alert Notify Endpoint DLP Applications Permit Confirm Block Email Quarantine Alert Notify Removabl e Media Storage Alert/Log Scripts - Encrypt - Tombstone - Quarantine - EDRM
  22. 22. Copyright © 2016 Forcepoint. All rights reserved. | 29 Ransomware Insider Threat Data Theft NGFW
  23. 23. NETWORK OPERATIONS - AVAILABILITY & SCALABILITY Native active-active clustering v5.8 v5.7 v5.6 Node 3: Software Node 5: Software A single cluster can support: • Different firmware versions • Different appliance models and software on COTS hardware • Up to 16 active-active nodes cluster, only with Stonesoft Operational benefits: • Seamless updates with no scheduled downtime • Fully transparent failover practically eliminates unscheduled downtime • 99.999% uptime Stonesoft Next Generation Firewall Cluster Updates Node 1: NGF-3206 Node 2: NGF-1402 Node 4: NGF-325
  24. 24. NETWORK OPERATIONS - AVAILABILITY & SCALABILITY Network resiliency and cost savings Multi-Link Business Continuity • Transparent failover • Load-balancing or back-up links • Security Augmented VPN Flexibility • Supports multiple access technologies • QoS support • Optimize bandwidth usage Alternative to MPLS Cost Savings • Provider and technology independent • Add bandwidth easily IISP 1 ISP 2 ISP N Multi-Link IPsec VPN Cable 3/4G DSL 1 DSL 2 MPLS Regular Traffic & Back-up links Critical Traffic Up to 90% Savings on MPLS costs ISP 2 ISP N 3/4G DSL 1 Cable DSL 2 MPLS
  25. 25. CENTRALIZED MANAGEMENT
  26. 26. NETWORK OPERATIONS - CENTRALIZED MANAGEMENT Stonesoft Management Center Plug-and-play deployment for fast and easy remote site rollouts Initial configuration pushed from the cloud Call home and download policies Initial configuration uploaded Cut deployment time from days or week to Minutes Stonesoft Next Generation Firewalls Manages, updates & upgrades New York Paris London Tokyo San Francisco Sao Paolo Stonesoft Installation Cloud
  27. 27. Copyright © 2016 Forcepoint. All rights reserved. | 34 SECURITY OPERATIONS -ADVANCED EVASION PREVENTION Discover and block advanced evasion techniques (AETs) Partial Inspection Hidden Threats Complete visibility for accurate continuous inspection How to block AETs? Only full-stack normalization enables accurate continuous traffic inspection. = + + Packet flow OSILayers L.1 L.2 L.3 L.4 L.5 L.6 L.7 What is an AET? AETs deliver threats piecemeal across different or unexpected network layers or protocols for future reassembly. Why are AETs successful? Other vendors use narrow or vertical traffic inspection windows to improve performance, allowing threats to remain hidden. Stonesoft Next Generation Firewall
  28. 28. THREAT INTELLIGENCE WEBSENSE MOBILE SECURITY WEBSENSE SureView Stonesoft CLOUD & ON-PREMISE SERVICES TRITON NETWORK SECURITY STONESOFT INSIDER THREAT ANALYSIS RAYTHEON ADVANCED THREAT PROTECTION RAYTHEON EMAIL SECURITY WEBSENSE WEB SECURITY WEBSENSE DATA LOSS PREVENTION WEBSENSE THREAT INTELLIGENCE RAYTHEON WEBSENSE MOBILE SECURITY RAYTHEON WEBSENSE WHAT’S IN OUR DNA?
  29. 29. Copyright © 2016 Forcepoint. All rights reserved. | 37 THANK-YOU! Ajay Dubey 98456-40322 adubey@forcepoint.com

×