Scalar Security Roadshow - Vancouver Presentation

Scalar Security Roadshow
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. 1

Purpose of today’s session:
Provide insights on how Scalar and our
partners address today’s complex
security challenges
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience.
2

Gartner report highlights
3
• Security spend as % of IT
budgets increased
• Strong correlation between
Security budget and maturity
• Emphasis on network,
applications and endpoint
• Insufficient investment in people
and process
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. September 25, 2014

Scalar – brief overview
© 2014 Scalar Decisions Inc. Not for distribution outside of intended audience. September 25, 2014 4

10 Years
5

90

100%
Vancouver Calgary
Montreal
Ottawa
Toronto
London

54%

#1 #51
ICT
Security
Company
#15
Top 250 ICT
Companies

An integrator of emerging technologies.
10

Top tier technical talent.
• Engineers average 15 years of experience
• World-class experts from some of the
leading organizations in the industry
• Dedicated teams: PMO, finance, sales and
operations
• Canadian Authorized Training Centres
• We employ and retain top talent

Top awards.
• Brocade Partner of the Year
~ Innovation
• Cisco Partner of the Year
~ Data Centre & Virtualization
• NetApp Partner of the Year
~ Central Canada
• VMware Global Emerging Products
Partner of the Year
• F5 VAR Partner of the Year
~ North America
• Palo Alto Networks Rookie of
the Year

Our Focus
• Protection of Data and
Systems
• High Performance
Computing
• Flexible Solutions

Our security partners

Partners here today

SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

FirePOWER
Rob Bleeker
Security Consulting Systems Engineer
CCIE# 29033, [CCN|I|D|P], SFCE, CEH SECURITY

SECURITY
Agenda:
• New Security Model and Global Intelligence
• The POWER in FirePOWER
• FirePOWER Appliance
• ASA with FirePOWER Services

The New Security Model
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
DURING
Detect
Block
Defend
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous

Cyber Attack Chain
Recon Weaponization Deliver Exploit Install CnC Actions
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
During
Detect
Block
Prevent
NGIPS
Web Security
Email Security
Visibility and Context
Firewall
NGFW
VPN
UTM
NAC + Identity Services
Advanced Malware Protection
Network Behavior Analysis

CiscoSecurity Intelligence Operation (SIO)
More Than $100
24 Hours Daily
More Than 40
Million
OPERATIONS
SPENT IN DYNAMIC RESEARCH
AND DEVELOPMENT
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 Cisco1100001110001110 ® SIO
1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 Email Devices WWW Web
LANGUAGES
IPS Networks Endpoints
More Than 80
PH.D, CCIE, CISSP, MSCE
Cloud IPS AnyConnect®
ESA ASA WWW WSA
Information
More Than 800
ENGINEERS, TECHNICIANS,
AND RESEARCHERS
Actions
Visibility Control
1.6 Million
GLOBAL SENSORS
100 TB
DATA RECEIVED PER DAY
40%
WORLDWIDE EMAIL TRAFFIC
13 Billion
WEB REQUESTS
More Than 150 Million
DEPLOYED ENDPOINTS
3 to 5
MINUTE UPDATES
More Than 200
PARAMETERS TRACKED
More Than 5500
IPS SIGNATURES PRODUCED
More Than 70
PUBLICATIONS PRODUCED
More Than 8 Million
RULES PER DAY

Collective Security Intelligence
Malware
Protection
IPS Rules
Reputation
Feeds
Vulnerability
Database Updates
Sourcefire AEGIS™
Program
Private and
Public
Threat Feeds
Sandnets
Sourcefire VRT®
(Vulnerability
Research Team)
Sandboxing
Machine Learning
Infrastructure
FireAMP™
Community
Honeypots
File Samples
Big Data
(>380,000 per Day)
Advanced
Microsoft
and Industry
Disclosures
SPARK Program
Snort and ClamAV
Open Source
Communities

The POWER in FirePOWER
SECURITY

About Sourcefire
Mission: To be the leading
provider of intelligent
cybersecurity solutions
for the enterprise.
• Founded in 2001 by Snort Creator, Martin
Roesch, CTO
• Headquarters: Columbia, MD
• Focus on enterprise and government customers
• Global Security Alliance ecosystem
• NASDAQ: FIRE
Leading in NSS for NGFW, NGIPS, BDS (Advanced Malware Protection)

Integrated Threat Defense Across the Attack Continuum
BEFORE
Control
Enforce
Harden
Attack Continuum
DURING AFTER
Detect
Block
Defend
Scope
Contain
Remediate
Firewall / VPN
Granular App Control
Modern Threat Control
Advanced Malware Protection
Retrospective Security
IoCs / Incident Response
NGIPS
Security Intelligence
Web Security
Visibility and Automation

FireSIGHT™ Management Center:
Full Stack Visibility
CATEGORIES EXAMPLES
FirePOWER Services TYPICAL
IPS
TYPICAL
NGFW
Threats Attacks, Anomalies ✔ ✔ ✔
Users AD, LDAP, POP3 ✔ ✗ ✔
Web Applications Facebook Chat, Ebay ✔ ✗ ✔
Application Protocols HTTP, SMTP, SSH ✔ ✗ ✔
File Transfers PDF, Office, EXE, JAR ✔ ✗ ✔
Malware Conficker, Flame ✔ ✗ ✗
Command & Control Servers C&C Security Intelligence ✔ ✗ ✗
Client Applications Firefox, IE6, BitTorrent ✔ ✗ ✗
Network Servers Apache 2.3.1, IIS4 ✔ ✗ ✗
Operating Systems Windows, Linux ✔ ✗ ✗
Routers & Switches Cisco, Nortel, Wireless ✔ ✗ ✗
Mobile Devices iPhone, Android, Jail ✔ ✗ ✗
Printers HP, Xerox, Canon ✔ ✗ ✗
VoIP Phones Cisco phones ✔ ✗ ✗
Virtual Machines VMware, Xen, RHEV ✔ ✗ ✗
Contextual
Information Superiority Awareness

Impact Assessment IMPACT
Correlates all intrusion events to
an impact of the attack against
the target
FLAG
ADMINISTRATOR
ACTION
WHY
Act Immediately,
Vulnerable
Event corresponds to
vulnerability mapped
to host
Investigate,
Potentially
Vulnerable
Relevant port open or
protocol in use, but
no vuln mapped
Good to Know,
Currently Not
Vulnerable
Relevant port not
open or protocol not
in use
Good to Know,
Unknown Target
Monitored network,
but unknown host
Good to Know,
Unknown Network
Unmonitored network

Cisco FireSIGHT Simplifies Operations
• Impact Assessment and Recommended Rules Automate
Routine Tasks

File Sent
File Received
File Executed
File Moved
File Quarantined

Indications of Compromise (IoCs)
IPS Events
Malware
Backdoors
CnC
Connections
Exploit Kits
Admin Privilege
Escalations
Web App
Attacks
SI Events
Connections to
Known CnC IPs
Malware Events
Malware
Detections
Malware
Executions
Office/PDF/Java
Compromises
Dropper
Infections

FirePOWER Services: Application Control
• Control access for applications, users and devices
• “Employees may view Facebook, but only Marketing may post to it”
• “No one may use peer-to-peer file sharing apps”
Over 3,000
apps, devices,
and more!

…Yet Another Open Source Success Story
• OpenAppID
• Open source application detection and control
Application-focused detection language tied to Snort engine
Enhances coverage and efficacy and accelerates development of application
detectors
Empowers the community to share detectors for greater protection
Already over 1300 OpenAppID Detectors
Ties into a Snort Pre-processor for maximum performance and integration
Detection of applications on the network
Reporting on the usage statistics of apps (traffic)
Blocking of applications by policy
Extensions to the Snort rule language to enable application specification
Reporting of an “App Name” along with Security events (e.g. IPS/AMP)

FirePOWER Services: URL Filtering
• Block non-business-related sites by category
• Based on user and user group

FirePOWER Services: Advanced Malware
Malware Alert!
Available In Defense Center
1) File Capture
Collective Security
Intelligence Sandbox
3) Send to Sandbox
2) File Storage
4) Execution Report
Network Traffic

Reduced Cost and Complexity
• Multilayered protection in a
single device
• Highly scalable for branch,
internet edge, and data centers
• Automates security tasks
oImpact assessment
oPolicy tuning
oUser identification
• Integrate transparently with
third-party security solutions
through eStreamer API

FirePOWER Appliances
SECURITY

Setting the New Standard for Advanced
Threat Protection
Sourcefire FirePOWER™
• Industry-best
Intrusion Prevention
• Real-time
Contextual Awareness
• Full Stack Visibility
• Intelligent Security Automation with FireSIGHT™
• Unparalleled Performance and Scalability
• Easily add Application Control, URL Filtering and Advanced Malware Protection with
optional subscription licenses

Platforms and Places in the Network
IPS Performance and Scalability
FirePOWER 7100 Series
500 Mbps – 1 Gbps
FirePOWER 7120/7125/8120
1 Gbps - 2 Gbps
FirePOWER 8100/8200
2 Gbps - 10 Gbps
10 Gbps – 40 Gbps
50 Mbps – 250 Mbps
15 Gbps – 60 Gbps
SOHO Branch Office Internet Edge Campus Data Center

FirePOWER Feature Summary
NGIPS
• IPS Detection and Prevention
• Security Updates
• Reports, Alerts, and Dashboards
• Centralized Policy Management
• Custom IPS Rule Creation
• Automated Impact Assessment
• Automated Tuning
• FireSIGHT Network & User
Intelligence
• IT Policy Compliance Whitelists
• File Type Determination
• Network Behavior Analysis
You can ADD additional license
• Application Control
• User and User Group Control
• Stateful Firewall Inspection
Switching and Routing
• Network Address Translation
• URL Filtering
• File Blocking
• Advanced Malware Protection
Virtual Appliances for VMWare and XEN

ASA with FirePOWER Services
SECURITY

FirePOWER Services for ASA: Components
FirePOWER Services Blade
ASA 5585-X
• Models: ASA 5585-X-10, ASA 5585-X-
20, ASA 5585-X-40, ASA 5585-X-60
• New FirePOWER Services Hardware
Module Required
• Licenses and Subscriptions
• Models: ASA 5512-X, 5515-X, 5525-X,
5545-X, and 5555-X
• SSD Drive Required
• FirePOWER Services Software Module
• Licenses and Subscriptions

Superior Multilayered Protection
• World’s most widely deployed, enterprise-class ASA stateful firewall
• Granular Application Visibility and Control (AVC)
• Industry-leading FirePOWER Next-Generation IPS (NGIPS)
• Reputation- and category-based URL filtering
• Advanced malware protection
Cisco Collective Security Intelligence Enabled
FireSIGHT
Analytics &
Automation
CISCO ASA
WWW
URL Filtering
(subscription)
Identity-Policy
Control & VPN
Advanced
Malware
Protection
(subscription)
Intrusion
Prevention
(subscription)
Application
Visibility &Control
Clustering &
High Availability
Network Firewall
Routing | Switching
Built-in Network
Profiling

ASA and FirePOWER Features
• IPS Detection and Prevention
• Security Updates
• Reports, Alerts, and Dashboards
• Centralized Policy Management
• Custom IPS Rule Creation
• Automated Impact Assessment
• Automated Tuning
• FireSIGHT Network & User Intelligence
• IT Policy Compliance Whitelists
• File Type Determination
• Network Behavior Analysis
• Application Control
• User and User Group Control
• Stateful Firewall Inspection Switching and
Routing
• Network Address Translation
• URL Filtering
• File Blocking
• Advanced Malware Protection
• Identity-Based Firewall for enhanced user ID
awareness.
• Highly Secure remote access (IPSEC and SSL)
• Proactive, near-real-time protection against Internet threats
• Integrates with other essential network security tech
• Supports Cisco TrustSec security group tags (SGTs) and
• Extensive stateful inspection engine,
• Site-to-site VPN, NAT, IPv6,
• Dynamic Routing (including BGP)
• HA, Clustering
• Protection from botnets
• Delivers high availability for high-resiliency application
• Change of Authorization (CoA)

The Perimeter is Dead,
Long Live the Perimeter
Buu Lam
Field Systems Engineer

pe·rim·e·ter
1.the continuous line forming the boundary of a closed geometric figure.
"the perimeter of a rectangle"
synonyms: circumference, outside, outer edge
"the perimeter of a circle"
the outermost parts or boundary of an area or object.
"the perimeter of the garden"
synonyms: boundary, border, limits, bounds, confines, edge, margin, fringe(s),
periphery, borderline, verge; More
a defended boundary of a military position or base.
In Networking we call it…DMZ

Defense in depth
The principle of defense-in-depth is that layered security
mechanisms increase security of the system as a whole. If an
attack causes one security mechanism to fail, other mechanisms
may still provide the necessary security to protect the
system……Implementing a defense-in-depth strategy can add to
the complexity of an application, which runs counter to the
“simplicity” principle often practiced in security. That is, one could
argue that adding new protection functionality adds additional
complexity that might bring new risks with it.
https://www.owasp.org/index.php/Defense_in_depth

What’s a
Perimeter
without a

Perimeter Security Technologies
A long time ago… and then… present day… and now with F5!
Firewalls started out as
proxies
Stateless filters
accelerated firewalls, but
weakened security
Stateful firewalls added
security with deep
inspection, but still fall
short of proxies
F5 brings full proxy back
to firewalls: highest
security matched by a
high-scale and high-performance
architecture
F5 Agility 2014 52

Protecting against Threats is challenging
Webification of apps Device proliferation
71% of internet experts predict
most people will do work via web
or mobile by 2020.
95%of workers use at least
one personal device for work.
130 millionenterprises will
use mobile apps by 2014
Evolving security threats Shifting perimeter
58%of all e-theft tied
to activist groups.
81%of breaches
involved hacking
80%of new apps will
target the cloud.
72%IT leaders have or will
move applications to the cloud.
F5 Agility 2014 53

Evolving Security Threat Landscape
F5 Agility 2014 54

More sophisticated attacks are multi-layer
Application
SSL
DNS
Network
F5 Agility 2014 55

Its all about the
Application.

BIG-IP Application Security Manager
BIG-IP ® ASM™ protects the applications your business relies on most and scales
to meet changing demands.
Multiple deployment
options
Visibility and
analysis
Comprehensive
protections
• Standalone or ADC add-on
• Appliance or Virtual edition
• Manual or automatic policy
building
• 3rd party DAST integration
• Visibility and analysis
• High speed customizable syslog
• Granular attack details
• Expert attack tracking
and profiling
• Policy & compliance reporting
• Integrates with SIEM software
• Full HTTP/S request logging
• Granular rules on every HTTP
element
• Client side parameter
manipulation protection
• Response checks for error &
data leakage
• AV integrations
F5 Agility 2014 57

Comprehensive Protections
BIG-IP ASM extends protection to more than application vulnerabilities
L7 DDOS
Web Scraping
Web bot
identification
XML filtering,
validation &
mitigation
XML Firewall
Geolocation
blocking
ICAP anti-virus
Integration
ASM
F5 Agility 2014 58

Network Threats
Application
Threats
90% of security investment focused here Yet 75% of attacks are focused here
Attack Vectors
TCP SYN Flood
TCP Conn Flood
DNS Flood
HTTP GET Flood
Attack Vectors
HTTP Slow Loris
DNS Cache Poison
SQL Injection
Cross Site Scripting
F5 Agility 2014 59

Unique full-proxy architecture
WAF WAF
Slowloris atXtaScSk iRule
leakage
iRule
iRule
HTTP
SSL
TCP
HTTP
SSL
TCP
iRule
iRule
iRule
SSL renegotiation
SYN flood
ICMP flood
Data
Network
Firewall
F5 Agility 2014 60

Who’s Requesting Access?
Employees Partner Customer Administrator
Manage access based on identity
IT challenged to:
• Control access based on user-type and role
• Unify access to all applications (mobile, VDI, Web, client-server, SaaS)
• Provide fast authentication and SSO
• Audit and report access and application metrics
F5 Agility 2014 62

Security at the Critical Point in the Network
Physical
Virtual
Cloud
Storage
Total Application Delivery Networking
Services
Clients Remote
access
SSL
VPN
APP
firewall
F5 Agility 2014 63

BIG-IP APM Use Cases
Secure Web Gateway
Accelerated Remote
Access
Internet Apps
Enterprise Data
& Apps
Federation
Cloud, SaaS,
and Partner
Apps
Internet
App Access Management
BIG-IP APM
OAM
VDI
Exchange
Sharepoint
F5 Agility 2014 64

Which Threat mitigation to use?
Content Delivery Network
Carrier Service Provider
Cloud-based DDoS Service
Cloud/Hosted Service
Network firewall with SSL inspection
Web Application Firewall
On-premise DDoS solution
Intrusion Detection/Prevention
On-Premise Defense
F5 Agility 2014 65

Full Proxy Security
Client / Server
Web application
Application
Session
Network
Physical
Application health monitoring and performance anomaly detection
HTTP proxy, HTTP DDoS and application security
SSL inspection and SSL DDoS mitigation
L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation
Client / Server
Web application
Application
Session
Network
Physical
F5 Agility 2014 67

F5 Provides Complete Visibility and Control
Across Applications and Users
DNS Web Access
Intelligent
Services
Platform
Users
Securing access to applications
from anywhere
Resources
Protecting your applications
regardless of where they live
Dynamic Threat Defense
DDoS Protection
Protocol Security
Network Firewall
TMOS
F5 Agility 2014 68

PROTECTING THE DATA CENTER
Use case
Load
Balancer
Firewall/VPN
• Consolidation of
firewall, app security,
traffic management
Network DDoS
DNS Security
Balancer & SSL
• Protection for data
centers and
application servers
Application DDoS
Web Application Firewall
Load
• High scale for the
most common
inbound protocols
Before f5
with f5
Web Access
Management
F5 Agility 2014 69

F5 Bringing deep application fluency to Perimeter security
One platform
SSL
inspection
Traffic
management
DNS
security
Access
control
Application
security
Network
firewall
EAL2+
EAL4+ (in process)
DDoS
mitigation
F5 Agility 2014 70

How do I implement
perimeter Security with
F5?

Reference Architectures
DDoS
Protection
S/Gi
Network
Simplificatio
n
Security for
Service
Providers
Application
Services
LTE
Roaming
Migration
to Cloud DevOps
Secure
Mobility
DNS
Cloud
Federation
Cloud
Bursting
F5 Agility 2014 72

Application (7)
Presentation
(6)
Increasing difficulty of attack detection
DDoS MITIGATION
Physical (1) Data Link (2) Network (3) Transport (4) Session (5)
Network attacks Session attacks Application attacks
OWASP Top 10 (SQL
Injection, XSS, CSRF,
etc.), Slowloris, Slow
Post, HashDos, GET
Floods
SYN Flood, Connection Flood, UDP Flood, Push and ACK
Floods, Teardrop, ICMP Floods, Ping Floods and Smurf
Attacks
BIG-IP ASM
Positive and negative
policy reinforcement,
iRules, full proxy for
HTTP, server
performance anomaly
detection
DNS UDP Floods, DNS Query
Floods, DNS NXDOMAIN Floods,
SSL Floods, SSL Renegotiation
BIG-IP LTM and GTM
High-scale performance, DNS
Express, SSL termination, iRules,
SSL renegotiation validation
BIG-IP AFM
SynCheck, default-deny posture, high-capacity connection
table, full-proxy traffic visibility, rate-limiting, strict TCP
forwarding.
Packet Velocity Accelerator (PVA) is a purpose-built,
customized hardware solution that increases scale by an order
of magnitude above software-only solutions.
OSI
stack
F5 mitigation technologies
OSI
stack
F5 mitigation technologies
F5 Agility 2014 73

®
Solve the Endpoint Security Challenge with Isolation, not Detection
Chris Cram
Security Solutions Architect

76
Agenda
The Security Landscape
Bromium Overview
Use Cases and Benefits
Summary and Next Steps

Up 294%
$30B No!
Security Spending — ’05–’14
Are
breaches
going
down?
Up 390%
Malware/Breaches — ’05–’14
Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
3
The IT Security Paradox

“Anti-virus is
dead. It catches
only 45% of
cyber-attacks.” Brian Dye
SVP,
Symantec
71% of all breaches
are from the
endpoint!
The Endpoint Problem
 Polymorphic
 Targeted
 …
Pattern Matching
 Only known
 Many ???
 Costly remediation
Advanced Threats Ineffective Detection
5
The Problem

 Polymorphic
 Targeted
 Zero Day
Pattern-Matching
 Only known
 Many false positives
 Costly remediation
71% of all breaches
start on the
endpoint!
Advanced Threats Ineffective Detection The Endpoint Problem
Source: Verizon Data Breach Report
4
The Problem

Advanced Attacks Evade Legacy Defenses
Threats
80
Network Detection Based
Firewall IPS Web & Email
Gateways
Endpoint Detection Based
PC
Firewall
PC
Anti-virus

81
$25B
$20B
$15B
$10B
$5B
$0
Citigroup
Washington
Post
Restaurant
Depot
Scribd Ubuntu
Bethesda
Game
Studios
Michael’s
Stores
Virginia LexisNexis
Sega
University of
Wisconsin –
Milwaukee
Sony
Pictures
Betfair
Seacoast
Radiology,
PA
Three
Iranian
banks
KT Corp.
Ohio Medicaid
State
Puerto Rico
Department
of Health
Sony Online
EntertainmentSouthern
Sony
PSN
California
Medical-Legal
Consultants
San
Francisco
Public
Utilities
Commission
Writerspace
.com
Network
Solutions
University
of California
Berkeley
Prescription
Monitoring
Program
Heartland
University
RockYou!
Drupal
Yahoo
Japan
South
Africa
Police
Living Social
Central
Hudson
Gas &
Electric
Nintendo
Washington
State court
system
Evernote
RBS
Worldpay
Auction.
com.kr
Virginia
Dept. of
Health
Ameritrade
Hannaford
Brothers
Supermarket
Monster.
Processors
International
CheckFree
Corporation
TD
com
Chain
TK/ TJ Maxx
Yahoo
Blizzard
Data
KDDI
Gawker
.com
Global
Payments
US
Federal
Reserve
Bank of
Clevelan
d
Ankle &
Foot
Center of
Tampa Bay,
AT&T
Ubisoft
Inc.
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Target
AOL
Cardsystems
Solutions Inc.
AOL
NASDAQ
Twitter
Sutherland
Healthcare
Neiman
Marcus
Ebay
Aaron
Brothers
Mac
Rumour
s
.Com
Neiman
Marcus
Home
Depot
America
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
n
Express
PF
Changs
Paytime
Adobe
Snapch
at
2013
614 reported breaches
91,982,172 records
Recent Security Timeline

82
$25B
$20B
$15B
$10B
$5B
$0
Application
Whitelisting
Host
Intrusion
Prevention
Endpoint
Sandboxing
Host Web
Filtering
Cloud-based
AV
detection
Network
Sandboxing
Breaches
Starting from
the Endpoint
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Significant Data Breaches Source: Idtheftcenter.org Updated 6/16/14 | WW Security Spend Source: Gartner, Red bubbles illustrative
only to depict the 71%
2013
614 reported breaches
91,982,172 records
Recent Security Timeline

Bromium—Pioneer and Innovator
Redefining security with isolation technology
Transforming the legacy security model
Global, top investors, leaders of Xen
Top tier customers across every vertical
8

84
Core Technology
Hardware isolates
each untrusted
Windows task
Lightweight, fast,
hidden, with an
unchanged native UX
Microvisor
Based on Xen with
a small, secure
code base
Industry-standard
desktop, laptop
hardware
Hardware
Virtualization
Hardware Security
Features

Isolate all end user tasks –
browsing, opening emails,
files…
Utilize micro-virtualization and
the CPU to hardware isolate
Across major threat vectors—
Web, email, USB, shares…
Seamless user experience
on standard PCs
85
How Bromium Solves The Problem

Bromium vSentry
OS
Anti-virus,
sandbox and
other security
tools
OS Kernel
 Today’s signature
and behavioral
techniques miss
many attacks
 They almost always
leave endpoints
corrupted, requiring
re-imaging
Hardware-isolated
Micro VMs
 All user tasks and
malware are isolated
in a super-efficient
micro-VM
 All micro-VMs
destroyed, elimi-nating
all traces of
malware with them
Hardware
Applications
tab
tab
OS
Hardware
Traditional Endpoint Security
O
S
O
S
O
S
O
S
10
Different from Traditional Security

LAVA Understanding the Kill Chain
WHO
Is the Target
WHERE
Is the Attacker
WHAT
WHAT
Is the Goal
WHAT
Is the Technique
Is the Intent
24

Java Legacy
App Support
Off Net Patching
Laptop Users
High Value
Targets
Threat
Intelligence
Secure
Browsing
12
Use Cases

89
Why Customers Deploy Bromium
Defeat Attacks
 Eliminate compromises on the endpoint
 Deliver protection in the office or on the road
Streamline IT
 Reduce operational costs
 Dramatically increase IT productivity
Empower End Users
 Remove the burden of security from users
 Enable users to click on
anything…anywhere

Summary
The attack landscape has fundamentally changed;
perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective;
endpoint is the weakest link
Bromium is redefining endpoint
security with micro-virtualization
Enormous benefits in defeating attacks,
streamlining IT and empowering users
90

Questions?

Beyond Compliance
Rob Stonehouse – Chief Security Architect

The Rush To Compliance
“We have to be compliant!”

What Do We Know?
• The Internet wants all your
information
• Law is not a deterrent
• Little risk for huge gains
• Patience = Success
• Users will still click on
anything
…It is going to get worse

20+ Years of Monitoring
What have we seen?
- Sophisticated malware
- Teams of attackers
- Persistence & Purpose

The Problem
Technology
• New strategies
• Hard to realize the value
InfoSec is Expensive
• Resource issues

What is The Answer?
Visibility

Get The Help You Need
You Can No Longer Do This Alone

Recap
• Reduce complexity – simplify
• Apply security at the infrastructure, applications and endpoint
• Augment technology with people and process
• Spend on security vs. compliance
• Gain visibility through effective security operations

Managed Security Services
Jamie Hari – Product Manager, Infrastructure & Security

Scalar discovered what they overlooked.

Changing Tactics

The way you look at security needs to change.

SIEM
104

Improved Intelligence
Scalar has the tools and experience to manage security
The SIEM is the heart and brain of the SOC. It moves
data around in a quickly complex and technical analyses landscape.
it with continually
updated intelligence.
Users
Servers End Points
Firewalls IPS VS AV/AM/AS
SIEM SOC Tools
Scalar SOC

What is SIEM?
A solution which gathers, analyzes, and presents
security information.
• Log Management
• Security Event Correlation and Analysis
• Security Alerting & Reporting

Reporting
Quickly Identify Patterns of Activity, Traffic, and Attacks

Managed SIEM & Incident Response
Real-time security event monitoring and intelligent
incident response
• 24 x 7 Security Alert & System Availability Monitoring
• Security Incident Analysis & Response
• Infrastructure Incident, Change, Patch, and Configuration
Management

What should I look for in a provider?
• Breadth and Depth of Technical Capability
• Flexibility in Deployment, Reporting, and Engagement Options
• Experience with Customers in Diverse Industries
• A Partner Model

Getting Started
110

Proof of Value
4 Week Trial
• Dashboard for Real-time Data
• Weekly Security Report
• Detailed Final Summary Report
• Seamless Continuation into Full Service

You decide how we fit

Questions?

Putting our expertise into practice.
114

Integrating, securing and managing
systems for the most technologically
advanced games ever.

Building a centre of excellence
that delivers a compute cluster to
a global user community.

2 banks. 5 months.
1 great enterprise application.
Mobile
Wallet

What’s next?
Looking for more info on security?
Rob Stonehouse, Scalar’s Chief Security
Architect, discusses security beyond
compliance on our blog here.

Scalar Security Roadshow - Vancouver Presentation

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Scalar Security Roadshow - Vancouver Presentation

Ähnlich wie Scalar Security Roadshow - Vancouver Presentation (20)

Mehr von Scalar Decisions

Mehr von Scalar Decisions (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Scalar Security Roadshow - Vancouver Presentation

Hinweis der Redaktion