2015 security conference ash patel intel security

32
2015 Security Conference Ash Patel Intel Security

Upload: christine-mclaughlin

Post on 20-Jan-2016

212 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 2015 Security Conference Ash Patel Intel Security

2015 Security Conference

Ash PatelIntel Security

Page 2: 2015 Security Conference Ash Patel Intel Security

.

McAfeeNextGenerationFirewallandSecurityConnectedThreatEcosystem~LogicallisSecurityConference2015

AshishPatel–NetworkSecurityRegionalDirector

Page 3: 2015 Security Conference Ash Patel Intel Security

.

ThreatsAreGettingThrough

469,000 UniqueMalware

SamplesDiscoveredWeekly

83%Organizationshitby

AdvancedPersistentThreats

Mobilemalwaregrew30% with99% Android targeted

Root Kit AttacksReturntoGrowth

Subverting

Digital Signatures BecomingMoreCommon

FastestGrowingNon-mobileMalwareIs

Ransomware

Advanced

Evasion Techniques UseGrowingtoGetOld/NewMalwareThroughLegacyDefenses

Page 4: 2015 Security Conference Ash Patel Intel Security

.

4

“Connected” NGFW

Performance Enhanced NGFW

First NGFW

Firewall&NGFWEvolution

• Connectedtoendpointsecurity• ConnectedtoSIEM• Connectedtoadvancedthreatdetection• Connectedtoreal-timeglobalthreatdatabase

• Centralmanagementforlargenetworks• Highavailability• Advancedevasionprotection

• Inspection• Applicationanduser

awareness

Traditional FW

Com

pleten

essofSecurity

2012 2014201320081988

Page 5: 2015 Security Conference Ash Patel Intel Security

.

“”

AlbertEinstein

INSANITY: doingthesamething

andexpectingdifferentresults.

“”

Wecannotsolveourproblemswiththesame thinking

we used whenwecreatedthem.

over and over again

Page 6: 2015 Security Conference Ash Patel Intel Security

.

6

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 7: 2015 Security Conference Ash Patel Intel Security

.

7

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 8: 2015 Security Conference Ash Patel Intel Security

.

8

McAfeeNGFWpartoftheecosystemSecurityConnectedIntegrations

Information exchange betweennetwork,endpointandglobalthreatinformationforsuperiorprotection

McAfee Advanced Threat Defense • Superiormalwaredetection

againstzero-daythreats

McAfee ESM (SIEM)• Continuousmonitoringof

thewholenetworksecurityincludingNGFW

McAfee endpoint• Visibilitytoendpoint• Endpointinformationusein

policyenforcement

McAfee Global Threat Intelligence• Comprehensivethreat

informationforfilereputations

McAfeeNGFW

Page 9: 2015 Security Conference Ash Patel Intel Security

.

GTI

300MIPSattacks/mo.

300MIPSattacks/mo.

2BbotnetC&CIPreputationqueries/mo.

20Bmessagereputationqueries/mo.

2.5Bmalwarereputationqueries/mo.

300MIPSattacks/mo.

NetworkIPS

FirewallWeb

GatewayHostAV

MailGateway

HostIPS

3rdPartyFeed

Geolocationfeeds

NetworkActivityAffiliations

Ports/ProtocolIPAddress

WebReputationURL

WebActivity SenderReputationMailActivity

EmailAddress

FileReputationDNSServer

ApplicationDomain

DataActivity

Geo-location

THREATREPUTATION

GlobalThreatIntelligence

Page 10: 2015 Security Conference Ash Patel Intel Security

.

GTI

300MIPSattacks/mo.

300MIPSattacks/mo.

2BbotnetC&CIPreputationqueries/mo.

20Bmessagereputationqueries/mo.

2.5Bmalwarereputationqueries/mo.

300MIPSattacks/mo.

NetworkIPS

FirewallWeb

GatewayHostAV

MailGateway

HostIPS

3rdPartyFeed

Geolocationfeeds

THREATREPUTATION

GlobalThreatIntelligence

Page 11: 2015 Security Conference Ash Patel Intel Security

.

11

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 12: 2015 Security Conference Ash Patel Intel Security

.

12

FlexibleDeliveryUnifiedSoftwareCore

Adjustablesecuritylevelssupportawidevarietyofdeploymentscenarios

Performancelevelsaremaintainedevenwithdeeppacketinspectionenabled

NEXTGENERATIONFIREWALL

FIREWALL LAYER2FIREWALL

IPS

MILITARY

GLOBAL

ENTERPRISE

COMMERCIAL

SMB

VPN

SOFT VIRTUAL PHYSICAL

McAfee

Page 13: 2015 Security Conference Ash Patel Intel Security

.

13

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 14: 2015 Security Conference Ash Patel Intel Security

.

14

Enablerforaccuracy,efficiencyandbetteruseoftimeSinglePaneofGlassforSecurityManagement

McAfeeSecurityManagementCenter

(SMC)

FW/VPN

IPS

L2FW

NGFWONE UNIFIED APPLIANCE LOCATIONS

PLATFORMS---

Virtual (cloud)PhysicalHybrid

McAfeeESM

McAfeeEIA

McAfeeePO

SECURITYCONNECTED

Page 15: 2015 Security Conference Ash Patel Intel Security

.

15

Initialconfigurationpushedfrom

cloud

Plug-and-PlayDeploymentforremotesiterolloutsEfficientCentralizedManagement

Preconfigured

CallhomePolicypushfrom

theSMC

Initialconfigurationsuploaded Connectto

InstallationCloud

Cutdeploymenttimefrom weeks and days to minutes

McAfeeSMCMcAfeeNGFW

Page 16: 2015 Security Conference Ash Patel Intel Security

.

16

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 17: 2015 Security Conference Ash Patel Intel Security

.

WHY WORRY TODAY? How do AETs score against leading next generation network security products?

7 TEST CASE (Conficker worm)AET-BORNE ATTACKS

SUCCEEDED (undetected)

Divide exploit in IP fragments 70%

Divide exploit in TCP segments 90%Using grey areas of protocols to hide the exploit 90%

Change byte encoding methods 40%

TCP segmentation and re-ordering 80%TCP segmentation and re-ordering + urgent data 90%Sending TCP payload with old timestamps (PAWS) 80%

Page 18: 2015 Security Conference Ash Patel Intel Security

.

DEFINITIONS

APT

EVASIVE & ADVANCED MALWARE FOR HOST-BASED ATTACKS

Evasive & advanced

malware

NETWORK-BASED ADVANCED EVASION TECHNIQUES

AET

ADVANCED PERSISTENT THREAT“A highly motivated attacker implementing a targeted attack. Uses multiple hacking methods and advanced malware in order to penetrate, and stay stealthy, for a long period of time. Often uses AETs to improve the penetration success rate.”

“Any kind of malware designed and developed to operate and stay undetected while it has penetrated end points and target hosts.”

“A specific hacking technique that has been developed to bypass all security devices and deliver a malicious code or exploit to its target undetected. AETs can be used to deliver known and unknown exploits and malicious content.

Page 19: 2015 Security Conference Ash Patel Intel Security

.

When buying and developing new exploits hackers can improve ROI

substantially by using AETs. They can also recycle existing

malicious payloads by using AETs.

IMPROVE ROI

AETs SUPPORT THE HACKER BUSINESS CASE

ACCESS ALL AREAS

DO NOTGET CAUGHT

By using AETs hackers canpenetrate deep into the network.

… and they can do it undetected,with stealth.

Page 20: 2015 Security Conference Ash Patel Intel Security

.

20

FundamentalDifferenceinTrafficInspectionAdvancedEvasionPrevention

TraditionalInspectionArchitecture

ta t a

?

McAfeeNGFWStream-BasedFullStackNormalization

Protocolagents

tack at

ck

attack !

McAfee NGFW

Full-stack visibilityMcAfeedecodesandnormalizestrafficonallprotocollayers

Normalization-based evasion removalThenormalizationprocessremovesevasionsbeforedatastreaminspection

Application data stream-based detectionVulnerability-basedfingerprintsdetectexploitsinthenormalizedapplication-leveldatastreams

In-house research and toolsEvasion-proofproductqualityassuredwithautomatedevasionfuzzingtests

Upgrades and upgradesAnti-evasiontechnologyautomaticallyupdatedinNGFW

Page 21: 2015 Security Conference Ash Patel Intel Security

.

21

AdvancedEvasionPrevention-evader.mcafee.comDeviceTesting

With Evader getting access to the “protected” network is as simple as:Select the Exploit1

Identify Attack Target2

CiscoPaloAltoNetworksCheckPointFortinetJuniperSourceFireTippingPointSelect the Evasion

Technique3

Page 22: 2015 Security Conference Ash Patel Intel Security

.

22

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 23: 2015 Security Conference Ash Patel Intel Security

.

HighAvailability

23

Riskmitigationvs.resilience

FullStackResilienceenablingbusinesscontinuity

Clustering/loadbalancing

Siteresilienceenablingin-serviceupgrades

ServiceProvider

ServiceProvider

Link/VPNfailovers

Connectivityresilience

ManagementHA

Managementresilience

Page 24: 2015 Security Conference Ash Patel Intel Security

.

24

NativeActive-ActiveClusteringHighAvailability

99.999%

UPTIME

Node 1

Node 6 …16

Node 2 Node 3

Node 5Node 4

Mix of hardware and software

versions

“IcanupgradeaFWclusterwithout dropping a single packet”–McAfee NGFW customer

Internet

Page 25: 2015 Security Conference Ash Patel Intel Security

.

25

Cost-effectivealternative to MPLSwithsecurityincluded

HighAvailabilityAugmentedVPNforenterpriselevelsite-to-siteconnectivity

8Mbps

8Mbps

8Mbps

=upto24Mbps

+HQ

DistantSite

DistantSite

+

MPLS

ADSL

ISPA

ISPB

Page 26: 2015 Security Conference Ash Patel Intel Security

.

26

McAfeeDifferentiators

Unified Software

Core

StrongCentralized

Management

High Availability

Advanced Evasion

Prevention

Security Connected

Page 27: 2015 Security Conference Ash Patel Intel Security

.

27

PerfectfitforvariouslocationsandhybridenvironmentsMcAfeeNextGenerationFirewallPortfolio

Branchoffice

Ruggedized applianceWet,dust,shockproof

design

Temperaturehardened

Desktop appliancesModularandfixeddesigns

Integrationofaccesstechnologies

Rack installable appliances

Modularandadaptable

Highspeedinterfaces

Virtual and software appliances

Highsystemperformance

Supportforvariousplatforms

Unifiedplatform,fullNGFWfunctionality

Page 28: 2015 Security Conference Ash Patel Intel Security

.

28

“McAfeeNextGenerationFirewalldoes99%ofournetworkconfiguration,

reducing what used to take hours to minutes.”

– Julian DyerCOBWEB, Chief Technical Officer

Page 29: 2015 Security Conference Ash Patel Intel Security

.

29

Seemorefromwww.mcafee.com/ngfwCertifiedandValidatedby3rdParties

Certifications

Validations

Page 30: 2015 Security Conference Ash Patel Intel Security

.

ExtendstheConnected Firewallcapabilitiesby

connectingtheFirewallwithEnd-Point Intelligence

ProvidesnewflexibilitytoVirtualizedData Centers

Page 31: 2015 Security Conference Ash Patel Intel Security

.

31

Page 32: 2015 Security Conference Ash Patel Intel Security