forescout + fireeye joint solution - exclusive...
TRANSCRIPT
FORESCOUT + FIREEYEJOINT SOLUTIONWALLACE SANNFEDERAL CTO & REGIONAL VP OF SYSTEMS ENGINEERING, FORESCOUT
IT SECURITY CHALLENGES
76 Million Households affected
Hackers took over a remote server the bank failed to properly update
21m government employees identities stolenOPM did not maintain a comprehensive inventory of servers, databases and network devices
11m customers’ medical and financial data stolen
Premera’s network security procedures were inadequate
Cyber attack could cost as much as $100 million
Disabled the antivirus in the target machines without detection
80m customer records stolen
“Suspicious” administrator activity went unnoticed for months
“44 percent of known breaches came from vulnerabilities that are 2 to 4 years old”HP Cyber Risk Report 2015
Attackers exploit vulnerable endpoints, easily move across big flat networks
53 million email addresses and 56 million credit cards
Attackers used stolen vendor credential to access critical systems
The Home Depot
ManagedDevices
UnmanagedDevices
IT SECURITY CHALLENGES
Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods
Source: Gartner, BI Intelligence, Verizon, ForeScout
2010 2012 2014 2016 2018 2020
By 2020: 20+ BillionUnmanagedConnected Devices
Dec 2014: “Within two years, 90% of all IT networks will have an IoT-based security breach”
Number of unmanaged devices is exploding
IT SECURITY CHALLENGES
Security products are silos.
Human beings are needed to compensate for lack of automation.
SecOps teams are overwhelmed and cannot respond in timely fashion.
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
IBMIBM
“70 to 90 percent of all malicious incidents could have been prevented or found sooner if existing logs and alerts had been monitored”Verizon Data Breach Investigations Report
“Average time to contain a cyber attack is 31 days”Ponemon Institute “2014 Global Report on the Cost of Cyber Crime”
Fragmented security lets attackers in
JOINT SOLUTION
+1. Reveal unknown risks on your network
2. Enforce policy to reduce risks and shrink attack surface
3. Detect and block advanced threats
4. Rapidly respond to security breaches
Not VisibleVisible
Visible withIoT
1. SEE UNKNOWN RISKS ON YOUR NETWORK
Managed Unmanaged
DIRECTORIES
PATCH
SIEM
ATD
VA
EMM
OTHER
Computing Devices
Network Devices
Applications
Antivirus out-of-date
Broken agent
Vulnerability
Continuous
Agentless
Users EndpointsNetwork Existing IT
2. CONTROL ENVIRONMENT TO REDUCE RISKS
Automated
Policy-driven
3. DETECT AND BLOCK ADVANCED THREATS
4. RAPIDLY RESPOND TO SECURITY BREACHWhen FireEye detects advanced threats
• First infection may have already occurred (patient zero)
Pre-infected endpoints could connect to the network• Infected on public networks, infection pathways such as USB drives etc.
Internal propagation can start from infected endpoints
Unless deployed inline, endpoints can connect to C&C servers
ForeScout works with FireEye to rapidly respond to prevent threat propagation and data exfiltration
• Network – quarantine infected systems
• Endpoint – confirm and kill malicious processes
4. RAPIDLY RESPOND TO SECURITY BREACH
1
2
3
Endpoint
5
4
Attack
Alert
Block
Scan
4. RAPIDLY RESPOND TO SECURITY BREACH
Quarantine System
Automate Mitigation Actions
Scan Other Systems
IOC detected by FireEye
+1. Gain real-time visibility2. Expanded intelligence 3. Reduce endpoint risks and attack surface4. Detect and block advanced threats5. Expedite response to security breaches
Network – quarantine device Endpoint – confirm and kill malicious processes
JOINT INTEGRATION BENEFITS
QUESTIONS
THANK YOU