fortify your network securitypages.accudatasystems.com/rs/729-xkh-207/images... · risks we needed....

©Accudata Systems, Inc. 2016

Fortify Your Network Security

Presenter: Michael J. Knapp | Forcepoint


PIONEERING TECHNOLOGY


MEET OUR SPEAKER

Michael J. KnappDirector, Network Security Architecture for the Americas

and Office of the CISO

Copyright © 2016 Forcepoint. All rights reserved. | 4

THE PROBLEM WE ARE FACING

Organizations continue to struggle with staying out of the newspaper headlines and with the ever-changing threat landscape. Even with increased security spending, the number of incidents and public disclosures are still coming in at an alarming pace. So how do organizations cope with these threats and the challenges that they face from BYOD, virtualization, Cloud, SDN, demanding users. What are we doing wrong?


OUR FOCUS FOR TODAY

PEOPLE PROCESS POLICY PRODUCTS


PEOPLE : THE CHALLENGE

People are Our Greatest Asset, but are also one of Our Greatest Threats…

Life for Security Teams would be easy if we didn’t have employees. Since that’s not possible, we need to find a way to best mitigate risk to our organizations.

Verizon 2016 Data Breach Investigations Report


PEOPLE : THE SOLUTION

Change for any Organization must start at the top… Even the best IT & Security teams will fail without complete support from their Executive Staff. The solution often requires a shift in Security Culture in order to be effective.

Instill the idea that every Employee is a member of the Security Department.

Train all employees from the Boardroom to the Call Center about security; after all

security is only as good as the weakest link.

Use analogies when describing security principles and avoid technical jargon, which is

easier for employees to relate to.

Create a collaborative approach to Security in which various groups within the

organizations can offer up ideas on improving security.


PROCESS : THE SILO EFFECT

Audit &Compliance

OperationsTeam

SecurityTeam

NetworkTeam


"Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime.

"Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off," said Kevin Haley, director, Symantec Security Response.

"We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams."

PROCESS : IMPORTANCE


In nearly every Security Breach that has occurred in the last 5 years, there was an example of someone failing to follow a process or a process that wasn’t updated, which ultimately led to the incident.

Building out a comprehensive, living, process that is followed by the organization for day-to-day activities and during emergency situations is imperative. This allows teams to adapt to changes in the threat landscape and to test their processes against new threats to find weaknesses.

We often take for granted that individuals know what actions to take for any given scenario. What most organizations find out, though, is that out-of-band changes, including those during duress, often leave undesirable residual changes in the environment, which can later be exploited.

PROCESS : DEFINE A LIVING PROCESS


Make sure that when you are building out your processes that you choose tools that allow you to build a culture of cooperation. Most products were designed for a singular purpose and don’t cross the Silo boundaries.

Some tools provide the foundation necessary to bring groups together across these silos. Multi-tenancy within the management system with full Role Based Access Controls (RBAC) are a great way to bring the teams together. This allows organizations not only to reduce complexities, but reduce spend and converge numerous disparate platforms.

PROCESS : MAKE SURE YOUR TOOLS BUILD COOPERATION

Anti-evasion

Anti-virus & Anti-Spam

Application Visibility

URL Filtering

IPsec VPN &SSL VPN

Intrusion Prevention& Deep Inspection

High Availability &Clustering

Stateful FirewallRouting

3rd Party Events &Monitoring


POLICY : CANNOT BE AN AFTERTHOUGHT

The Policy is where People, Process, and Controls all converge. It is one of the most basic compensating controls that’s generally under utilized and often ignored…

Historically, this is because IT lacked the ability to put in place granular controls to enforce a policy element. As a result, policies that were created were very basic and did not have adequate enforcement.

Put some teeth back into IT Security by building, and enforcing, a comprehensive security policy.


POLICY : CANNOT BE AN AFTERTHOUGHT

“UNDERSTANDINGWHAT DATA SETSWERE IMPORTANTTO THE COMBINED

COMPANY, ANDIDENTIFYING WHERE

THEY WERE ANDWHAT CONTROLSWERE IN PLACE

TO PROTECT THEMGAVE US A BETTER

VIEW OF WHATRISKS WE NEEDED

TO ADDRESS.”

- DAVE BARTONFORCEPOINT CISO

Organizations should start with a policy structure that aligns to their business. Once the initial policy is deployed, leverage your technology investments to identify new trends.

Understand why something is happening

Implement Controlsto curb behaviors & mitigate risk


PRODUCTS : VENDORS HAVE NOT BEEN HELPING

Audit &Compliance

OperationsTeam

SecurityTeam

NetworkTeam


PRODUCTS : SOLVING THE VENDOR CHALLENGE

Audit &Compliance

OperationsTeam

SecurityTeam

NetworkTeam


PRODUCTS : SOLVING THE VENDOR CHALLENGE

Audit &Compliance

OperationsTeam

SecurityTeam

NetworkTeam

++++

Optimize Organizational Spending and Integrate Solutions for Automation + Efficiency

Instead of purchasing project specific products, invest in Outcomes.


PRODUCTS : MASTER THE ART OF INTEGRATION

Leverage the capabilities of your network. Most organizations only use a small subset of capabilities that are available. Make sure that you tie the best of what they offer with other systems.

Your Security Vendor is not sitting idle. They are constantly innovating, and so you need a process/plan on adopting the new technologies and integrating it with other platforms.

When used in conjunction, your controls can move from intrusive to empowering. If you understand how to leverage what one product does into workflows for others, it’s a game changer.

Even if an organization has written policies, we must enforce them using technical controls in an automated fashion. For enhanced user experience, you can integrate with other controls, such as MDM.

Making changes manually introduces risk to organizations. Many products can natively integrate via APIs, but organizations should also invest in Security Policy Management technology to prevent drift from baseline policies.


PRODUCTS : FOCUS ON THE OUTCOME

Device AttemptsTo Connect

Device isAuthenticated

NGFW ControlsAccess

Critical Servers& Assets

InternetEmployee

Mobile Device

Define Desired Outcome: Differentiated Access for devices based on user, type of device, location, and time of day, all completed with the user not being prompted for credentials each day.

Map the logical workflow out using your technical controls and capabilities.

Pilot, listen to feedback, tweak, and test again…

Then deploy…


PRODUCTS : FULLY LEVERAGE YOUR INVESTMENTS

EmployeeMobile Device

Device AttemptsTo Connect

Device isAuthenticated

NGFW ControlsAccess

Critical Servers& Assets

Internet



Understand the

Value that your investments can provide you.


PRODUCTS : ASK QUESTIONS - AVAILABILITY & SCALABILITY

Native Active-Active clustering

v5.8

v5.7

v5.6

Unique clustering features:Different firmware versions

Different appliance models and software on COTS hardware

Up to 16 active-active nodes in a cluster

StonesoftNext-Generation Firewall Cluster

Updates

Node 1: NGF-3206

Node 2: NGF-1402

Node 4: NGF-325

Node 3: Software

Node 5: SoftwareOperational benefits:Seamless upgrades and updates

with no traffic interruptions or change windows required

Fully transparent failover practically eliminates unscheduled downtime


Worldwide Sales Conference 2016, Proprietary & Confidential | 22

Network resiliency and cost savings

Multi-LinkBusiness Continuity

• Transparent failover• Load-balancing

or back-up links• Security

Augmented VPNFlexibility

• Supports multiple accesstechnologies

• QoS support • Optimize bandwidth usage

Alternative to MPLSCost Savings

• Provider and technology independent

• Add bandwidth easily

ISP 1

ISP 2

ISP N

Multi-LinkIPsec VPN

Cable

3/4G DSL 1

DSL 2

MPLS

RegularTraffic &Back-up

links

Critical Traffic

Up to 90%Savings on

MPLS costs

PRODUCTS : CONNECTION HIGH AVAILABILTY & SCALABILITY


Data Center 1

Management (A)Office 2

Office 3

Logging

SIEM

Data Center 2

Management (S) Logging

SIEM

Man

agem

ent

Rai

l

Management Console

Advanced ThreatDefense

Advanced ThreatDefense

DC Internet Edge

DC Internet Edge

3rd Party Threat Intelligence

Threat Intelligence

Office 1998

Office 1999

Office 2000

Managed Services

Zone 5 : VLAN 5xx

Office 1

Zone 1 : VLAN 1xx

Zone 2 : VLAN 2xx

Zone 3 : VLAN 3xx

Zone 4 : VLAN 4xx

802.

1Q T

runk

(ZO

NES

)

MPLS

Internet

Centralized ManagementThe NGFW platform supports up to 2,000 NGFW appliances being managed from the same console. While all the devices can have the exact same configuration if desired, the platform also supports hierarchical policies and even multi-tenancy. This allows organizations incredible flexibility in how they deploy the technology in their environment and can adjust quickly to change.

All services including rules, IPS settings, Antimalware, etc are all centrally controlled and can be selectively enabled over time as desired. The management platform also supports geographic dispersed high availability deployments.

PRODUCTS : THE BENEFIT OF GOING ALL IN



Stonesoft NGFW provides control of over 2,200+ apps

Stateful FW

Source IP Source Port Destination IP Destination Port Service

10.20.1.143 12244 16.82.43.5 80 HTTP

10.20.1.143 12371 48.33.1.43 80 HTTP

User Group Source IP Source Port DestinationIP

Destination Port Application Service

Stonesoft NGFW Charlie / Sales

Susan / Marketing

Charlie Sales 10.20.1.14 12244 16.82.43.5 80 Skype HTTP

Charlie Sales 10.20.1.14 22411 62.12.143.5 80 Facebook Chat HTTP

Susan Marketing 10.20.1.15 13221 62.12.143.5 80 Facebook Chat HTTP

Charlie Sales 10.20.1.14 22411 122.42.88.4 80 Angry Birds HTTP


ENABLING MAJOR BUSINESS VALUES

IDC TCO Report Findings

Stonesoft NGFW Business Value Highlights

527% $5.3M 6Months

84% 30%94%

Key Performance Improvements Realized fromCustomers Who Deployed Stonesoft NGFW


OUR FOCUS FOR TODAY

PEOPLE PROCESS POLICY PRODUCTS


281.897.5000 | 800.246.4908 | www.accudatasystems.com

QUESTIONS?


281.897.5000 | 800.246.4908 | www.accudatasystems.com

START FORTIFYING YOUR NETWORK

SCHEDULE A COMPLIMENTARYCONSULTATION WITH ONE OF OUR

ADVISORS.

EMAIL: VID SISTA, PRACTICE [email protected]

fortify your network securitypages.accudatasystems.com/rs/729-xkh-207/images... · risks we needed....

Documents