Transcript the Presentation

Achieving Deeper
Network Security
•
How well prepared are you for the next cyber threat?
1
Confidential – Systems Engineering Director – Dell Network Security
David
Buckwald
SonicWALL
Current
Threat
Landscape
2
Confidential
SonicWALL
600,000
Source: Dell SecureWork
Doubling each year
New pieces of malicious code found daily
2013: 600,000 daily
2012: 300,000 daily
2011: 150,000 daily
50,000
New pieces of malicious code found daily
2013: 53,000 daily
2012: 44,000 daily
2011: 37,000 daily
Source: Dell SonicWALL 2013 Threat Report
1 of 6
71%
SMBs has experienced an
IT security breach (1
million+ U.S. companies)
Mobile devices in SMB environment
found to have high severity
operating system and application
vulnerabilities
40%
$3.5M
Of all targeted attacks during past
two years directed at companies
with fewer than 500 employees
3
Average cost to US
businesses says Ponemon
Institute 2014 Cost of Data
Breach Study
Confidential
“No company is
immune, from the
Fortune 500
corporation to the
neighborhood ‘mom
and pop’ business.”
FBI Director Robert Mueller
SonicWALL
Source: Dell SecureWork unless noted otherwise
Underlying foundation of threats:
Basic nature of threats is constant change
Expanding complexity and reach of threats
• Financial gain
Global
infrastructure
• Espionage - intel gathering
• Nefarious purpose
• Competitive advantage
Regional
networks
• Homeland security threats
• Advance Persistent Threat
Multiple
networks
• Internet
• Worms
• Modem
Individual networks
• Security
• Firewall 101
Individual
computers
• Individual
computers
• Trojans
• Morphing and complex
threats
• AI (learn) hacking
• XSS, SQL Injection attacks
• DOS/ DDOS
• Delivery via Web 2.0 and
social networking sites
• Physical again
(Portable media)
• Gov’t Healthcare Spam /
Phishing
• TSRs
• Watering-hole attacks
• Viruses
• Ransomware
• System hopping malware
• Sophisticated Smartphone
Attacks
1980
4
Confidential
1990
2000
2015
SonicWALL
Unavoidable realities
Threats are increasing in
scope and sophistication
Malware are deeply
hidden beneath the
surface
More devices
means more risk
!
More
applications
means more
vulnerabilities
5
Confidential
Bandwidth needs
continue to grow
Increasing east-west
traffic enlarges attack
surface
SonicWALL
Have you seen these headlines?
6
Confidential
SonicWALL
Have you seen these headlines?
7
Confidential
SonicWALL
What if Hackers Inc. was a company?
#1
74x >
Source: Dell SecureWorks
10
Confidential
SonicWALL
Breaches per threat actor category
Source: Verizon 2014 DATA BREACH INVESTIGATIONS REPORT
11
Confidential
SonicWALL
Advanced Persistent Threat Lifecycle
Stages:
Advanced
Persistent
Threat
13
Confidential
•
•
•
•
•
•
Preparation
Initial Intrusion
Expansion
Persistence
Search & Exfiltration
Cleanup
SonicWALL
Be proactive
with
persistent and
adaptive
security
Invest in
Next Generation
Firewall
Defend the
endpoints
24/7/365
Threat
Monitoring
20
Confidential
Multiple layers
of threat
protection
Add SSL
inspection and
application
control
SonicWALL
Persistent and
adaptive security
21
Confidential
SonicWALL
Defend the endpoints
Security Services
Enforced Content Filtering
Client
Enforced Client Anti-Virus &
Anti-Spyware
Secure Mobile Access
22
Confidential
Layered protection
Blocks inappropriate, illegal and
dangerous Web content based on policy
Automated client anti-virus and antispyware deployment and management
Enable mobile workers using personal
mobile devices to access corporate data and
resources without compromising security
SonicWALL
Threats have
evolved but
firewalls & IPS
have not
23
Confidential
SonicWALL
Deep inspection for deep security with Next
Generation Firewall technology
Stateful Packet
Inspection
Deep Packet Inspection
24
Confidential
1. Stateful Packet Inspection
2.
3.
4.
5.
6.
7.
Intrusion Prevention
Threat Prevention (Anti-Virus/Spyware)
Application Identification & Visualization
Application Control
SSL Decryption
User Identification through Single Sign
On (SSO)
SonicWALL
Persistent and adaptive security at the
gateway
Security Services
Intrusion Prevention
SSL Inspection
Gateway Anti-Virus and AntiSpyware
Content Filtering Service
Comprehensive Anti-Spam
Service
Application Intelligence, Control
and Visualization
25
Confidential
Layered protection
Protects against a comprehensive
array of network-based exploits and
evasive techniques
Protects against malware embedded in
SSL traffic (i.e. HTTPS, SSH, FTPS…)
Real-time gateway anti-virus scanning
and dynamic spyware protection
Blocks inappropriate, illegal and
dangerous Web content based on policy
Stops spam, phishing & malware at the
gateway
Granular control & real-time visualization of
applications running on your network for
maximum security & productivity
SonicWALL
Deeper level of network security without
the performance compromise
Real time, deep security
–
–
–
–
–
Reassembly-Free DPI – scan everything
For full malware protection
Simultaneous, proactive, multi-threat scanning
Industry's top percentile for catch rate
SSL Decryption without performance penalty
Massively scalable architecture
–
–
–
–
Multi-core, scalable - up to 96 cores
Clustering technology for high throughput and availability
Unlimited data size, formats, or connections
High network performance with low latency
Best solution economics
– Products in every price band, leadership
– Easy to adopt, deploy and manage
– Interoperable, modular platform
26
Confidential
SonicWALL
Next-generation firewall (NGFW)
Breaks the malware cycle
SSL Decryption
URL
Filtering
Intrusion
Prevention
Network
Anti-Virus
Cloud
Anti-Virus
Botnet
Filtering
27
Confidential
Page Visit
Compromised
“Good” Site
Exploit
Malware Request
Malware
Hosting Site
Malware
SonicWALL
SSL Inspection
As much as 50 percent of corporate
network traffic is encrypted using SSL.
SSL Performance Problems – NSS Labs, 2013
HTTPS, SMTPS, NNTPS,
LDAPS, FTPS, TelnetS,
IMAPS, IRCS, and POPS —
and regardless of the port
Organizations not inspecting SSL traffic are blind to 1/2 of the
traffic on the network.
28
Confidential
SonicWALL
Malware Prevention System
Protects from…
Protocols Inspected…
CloudAssist™
• APTs
• IPv4 / IPv6 / SSL*
• Protection from Executables
• RATs
• TCP
• Updated 24x7x365
• Viruses
• HTTP / HTTPS*
• Over 15 Million
• Keyloggers
• SMTP
countermeasures and
• Spyware
• IMAP
growing as new threats occur
• POP3
• FTP / FTPS*
• ICSA labs anti-virus monthly
testing
• NetBIOS / SMB / SMB2
https://www.icsalabs.com/technology-program/anti-virus/av-monthly-testing-reports
29
Confidential
SonicWALL
CloudAssist™ Malware Protection
A
T
T
A
C
K
30
0e7ccbf78167faac97f7a45f977681d9
75%
Executable File
Confidential
25%
Send Reply to
Drop Connection
!
CloudAssist Database
15M+ Signatures
SonicWALL
Application intelligence and control
Identify
Categorize
Control
Policy
? ?
?
?
?
Visualization
? ?
31
Confidential
SonicWALL
24x7x365 Threat
Monitoring
34
Confidential
SonicWALL
Deep Threat Intelligence and Understanding
• Experienced in-house security research team
• World-wide Monitoring
• Advanced Tracking & Detection
• Industry Leading Responsiveness
• Preventative Protection
• Active participant in leading research organizations
(WildList, AVIEN, PIRT, APWG and more)
• Member of the Microsoft Active Protections Program (MAPP)


8,000,000+ Individual Threat Coverage
25,000 On-Board Threat Family Signatures

3800+ Application Signatures
100% Intellectual Property ownership of security engine
100% Intellectual Property ownership of all countermeasures
35
Confidential
SonicWALL
Microsoft Active Protections Program
36
Confidential
SonicWALL
The BYOD challenge
Personal
Business
Increased business risk:
Corporate data loss
Malware attack
Personal data privacy compliance
40
Confidential
SonicWALL
Securing mobile device scenarios
Ownership
Mgmt scope
Type
Corporate owned
Device fully
managed
Corporate provided
Corporate owned
Per-app
managed
Corporate provided
Employee selected/corporate
owned
Device fully
managed
Choose your own
device (CYOD)
Employee selected/corporate
owned
Per-app
managed
CYOD
Employee owned
Device fully
managed
Corporate managed
Employee owned
Per-app
managed
BYOD
41
Confidential
SonicWALL
Mobile security — end to end
IT
Mobile device
management (MDM)
Corporate perimeter
Directories
Mobile
application
management
(MAM)
Enterprise mobility
management (EMM)
LDAP
Secure Mobile Access
Gateway
Applications
Web apps
LDAP Client/server apps
AD
File shares
RADIUS
Databases
VoIP
VDI
(EMM = MDM + MAM)
42
Confidential
SonicWALL
Mobile security — managed device
Corporate perimeter
Directories
Secure Mobile Access
Gateway
Applications
LDAP
Web apps
LDAP
Client/server apps
AD
RADIUS
File shares
Databases
VoIP
VDI
43
Confidential
SonicWALL
Mobile security — personal device
Authenticate user
Validate device ID, security
posture and mobile apps
Enforce BYOD policy acceptance
Connect only authorized apps to
VPN and resources
Corporate perimeter
Directories
Trusted User?
Trusted user
Trusted Device?
Trusted device
Trusted Mobile
Trusted mobile apps
apps?
44
Confidential
Secure Mobile Access
Gateway
LDAP
Applications
Web apps
Client/server apps
LDAP
File shares
AD
Databases
RADIUS
VoIP
Virtual desktop
infrastructure
SonicWALL
Importance of App verification
45
Confidential
SonicWALL
Secure Mobile Access solution
Enable mobile worker productivity while protecting from threats
• Provide simple, policy-enforced, per
app VPN access to permitted
resources
Mobile Connect app
• Enforce and manage mobile device
policy terms acceptance
• Authenticate user and validate app
and device integrity
• Enable secure SSL VPN connections
and granular network access
controls
Secure Remote Access appliance
• Centralize access policy
management
46
Confidential
SonicWALL
Protect from mobile threats
NGFW + SMA
Gateway
Corporate perimeter
Directories
Applications
LDAP
Web apps
LDAP
AD
Client/server apps
RADIUS
Databases
File shares
VoIP
Virtual desktop
infrastructure
•
Protects in-flight data from interception with encrypted per-app SSL VPN
connections
•
Allows access by only authenticated users and authorized mobile apps and devices
and only to permitted resources with granular network access control policies
•
Blocks malware and threats from entering your network when deployed with a
next-generation firewall to scan mobile traffic
48
Confidential
SonicWALL
Multiple layers of threat protection
Defend the endpoints
Content Filtering Client
Enforced Client Anti-Virus
& Anti-Spyware
Secure Mobile Access
Defend the gateway
Continuous
Countermeasure updates
Intrusion Prevention
Threat
Counter-intelligence
SSL Inspection
Content Filtering Service
Threat researchers
Active participant in leading
research organizations
Gateway Anti-Virus and
Anti-Spyware
Comprehensive Anti-Spam
Service
Application Intelligence,
Control and Visualization
49
Confidential
SonicWALL
50
Confidential
SonicWALL