applying next generation security principles to todays changing networks

Applying Next Generation Security Principles to Today’s Changing Networks

Confidential McAfee Internal Use Only2 Title of presentation

Every 18 Months, the Amount of Data on the

Planet Doubles

But to Your Network Team, It Probably Feels Like the Data Doubles Every Few

Weeks…


2004. No Facebook

2006: 440K salesforce.com subscriptions

June 2008 No iPhone apps

2010. Facebook: 400M+ users, 52K apps

2010: 2.1M salesforce.com subscriptions

June 2010 3 billion iPhone apps downloaded

1 Day: 148K machines infected w/ Bots (Hourly botnet rental: $9)

1 Day: 1M victims of scareware scams

1 Day: 33K+ malware samples analyzed by McAfee


2006-10 Avg GDP Growth

(USDL)

How Do These Facts Impact Us?

1%IT security

product sales growth Avg 2008-9 (IDC)

8%

2009-10 Growth, Network Security

appliances and sw (Infonetics)

10%Growth in unique malware samples,

last 6 months (McAfee)

58%

Average incidents per year, large co

(Bloor)

45

Average cost of large incident 2010,

large co (Bloor)

$772K


Key Challenges We Face in Architecting Next Generation Security

Open & Agile Networks. Targeted Threats, APTs

1.Advanced and targeted attacks

2.Insider Threats & data loss concerns, needle in haystack

3.MalApps the new reality; must detect and prevent

Operational Efficiency

1.Spending controls (Opex, Capex), resource re-allocation

2.“Enable business” (data centers, consolidation, segmentation, virtualization

3.Streamline compliance reporting

1.Apps over port 80, on- premise, SaaS, Web 2.0, lack of visibility, control

2.Consumerization of IT

3.Perimeter disappearing; Must extend trust model

4.Difficult to enforce policies


“Borderless network… Effectively extend trust

boundaries?

“100’s of new applications…

See & control use?”

“Data center project…Improve protection…

Consolidate vendors?”

“Advanced Threats (APTs, Botnets, Insider Risk)… Best practice prevention?”

Recent Customer Conversations…

“Network security shouldn’t be the ‘brakes on the car’ that hold us back…it should be like the stability control enabling us to take the twists and turns faster…but safer…

“…I need to spend time deploying more apps…not time on controlling them…”

“…For my datacenter upgrade – give me world-class protection… cut costs 40%…don’t slow me down…

“…To beat competitors to market, I want to extend trust boundaries for collaboration with partners & contractors…”

“…Advanced Persistent Threats? Show me the ‘needle in the haystack’ without human analysis…”


Conventional Approach to Network Security

Ticket Oriented Resolution Protection Focused on Identifying Attack Packets

Configuration Focused on Features Multi-Vendor Strategies

How to get to resolution? File tickets. Wait. How to protect? Find attack packets on wire

How to implement policy? Rely on product features. Defense in Depth? Manage multiple silo’d products.

101101100010010111010111100010101


Conventional Gets Obsolete Fast…How Fast We Forget…


Sometimes, Optimization is the Only Answer


Optimized Network Security Adapts to Change

11

RISK

OPTIMIZATION

Optimized spend ~4%

Very low risk

Compliant/Proactive spend ~8% of IT

budget on security

Medium risk

Reactive spend ~3% of IT

budget on security

High risk

Why has it been so challenging to reduce risk?11

DYNAMICPredictive and agile, the enterprise instantiates

policy, illuminates events and helps the operators find, fix and target for

response

Tools BasedApplying tools and

technologies to assist people in reacting faster

REACTIVE and ManualPeople only. No tools or

processes. “Putting out fires”

McAfee ePO integrated products, plus GRC and GTI

Point products for System, network

and data

• Reactive tools

• Firewalls

• Log analysis

• Trouble tickets

• Ineffective change control

• Ad hoc firewall rules

• Audit findings

REACTIVE & MANUAL

• Point products

• IDS (compliance)

• SI/EM (logs)

• Structured firewall rule management

• Standard configurations

• Distributed consoles/mgmt

• Tedious audit preparation

COMPLIANT

• Integrated tools

• IPS (threats)

• SI/EM (events)

• Automatic updates

• Automated firewall rule mgmt

• Centralized consoles/mgmt

• Streamlined compliance reports

PROACTIVE

• Multi-layered, correlated solutions

• Predictive threat protection

• Policy-based control

• Proactive management

• Extensible architecture

• Automated compliance

OPTIMIZED

New Requirements for Optimized Network Security

Ticket Oriented Resolution Protection Focused on Identifying Attack Packets

Configuration Focused on Features Multi-Vendor Strategies

Turn days of process into clicks Characterize future threats today

Focus on real organization, people, applications, usage Integrated, collaborative, easily add new capabilities

Proactive Management Predictive Threat Protection

Policy-Based Control Extensible Architecture

Consider Optimized Network Security Solutions

GLOBALTHREAT

INTELLIGENCE

ePO

NBA

Web

IPS SIA

NDLPRisk

Advisor Email

Firewall NAC

Network IPS: must be best performing

Firewall: must have next gen features

NAC: now is the time

NBA: emerging visibility tool

NDLP: more important than ever

http://nsslabs.com/SUM/mcafee-m8000-sum-q2-2009.html

http://siblog.mcafee.com/network-defense/the-mcafee-next-generation-firewall/

When OptimizedLow Effort, Low Risk

Not OptimizedHigh Effort, High Risk

Protecting Critical Data Center from ZeuS Malware

Malware infects, McAfee Labs IDs, updates website reputations…

…Threat dissected, analyzed…

…Predictive action stops threat

Malware infects websites

Malware hits network

Wait on signature

Apply signature, update signature

Future variants covered

Benefit: Protection meets (and beats) hacker’s timelines, reduces alerts

Predictive Threat Protection with NSP + GTI

Controlling Google Calendar Use Before a Merger

User directory auto-imports groups…

Profiler sees similar rule. 1 click to add. Avoid duplicate

Hours or days to review, deploy

Identify M&A team

Map users to network address

Create new rule (duplicate?)

Weeks to review, test, deploy. Repeat?

New M&A members automatically added

Benefit: No need to map network topology to user, protects critical data

Policy-Based Control with Next Gen Firewall



Blocking Bot Command and Control Traffic

Right click to get details from management console

Right click to scan and patch

Visual view of traffic and connections

See Bot activity on network

Hours: open ticket w/ system team

Days: open ticket to plan outage/upgrade

Weeks: detailed review of network events

Have a second cup of coffee

Benefit: Eliminates days and weeks of effort while improving time to resolution

Proactive Management in Action




Move Customer Portal to Cloud Data Center

User directory auto-imports groups; admins assigned to group

Create rule: use SSH only for remote admin

Future admins automatically added

A. Identify portal admins

Map users to network address

Open SSH/port 22 for services

Constantly maintain as team, network change

Benefit: No need to map network topology to user, eliminates SSH blind spot





Enabling IM, But Controlling IM Fileshare

Admin sees similar rule exists for finance

Adds all other groups to that rule with a few clicks

Bob from finance tries to upload a file. File is blocked. Bob is notified of policy

A. How would you do this today?

Benefit: Users enabled with IM, but risk reduced w/o file share; Rule reduction




ePO

Example: Extensible Management PlatformSecurity Innovation Alliance (SIA) Delivers a Rich Security Ecosystem

Associate Partner

Technology Partner(McAfee Compatible)

1919

Authenticationand Encryption Theft and Forensics

Risk and ComplianceSecurity Event andLog Management

Other Security, IT & Services

Application andDatabase Security

Single Sign-OnSIA

Example: Global Threat IntelligenceWhat it is and what it means for our customers

McAfee Labs

MFE Products

Other feeds & analysisServers FirewallsEndpoints Appliances

File Reputation Engine

Web Reputation Engine

Network Threat Information

IP and Sender Reputation Engine

Vulnerability Information

Global Threat Intelligence

NBAFirewallIPS NDLPNACRisk

AdvisorePO NSM


Optimized: Relieves Pressure Points, Reduces Risk

Network Upgrade

Next Gen Firewall simplifies policy

management, scales to 10G+

APT Threat

IPS, NBA, NTR detect

reconnaissance, anomalies, targeted

malware; NDLP finds data at risk

Vulnerability Management

IPS, Vulnerability Manager

pinpoint ‘at risk’ systems, IPS acts as

‘pre-patch shield’

Data Center Consolidation

Virtualized IPS and Firewalls collapse

security OpEx, scale to 10G+

Enabling Apps

Next Gen Firewall user and application aware, both grouped and fine grain policy

enforcement

While We’ve Been Chatting…

Our global sensor grid characterized 229 unique pieces of malicious or unknowncode, based on:

570,000 file reputation queries

460,000 IP reputation queries

69,000 attacks were stopped by McAfee IPS across all our customers

Eliminated 64 trouble tickets and 8 critical escalations for our customers

sdfafasd

applying next generation security principles to todays changing networks

Documents

mcafee slide

bloor slide

network security appliances

weeks slide

answer slide

security high risk

security medium risk

generation security