Upload File

breach detection systems: what are they and do you need one?

  • Home
  • Technology
  • Breach Detection Systems: What Are They and Do You Need One?
13
BREACH DETECTION SYSTEMS: WHAT ARE THEY AND DO YOU NEED ONE? NSS Labs Research October 7, 2015 Jason Pappalexis, Research Director Andrew Braunberg, Research VP Thomas Skybakmoen, Research VP

Upload: nss-labs

Post on 15-Apr-2017

354 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: Breach Detection Systems: What Are They and Do You Need One?

BREACHDETECTIONSYSTEMS:WHATARETHEYANDDOYOUNEEDONE?

NSSLabsResearchOctober7,2015

JasonPappalexis,ResearchDirector

AndrewBraunberg,ResearchVP

ThomasSkybakmoen,ResearchVP

Page 2: Breach Detection Systems: What Are They and Do You Need One?

Slide2

Agenda

•  BDSDefiniJon• Market•  ArchitecturalOverview•  TesJng•  Methodology•  Results

•  ProductMaturity•  BDS:WorththeInvestment?• Q&A

Page 3: Breach Detection Systems: What Are They and Do You Need One?

Slide3

BDSDefinedThreeKeyCharacteris.cs

1. Aproductorservicedeployedoutofband2. VarietyofdynamicdetecJontechniques

•  Lookingforpreviouslyunknownand/orhighlytargetedmaliciouscontent

3. IdenJtyindicatorsofcompromisesthatalerttoanexisJngbreach

MalwareidenJficaJon(signatures,heurisJcs,or

both)

Networktrafficanalysis(flowmonitoring,

contentanalysis,orboth)

Sandboxingthatmodelsinternal

systems(workstaJonsandservers)

BrowseremulaJon

ReputaJon

DynamicDetec.onTechniques

Page 4: Breach Detection Systems: What Are They and Do You Need One?

Slide4

StateoftheMarket(CY2014)

• MarketSize•  $714Min2014•  $1.1Bin2015(NSSest.)

• Currentbuyers•  LargeEnterprisemadeup85%ofsalesin2014

• Evolvingmarketrequirements

FireEye49%

Others24%

Fidelis15%

PaloAltoNetworks

7%

BlueCoat5%

Page 5: Breach Detection Systems: What Are They and Do You Need One?

Slide5

ThreeKeyMarketDrivers

1.   Securityeffec.veness•  BestchanceofdetecJngazeroday

2.   TimetoDetec.on•  “Malwareresearchteaminabox”working24/7/365

3.   ImprovedForensics•  “SmokingGun”enablespromptandaccurateincidentresponse

Page 6: Breach Detection Systems: What Are They and Do You Need One?

Slide6

• Deploymentop.ons• Complexity• Protocolsupport• EndpointversusNetwork• Dynamicanalysis•  Sandboxes,emulaJon,virtualizaJon•  OSsupport(sandboxes)

Architecture&Deployment

Page 7: Breach Detection Systems: What Are They and Do You Need One?

Slide7

World’sLeadingSecurityTestingFacility

LargestlivetesJngharnessintheworld

3TbpsrealworldtraffictesJngcapacity

RichestmulJ-vendortestinfrastructure

$30Milliondatacenterinvestment

Network,endpointandcloudtestexperJse

2MillionHrsaccumulatedtest

experience

Page 8: Breach Detection Systems: What Are They and Do You Need One?

Slide8

SecurityEffectivenessTesting

Exploits EvasionsMalware Stability&Reliability•  Social•  Drive-By

•  HTTP•  Email(IMAP/SMTP)

•  SMB

•  Packers•  Compressors•  VirtualMachine•  Sandbox•  HTMLObfuscaJon

•  LayeredEvasions

•  DetecJonunderExtendedAiack

•  ProtocolFuzzingAndMutaJon

•  PersistenceofData

Data from BDS 2.0 Group Test

Page 9: Breach Detection Systems: What Are They and Do You Need One?

Slide9

PerformanceTesting

UDP HTTPCapacityMaxCapacity RealWorldTrafficMixes•  64to1514BytePackets

•  MaxconcurrentTCPconnecJons

•  MaxTCPconnecJonspersecond

•  MaxHTTPconnecJonspersecond

•  NoTransacJonDelays

•  WithTransacJonDelays

•  EnterprisePerimeter•  EducaJon

Data from BDS 2.0 Group Test

Page 10: Breach Detection Systems: What Are They and Do You Need One?

Slide10

GroupTestResults•  Security

•  SecurityEffecJveness51.8%to99.2%

•  AverageSecurityEffecJvenessRaJng86.8%

•  EvasioneffecJveness87.1%to100%

Data from BDS 2.0 Group Test

•  Performance•  Throughput750Mbpsto4.583Gbps

•  TotalCostofOwnership•  3YearTCOrangedfrom$68,922to$448,793•  Average3yearTCOwas$277,349

Page 11: Breach Detection Systems: What Are They and Do You Need One?

Slide11

BDS:WorththeInvestmenttoYou?

•  Architecturallycomplex•  OnenrequiremulJpledevicestoscandiversetraffictypes

•  PerformanceissueswilleventuallydrivemanyBDS’stothecloud•  Notdesignedtoperformatlinerate•  Sandboxlifecyclemanagement•  Sandboxevasions•  Totalcostofownership•  Agents•  Requireadultsupervision

Nosecurityproductiswithoutlimita3ons

Page 12: Breach Detection Systems: What Are They and Do You Need One?

Slide12

In-DepthResearch

•  MarketAnalysis

•  BuyersGuide

•  CompanyReports

TechnicalBriefs

TestReports

ComparaJvesReports•  SecurityValueMap

•  TCO•  Security•  Performance

ProductTestReports

Page 13: Breach Detection Systems: What Are They and Do You Need One?

Slide13

Ques.ons?


Breach, breach, breach…

Breach Detection: What you need to know....Breach Detection: What You Need To Know 4 WhitepapereBook From Computer Games to War Games Hacking used to be a game: an opportunity for

Does Australia Really Need Mandatory Data Breach Notification Laws ... · Does Australia Really Need Mandatory Data Breach Notification Laws – And If So, What Kind? SARA M *SMYTH

Breach Detection: What you need to know. · Breach Detection: What You Need To Know 4 WhitepapereBook From Computer Games to War Games Hacking used to be a game: an opportunity for

The Ponemon Institute on Data Loss / Breach Solutions: The Market Need and Solution Requirements

Lastline Breach Detection Platform - Abbakan€¦ · malware behavior and is also the hardest for evasive malware to circumvent. The result is the successful detection of malicious

THE NEED HUNTING DOWN FOR SPEED AND FIGHTING … · AND FIGHTING AGAINST EMERGING CYBER THREATS. 1 ... the latest Verizon Data Breach Investigations ... executivesummary/es_2013-data-breach-investigations_

Timeline of a Breach: How to Improve Detection and Response · Timeline of a Breach: How to Improve Detection and Response Hosted by Chip Witt - Head of Product Strategy, SpyCloud

Stop the Breach or Spot the Breach? - New Net Technologies › whitepaper › It_all_CLICCs_int… · necessary for breach detection. But how can this be provided without overloading

Need for Regular Functional Testing of Portable Gas Detection

Download the Replay - FairWarning® Privacy Breach Detection

EXP-W01 Assume Breach - RSA · PDF filePerforms BigData analysis for ... Prove need for Assume Breach ... priorities, & investment needs Model real-world attacks Identify gaps in security

Stealthwatch - Cisco · Network threats are getting smarter Industry average detection time for a breach Industry average time to contain a breach Average cost of a data breach Motivatedand

High-fidelity Breach Detection with Acalvio Autonomous ... › hubfs › images › LabReports › ... · Early detection—The moment an attacker engages with a deception is the

changed - What you need to knowchanged - What you need to know Jeff Grady, HCISPP ... •Breach Notification Threshold Standard Lowered ... triggered by the breach • Fines and penalties

Infographic on why you need CARM when’a cyber breach take place

Point-of-Need DNA Testing for Detection of Foodborne

Does Australia Really Need Mandatory Data Breach Notification Laws – And If So, What Kind? Sara M Smyth

Системы Breach Detection - вебинар BISA

Global Guide to Data Breach Notifications, 2013 · notify a data breach to the competent national authority within 24 hours after detection of the breach. If it is not feasible to

Prepare for the inevitable. Respond to evolving threats ...v2.itweb.co.za/.../Deloitte_whitepaper_Staying_ahead_of_cyber_breac… · Breach detection, incident response and management

DEVNET-1158Cognitive Threat Analytics - Behavioral Breach Detection & Security Intelligence Interchange via TAXII/STIX API

Threat Detection Evolution: What Practitioners Need to Know · Threat Detection Evolution: What Practitioners Need to Know Version 1.5 Released: July 28, 2015 Securosis, L.L.C. 515

Breach Detection Systems Buyers Guide

GFI White Paper Why you need an email exploit detection engine · PDF fileWhy you need an email exploit detection engine ... engine works like an intrusion detection system (IDS) for

Kosi embankment Breach in Nepal: Need for a paradigm Shift ... Embankment Breach in Nepal.pdf · Special article 70 february 7, 2009 EPW Economic & Political Weekly Kosi embankment

© Copyright SonicWALL · 소닉월의멀티엔진중하나인Lastline은2016년NSS LABS Breach Detection Systems (BDS) 부분에서최고의 탐지율을보여우수한APT 탐지성능을확인

SonicWall 2017 Annual Threat Report FINAL2...4 2017 SonicWall Annual Threat Report As cybersecurity enters a new era of automated breach prevention, not just breach detection, security

How Machine Learning is Changing the Game in Breach Prevention › wp-content › uploads › 2017 › 06 › ... · Sandboxes, Intelligence Feeds, and Breach Detection Systems will

Taking a customer-centric approach to a data breach ......Once the data is gone, it's the customers who need protection 04. Pre-breach: preparing for the inevitable 07. Post-breach:

Breach Detection: What you need to know.€¦ · Digital Data: The New Competitive Advantage Every enterprise has high-value information vital to its success. As cyber-attack techniques

Hillstone I-Series V2.1-PT€¦ · Hillstone I-Series Server Breach Detection System(sBDS) I-2850 TM Phone: 1-800-889-9860 O Hillstone Server Breach Detection System (sBDS) adota

Project Blackfin: Automated Breach Detection Using

Augmenting Netflow with the Honeypot Data for Internal Breach Monitoring and Detection

Cyber Risk: How the 2011 Sony Data Breach and the Need for