fortify your network securitypages.accudatasystems.com/rs/729-xkh-207/images... · risks we needed....
TRANSCRIPT
©Accudata Systems, Inc. 2016
Fortify Your Network Security
Presenter: Michael J. Knapp | Forcepoint
©Accudata Systems, Inc. 2016
PIONEERING TECHNOLOGY
©Accudata Systems, Inc. 2016
MEET OUR SPEAKER
Michael J. KnappDirector, Network Security Architecture for the Americas
and Office of the CISO
Copyright © 2016 Forcepoint. All rights reserved. | 4
THE PROBLEM WE ARE FACING
Organizations continue to struggle with staying out of the newspaper headlines and with the ever-changing threat landscape. Even with increased security spending, the number of incidents and public disclosures are still coming in at an alarming pace. So how do organizations cope with these threats and the challenges that they face from BYOD, virtualization, Cloud, SDN, demanding users. What are we doing wrong?
Copyright © 2016 Forcepoint. All rights reserved. | 5
OUR FOCUS FOR TODAY
PEOPLE PROCESS POLICY PRODUCTS
Copyright © 2016 Forcepoint. All rights reserved. | 6
PEOPLE : THE CHALLENGE
People are Our Greatest Asset, but are also one of Our Greatest Threats…
Life for Security Teams would be easy if we didn’t have employees. Since that’s not possible, we need to find a way to best mitigate risk to our organizations.
Verizon 2016 Data Breach Investigations Report
Copyright © 2016 Forcepoint. All rights reserved. | 7
PEOPLE : THE SOLUTION
Change for any Organization must start at the top… Even the best IT & Security teams will fail without complete support from their Executive Staff. The solution often requires a shift in Security Culture in order to be effective.
Instill the idea that every Employee is a member of the Security Department.
Train all employees from the Boardroom to the Call Center about security; after all
security is only as good as the weakest link.
Use analogies when describing security principles and avoid technical jargon, which is
easier for employees to relate to.
Create a collaborative approach to Security in which various groups within the
organizations can offer up ideas on improving security.
Copyright © 2016 Forcepoint. All rights reserved. | 8
PROCESS : THE SILO EFFECT
Audit &Compliance
OperationsTeam
SecurityTeam
NetworkTeam
Copyright © 2016 Forcepoint. All rights reserved. | 9
"Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime.
"Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off," said Kevin Haley, director, Symantec Security Response.
"We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams."
PROCESS : IMPORTANCE
Copyright © 2016 Forcepoint. All rights reserved. | 10
In nearly every Security Breach that has occurred in the last 5 years, there was an example of someone failing to follow a process or a process that wasn’t updated, which ultimately led to the incident.
Building out a comprehensive, living, process that is followed by the organization for day-to-day activities and during emergency situations is imperative. This allows teams to adapt to changes in the threat landscape and to test their processes against new threats to find weaknesses.
We often take for granted that individuals know what actions to take for any given scenario. What most organizations find out, though, is that out-of-band changes, including those during duress, often leave undesirable residual changes in the environment, which can later be exploited.
PROCESS : DEFINE A LIVING PROCESS
Copyright © 2016 Forcepoint. All rights reserved. | 11
Make sure that when you are building out your processes that you choose tools that allow you to build a culture of cooperation. Most products were designed for a singular purpose and don’t cross the Silo boundaries.
Some tools provide the foundation necessary to bring groups together across these silos. Multi-tenancy within the management system with full Role Based Access Controls (RBAC) are a great way to bring the teams together. This allows organizations not only to reduce complexities, but reduce spend and converge numerous disparate platforms.
PROCESS : MAKE SURE YOUR TOOLS BUILD COOPERATION
Anti-evasion
Anti-virus & Anti-Spam
Application Visibility
URL Filtering
IPsec VPN &SSL VPN
Intrusion Prevention& Deep Inspection
High Availability &Clustering
Stateful FirewallRouting
3rd Party Events &Monitoring
Copyright © 2016 Forcepoint. All rights reserved. | 12
POLICY : CANNOT BE AN AFTERTHOUGHT
The Policy is where People, Process, and Controls all converge. It is one of the most basic compensating controls that’s generally under utilized and often ignored…
Historically, this is because IT lacked the ability to put in place granular controls to enforce a policy element. As a result, policies that were created were very basic and did not have adequate enforcement.
Put some teeth back into IT Security by building, and enforcing, a comprehensive security policy.
Copyright © 2016 Forcepoint. All rights reserved. | 13
POLICY : CANNOT BE AN AFTERTHOUGHT
“UNDERSTANDINGWHAT DATA SETSWERE IMPORTANTTO THE COMBINED
COMPANY, ANDIDENTIFYING WHERE
THEY WERE ANDWHAT CONTROLSWERE IN PLACE
TO PROTECT THEMGAVE US A BETTER
VIEW OF WHATRISKS WE NEEDED
TO ADDRESS.”
- DAVE BARTONFORCEPOINT CISO
Organizations should start with a policy structure that aligns to their business. Once the initial policy is deployed, leverage your technology investments to identify new trends.
Understand why something is happening
Implement Controlsto curb behaviors & mitigate risk
Copyright © 2016 Forcepoint. All rights reserved. | 14
PRODUCTS : VENDORS HAVE NOT BEEN HELPING
Audit &Compliance
OperationsTeam
SecurityTeam
NetworkTeam
Copyright © 2016 Forcepoint. All rights reserved. | 15
PRODUCTS : SOLVING THE VENDOR CHALLENGE
Audit &Compliance
OperationsTeam
SecurityTeam
NetworkTeam
Copyright © 2016 Forcepoint. All rights reserved. | 16
PRODUCTS : SOLVING THE VENDOR CHALLENGE
Audit &Compliance
OperationsTeam
SecurityTeam
NetworkTeam
++++
Optimize Organizational Spending and Integrate Solutions for Automation + Efficiency
Instead of purchasing project specific products, invest in Outcomes.
Copyright © 2016 Forcepoint. All rights reserved. | 17
PRODUCTS : MASTER THE ART OF INTEGRATION
Leverage the capabilities of your network. Most organizations only use a small subset of capabilities that are available. Make sure that you tie the best of what they offer with other systems.
Your Security Vendor is not sitting idle. They are constantly innovating, and so you need a process/plan on adopting the new technologies and integrating it with other platforms.
When used in conjunction, your controls can move from intrusive to empowering. If you understand how to leverage what one product does into workflows for others, it’s a game changer.
Even if an organization has written policies, we must enforce them using technical controls in an automated fashion. For enhanced user experience, you can integrate with other controls, such as MDM.
Making changes manually introduces risk to organizations. Many products can natively integrate via APIs, but organizations should also invest in Security Policy Management technology to prevent drift from baseline policies.
Copyright © 2016 Forcepoint. All rights reserved. | 18
PRODUCTS : FOCUS ON THE OUTCOME
Device AttemptsTo Connect
Device isAuthenticated
NGFW ControlsAccess
Critical Servers& Assets
InternetEmployee
Mobile Device
Define Desired Outcome: Differentiated Access for devices based on user, type of device, location, and time of day, all completed with the user not being prompted for credentials each day.
Map the logical workflow out using your technical controls and capabilities.
Pilot, listen to feedback, tweak, and test again…
Then deploy…
Copyright © 2016 Forcepoint. All rights reserved. | 19
PRODUCTS : FULLY LEVERAGE YOUR INVESTMENTS
EmployeeMobile Device
Device AttemptsTo Connect
Device isAuthenticated
NGFW ControlsAccess
Critical Servers& Assets
Internet
Copyright © 2016 Forcepoint. All rights reserved. | 20
PRODUCTS : FULLY LEVERAGE YOUR INVESTMENTS
Understand the
Value that your investments can provide you.
Copyright © 2016 Forcepoint. All rights reserved. | 21
PRODUCTS : ASK QUESTIONS - AVAILABILITY & SCALABILITY
Native Active-Active clustering
v5.8
v5.7
v5.6
Unique clustering features:Different firmware versions
Different appliance models and software on COTS hardware
Up to 16 active-active nodes in a cluster
StonesoftNext-Generation Firewall Cluster
Updates
Node 1: NGF-3206
Node 2: NGF-1402
Node 4: NGF-325
Node 3: Software
Node 5: SoftwareOperational benefits:Seamless upgrades and updates
with no traffic interruptions or change windows required
Fully transparent failover practically eliminates unscheduled downtime
Copyright © 2016 Forcepoint. All rights reserved. | 22
Worldwide Sales Conference 2016, Proprietary & Confidential | 22
Network resiliency and cost savings
Multi-LinkBusiness Continuity
• Transparent failover• Load-balancing
or back-up links• Security
Augmented VPNFlexibility
• Supports multiple accesstechnologies
• QoS support • Optimize bandwidth usage
Alternative to MPLSCost Savings
• Provider and technology independent
• Add bandwidth easily
ISP 1
ISP 2
ISP N
Multi-LinkIPsec VPN
Cable
3/4G DSL 1
DSL 2
MPLS
RegularTraffic &Back-up
links
Critical Traffic
Up to 90%Savings on
MPLS costs
PRODUCTS : CONNECTION HIGH AVAILABILTY & SCALABILITY
Copyright © 2016 Forcepoint. All rights reserved. | 23
Data Center 1
Management (A)Office 2
Office 3
Logging
SIEM
Data Center 2
Management (S) Logging
SIEM
Man
agem
ent
Rai
l
Management Console
Advanced ThreatDefense
Advanced ThreatDefense
DC Internet Edge
DC Internet Edge
3rd Party Threat Intelligence
Threat Intelligence
Office 1998
Office 1999
Office 2000
Managed Services
Zone 5 : VLAN 5xx
Office 1
Zone 1 : VLAN 1xx
Zone 2 : VLAN 2xx
Zone 3 : VLAN 3xx
Zone 4 : VLAN 4xx
802.
1Q T
runk
(ZO
NES
)
MPLS
Internet
Centralized ManagementThe NGFW platform supports up to 2,000 NGFW appliances being managed from the same console. While all the devices can have the exact same configuration if desired, the platform also supports hierarchical policies and even multi-tenancy. This allows organizations incredible flexibility in how they deploy the technology in their environment and can adjust quickly to change.
All services including rules, IPS settings, Antimalware, etc are all centrally controlled and can be selectively enabled over time as desired. The management platform also supports geographic dispersed high availability deployments.
PRODUCTS : THE BENEFIT OF GOING ALL IN
Copyright © 2016 Forcepoint. All rights reserved. | 24
PRODUCTS : FULLY LEVERAGE YOUR INVESTMENTS
Stonesoft NGFW provides control of over 2,200+ apps
Stateful FW
Source IP Source Port Destination IP Destination Port Service
10.20.1.143 12244 16.82.43.5 80 HTTP
10.20.1.143 12371 48.33.1.43 80 HTTP
User Group Source IP Source Port DestinationIP
Destination Port Application Service
Stonesoft NGFW Charlie / Sales
Susan / Marketing
Charlie Sales 10.20.1.14 12244 16.82.43.5 80 Skype HTTP
Charlie Sales 10.20.1.14 22411 62.12.143.5 80 Facebook Chat HTTP
Susan Marketing 10.20.1.15 13221 62.12.143.5 80 Facebook Chat HTTP
Charlie Sales 10.20.1.14 22411 122.42.88.4 80 Angry Birds HTTP
Copyright © 2016 Forcepoint. All rights reserved. | 25
ENABLING MAJOR BUSINESS VALUES
IDC TCO Report Findings
Stonesoft NGFW Business Value Highlights
527% $5.3M 6Months
84% 30%94%
Key Performance Improvements Realized fromCustomers Who Deployed Stonesoft NGFW
Copyright © 2016 Forcepoint. All rights reserved. | 26
OUR FOCUS FOR TODAY
PEOPLE PROCESS POLICY PRODUCTS
©Accudata Systems, Inc. 2016
281.897.5000 | 800.246.4908 | www.accudatasystems.com
QUESTIONS?
©Accudata Systems, Inc. 2016
281.897.5000 | 800.246.4908 | www.accudatasystems.com
START FORTIFYING YOUR NETWORK
SCHEDULE A COMPLIMENTARYCONSULTATION WITH ONE OF OUR
ADVISORS.
EMAIL: VID SISTA, PRACTICE [email protected]