Optimizing Network Security

Greg BrownMcAfee Network Defense

Today’s Environment

Internettwitter

facebookWeb 2.0

ERP

CRM SaaSOrganizedHackers

TargetedAttacks Bots

Today’s Environment

Internettwitter

facebookWeb 2.0

ERP

Salesforce SaaSOrganizedHackers

TargetedAttacks Bots

Fragmented technology management

Multi-product solutions(NAC, Data Protection)

Compliance requirements

Increased operational cost Data and productivity risk Reduced business agility

Complexity Impact

A Better Way

• Security technology worked together seamlessly

What if…

4

• Threat protection was prevalent throughout your network

• Investigation escalations could be simplified

• Compliance was a natural result of your security investment

• Security could reduce your operating costs

Security Management Platform

System

Sustained Compliance

Global Threat Intelligence

Security Innovation

Alliance (SIA)Network

Network

Optimized Security Architecture

Network

McAfee Network Security Portfolio

• Comprehensive threat/vulnerability protection

• Enabled by Global Threat Intelligence

• User-aware policy controls

• Flexible policy definition

• Compliance monitoring

• Common Management framework

• Optimized workflow

• Role-based administration

Protection Policy Management Platform

• High performance• Scalability• Enterprise-class

reliability• Flexible delivery

(appliance, blades, virtual)

Network

McAfee Network Security Portfolio

Internet Gateways

NetworkDefense

IntrusionPrevention NAC

UTM

FirewallUserBehavior

DLPEmailWeb

Every Day is Day Zero

• Over 1,200,000 malware detections identified in first half 2009

• 80% of malware is obfuscated with packers and compression technologies

• Password stealing Trojans increased 225% in 2007

• 80% of attacks financially motivated; up from 50% two years ago

# of Threats

Being prepared requires continual research on a

global scale

78,381271,197

1,500,000

1,200,000

0

200,000

400,000

600,000

800,000

1,000,000

1,200,000

1,400,000

1,600,000

2006 2007 2008 1H 2009

Global Threat IntelligenceUnique to McAfee

System Network

Security Management Platform

Automated Compliance

Global Threat Intelligence

Most Comprehensive NetworkSecurity Research

System

Automated Compliance

Network

Global Threat Intelligence

Security Management Platform

WebSecurity

Research

McAfeeCustomers

MalwareResearch

EmailSecurity

Research

NetworkSecurity

Research

RegulatoryComplianceResearch

VulnerabilityResearch

Global Threat Intelligence Technology Capabilities

• Protocol definition/behavior/ reputation

• Network attack definitions

• Phishing/Malware

• Protocol definition/behavior/ reputation

• Network attack definitions

• IP reputation• Anti-Malware

• Protocol definition/behavior/reputation

• Vulnerability assessment

• Anti-malware

IntrusionPrevention NAC

UTM

FirewallUserBehavior

DLPEmailWeb

• IP/URL reputation• Spam profiles• Anti-malware

• IP/URL reputation• Content based

malware• Exploits

• IP/URL reputation• Spam profiles• Network attack

profiles• Anti-malware

Global Threat IntelligenceZero Day Response Environment

Internet

BOTSGotyou.com

Firewall - IPS

Email Gateway

Web Gateway

1. New phishing email on webmail

2. User clicks

3. Malware detected even without a signature

Global Threat IntelligenceZero Day Response Environment

InternetGlobal ThreatIntelligence

BOTSGotyou.com

Firewall - IPS

Email Gateway

Web Gateway

4. Samples Fingerprinted5. Attributes analyzed in real time

6. Reputations and Signatures Updated

Security Management

Network Security sees BOT instruction channel

activity

Incident Investigations

Calls local sysdmin to have system diagnosed

Leaves voicemail.Leaves voicemail.

Leaves voicemail.

“Got your message. I am in the middle of a critical database upgrade. I’ll check

into it ASAP.”

And the process repeats with each new incident

McAfee ePolicy OrchestratorOptimizes Your Security Architecture

WebSecurity

Research

McAfeeCustomers

MalwareResearch

EmailSecurity

Research

NetworkSecurity

Research

RegulatoryComplianceResearch

VulnerabilityResearch

Security Management PlatformCommon Reporting/Status Common Information Base Automation and Workflow

Global Threat Intelligence

System Network

Automated Compliance

Automation and Workflow

Incident Identified

Network IPS

Adminstrator sees Bot instruction channel being

blocked by IPS

Automation and Workflow

System Health

VulnerabilityManager

Gets health and security info about the source from ePO

System flagged for remediation

Automation and Workflow

Scope of the Incident

To see who they haveexchanged data with Network User

BehaviorePO Vulnerability

Manager

Automation and Workflow

Data at Risk

And see what data was potentially impacted Network User

BehaviorNetwork DLP

Capture

Management IntegrationTurns Days into Clicks

Confidential McAfee Internal Use Only

Comprehensive Security Portfolio

Global Threat Intelligence

Common Management Framework

Firewall/UTM

Intrusion Prevention

UBA

NAC

Email Security

Web Security

Network DLP

Best in Class Partial None/inferior

Analysts Agree: McAfee LeadsA

bilit

y to

Exe

cute

E-mail

Web IPS

Web

E-mailDLP

Gartner Forrester

Niche Players Visionaries

Challengers Leaders

Completeness of Vision

Strategy

Cur

rent

Offe

ring

LeadersStrong Performers

Firewall

Industry Quotes

“Organizations must take a more unified approach to security.The days of managing network defense, Web and messaging security and data security as separate activities simply won’t succeed in today’s economic and threat environment. Effective Network Security must have global intelligence and must be integrated into the broader organizational security management infrastructure. For the next three to five years, reducing cost of ownership will drive security investments.”

Chris Christiansen, Vice President, Security Practice, IDC

Industry Quotes

“The opportunity for customers to save money and improve protection is incredible. McAfee has taken leading products and bundled them in a way that can fundamentally change the customer’s economics. With Web 2.0 threats growing, this provides us with a compelling value proposition for our customers.”

Douglas Hollenshead, President and CEO, Future Com

County of Orange, California

• Brittle, sprawling, aging firewalls• Increasing malware risks• High compliance bar• Extreme budget pressures

Challenge

24

• Consolidated 57 firewalls to 8 McAfee Firewall Enterprise (Sidewinder) • Replaced existing mail and Web with McAfee Mail Gateway (Ironmail)

and Web Gateway(Webwasher)

Evaluated each Product Category Standalone

• Reduced infrastructure change time from 45 days to 4. • Met all outbound compliance and reporting requirements• Estimated taxpayer savings of $42K/day!

Benefits from Single-Vendor Solution

County of Orange, California

25

“In four years we haven’t had an outbreak or a breach. {With Secure Computing} they got stopped at our edge …other counties called us and said, “Why? What did you do different than we’ve done? Because we got infected…”

Tony Lucich, CISO

Adena Health Systems

• Detect and block malicious traffic from outside the firewall• Protect 100 servers, 1,700 workstations, and highly

specialized medical applications• Reclaim network bandwidth

Challenge

26

• Delivered complete perimeter protection for a large, regional network• Immediately identified malicious traffic• Reduced the cost of protection while simplifying management• Scaled easily to meet network growth

Benefits of McAfee Network Security Platform

Adena Health Systems

27

Summary of Financial Results Risk-Adjusted

Return On Investment (ROI) 142%

Payback Period Within 5 Months

Total Costs (Present Value) ($244,659)

Total Cost Savings and Benefits (PV) $593,276

Total (Net Present Value $348,617

Adena Health Systems

28

“McAfee Network Security Platform …has been running without a problem since it was installed. Its functionality is fully deployed …We’re very happy with McAfee Network Security Platform.”

Brian Young , Sr. Network Security & System Administrator

Your Opportunity

29

• Enhance your business agility• Improve your network protection

• Improve security responsiveness•Enhance the ROI of your security investments

See how McAfee can…

• Face to Face demo with a product specialist

• Scope a solution for your environment

Learn more about the products

Product Features and Benefits

IntrusionPrevention NAC

DLP

FirewallUserBehavior

UTMEmailWeb

McAfee Firewall Enterprise Appliance

Firewall

• Comprehensive, high performance firewall• Robust central management• Fully integrated anti-virus, URL filtering, SSL

decryption and on-firewall IPS• Reputation-based filtering• Virtualized and rugged deployment options

• Streamlined firewall management processes • Improved protection through reduced attack surface\• Improves responsiveness to emerging business needs

Customer Benefits

McAfee Network Intrusion Prevention

IntrusionPrevention

• Award-winning, network-class protection for absolute security confidence

• 10-Gigabit Ethernet performance• Real-time risk-aware IPS• System-aware IPS with McAfee ePO™ integration• Dynamic network access control

• Improved network availability and performance• Stream-lined security management processes through

ePO integration• Reduced risk and cost associated with patching cycles

Customer Benefits

McAfee Network Access Control Appliance

NAC

• Access Protection for Unmanaged Endpoints• Tightly integrated with ePO for Managed Endpoint

NAC• Identity-based access control• Comprehensive post-admission control• Network class reliability and availability

• Flexible deployment and policy definition• Reduced risks from guest and infected systems• Reduced cost of management and administration

Customer Benefits

McAfee Network User Behavior Analysis

UserBehavior

• Real-time, enterprise-wide visibility of user activities• Intuitive interface instantly pinpoints most relevant

user behavior• Out of band deployment gives visibility with no risk• Integrates with existing infrastructure (user

directories, network & flow data) for seamless adoption

• Minimize IT and business risks• Unparalleled visibility for compliance• Optimization of security investments

Customer Benefits

McAfee Web Gateway

Web

• Next Generation Web 2.0 security proxy• Enables Safe Secure Web access• High Performance: robust, enterprise class

proxy cache• Enables Productive use of Web 2.0 applications

• Protects against Web 2.0 blended and targeted malware attacks

• Flexible policy and scalable reporting to enable compliance

• Flexible and agile deployment to fit any infrastructure

Customer Benefits

McAfee Email Gateway

Email

• Inbound Protection against spam, email-borne threats and malware

• Outbound Protection – Complete DLP and Advanced Compliance included; integrated encryption

• Administrative Empowerment – Flexible policy creation and robust reporting

• Reduce costs associated with spam and email-borne malware

• Stop data leakage via email• Comply with regulations requiring email security

Customer Benefits

McAfee Network Data Loss Protection

DLP

• Complete Protection for data at rest and in motion• High Performance: 2-3x faster than the competition• Fast Deployment• Low Cost: Appliance form-factor removes need for

expensive servers and databases

• Universal DLP protects data everywhere• Easy to own/deploy appliances, no complexity• Integrated incident management and enterprise-

wide reporting and monitoring

Customer Benefits

McAfee Email and Web Gateway

• Reduces cost and complexity• Simplifies email and web controls• Removes barriers to improving security

Customer Benefits

• Integrated email and web protection• Enterprise-class security • Inbound and outbound traffic inspection• Packaged for medium to small businesses

Email/Web

McAfee UTM for SMBs and Branch Offices

UTM

• Consolidated technologies within one interface - simple• Protection for every threat vector• Cost: More value for the customer’s money

Customer Benefits

• Leverage enterprise-class technology packaged for the SMB

• No nickel and diming - Includes reporting, and unlimited user and VPN licensing

• Only SMB multi-function firewall withglobal reputation

• Support: One year 24/7 included

Confidential McAfee Internal Use Only

Security Management Comparison

Global Threat Intelligence

Common Management Framework

Firewall/UTM

Intrusion Prevention

UBA

NAC

Email Security

Web Security

Network DLP

Best in Class Partial None/inferior

Total Protection

for Gateway

Total Protection

for Network

Unified Management and Threat Intelligence

Executive Threat Deck

43

4,500

3,500

0

2,500

1,500

Jul Aug Sep Oct

Unique Koobface Binaries Discovered

4,000

3,000

2,000

1,000

NovDec Jan Feb Mar Apr May Jun20092008

500

Malware Writers Love Facebook

18

14

0

10

6

Oct

Last 2 Years in Messaging

16

12

8

4

Nov Dec

2008

B

2

Jul SepAug

2008 2009

Jan Feb Mar Oct Nov DecApr May Jun Jul SepAug Jan Feb Mar Apr May Jun Jul

Amount of HamAmount of SpamTotal Messaging Volume Percentage Spam

100

0

80

60

40

20

%

Spam at a New All-Time High

350

250

0

150

50

1997 1998 2008 2009

MS Vulnerabilities

300

200

100

2006 20072004 20052002 200320011999 2009

Overall and Microsoft Vulnerability Growth

7000

5000

0

3000

1000

1997 1998 2008 2009

Yearly Vulnerability Count

6000

4000

2000

2006 20072004 20052002 200320011999 2009

Overall and Microsoft Vulnerability Growth

47

fg

Valued Customers