trustport - roman veleba
DESCRIPTION
TRANSCRIPT
Know what is going on in your network!
Advanced Security Network Monitoring
Cyber security situation today
2
Main targets: governments,
infrastructure, corporates,
financial institutions…
80% acts organized activity
Cyber crime – Targeted Attacks
3
- 5 Chinese military officers charged with
stealing data from six US companies
- steal blueprints, manufacturing processes,
test results, about nuclear & solar power
- periodically revisit the victim’s network over
several months
Source: The Guardian 20.5.2014
WATERING HOLE ATTACKS
-Focus on websites that employees
from targeted organizations visit
-Malware inserted to gain sensitive
information
TrustPort in a nutshell
− World most effective antivirus
− Network Behavior Analysis using
Artificial Intelligence
4
− Producer of security solutions
− Daughter of Cleverlance
TrustPort
− World most effective antivirus
Virus Bulletin RAP continuous 1st place (08/13 – 02/14)
5
Threat Intelligence overall
6
− Monitoring of network flows and
security incidents (all in one solution)
− Real time analysis of network behavior
(performance monitoring, application
awareness, bandwidth usage etc.)
− Detection of attack symptoms in
network traffic
Specific features
Network Behavior Analysis (NBA)
Signature based network analysis (IDS)
Flow based network analysis
Performance network analysis
Antivirus
Honeypots
Example – case study
The client: a European service provider
500 employees, 3 branch offices
Filling Gaps
− Detection of severe security events not detected by other
means
− Continuous affirmation that the perimeter defense is
working correctly
− Detection of anomalous and outlier network behavior
7
Example – case study
Testing of Three Competing Solutionsthree competing products:
− McAfee NTBA
− IBM Qradar
− Cisco Cognitive Analytics
Problems:
− Large data transfers
− Several serious security incidents
− Solutions did not discover any unknown threats
8
Example – case study
Deployment and Results of Threat Intelligence
− Three hardware network probes were deployed at the
three border routers
− The most serious incident discovered by TI was 10
trojanized smart phones (connected to the network
through WiFi)
− The malware was sending data (based communication) to
IP in Japan
− TI detected these Trojans mostly by recognizing repetitive
behavioral patterns (machine behavior different v human)
− Detected in first 15 mins after implementation
9
Results
− Tested for six weeks
− reports were analyzed by TP
− results were handed over to the client
− the solution was fully deployed
− client's network personnel was trained
− high detection capabilities of TrustPort Threat Intelligence
− high value for money
− an intuitive user interface
− the integration of IDS
10
Example – case study
11
NBA Detection Core
Why TI?
12
− All in one solution
− High sensitive protection (zero day, APT’s etc.)
− Adaptive detection (latest detection methods)
− Fast Detection (unknown attacks 1-2 min)
− Machine Learning (Self configuration during the first 24
hrs.)
− Easy deployment (in hours, easy deployment, most
networks)
− Most detailed NBA (frequency characteristics analysis)
− Most advanced AI (winners of NIST challenge)
− Intuitive GUI (program designed from past experience)
13