1 / 17

Next-Generation Endpoint and Server Security

Next-Generation Endpoint and Server Security. Real-time monitoring and protection for endpoints and servers. Acceleration of Intellectual Property Loss: Significant Breaches of 2012. Oct. May. Sept. Aug. Mar. Feb. Apr. May. Aug. Oct. Mar. Apr. July. Jan. Jun. Jun. Sept. July.

dwight
Télécharger la présentation

Next-Generation Endpoint and Server Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next-Generation Endpoint and Server Security Real-time monitoring andprotection for endpoints and servers

  2. Acceleration of Intellectual Property Loss: Significant Breaches of 2012 Oct May Sept Aug Mar Feb Apr May Aug Oct Mar Apr July Jan Jun Jun Sept July Jan Nov Feb

  3. NY Times article – posted 2/20/2013

  4. Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook) • Palo Alto Networks put out a study recently finding: • Attackers have shifted from email exploits to web-based exploits • Web pages load instantly and can be tweaked on the fly versus waiting for email attack to work • 94% of undetected malware came from web-browsers or web proxies • 95% of the FTP based exploits were never detected by anti-virus • 97% used non-standard ports to infect systems • Palo Alto recommends the following: • Investigate unknown traffic • Restrict rights to DNS domains • Real-time detection and blocking • More fully deployed antimalware technology

  5. Have Hackers invented something earth shattering? USA Today on 3/27/13 by Geoff Collins • Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes. • But consider this: a vast majority of hacks are stunningly simple to deflect with 4 simple steps • president of product management at 1E

  6. So what ARE the four simple measures? • First is "Application white-listing," which allows only authorized software to run on a computer or network. • Second is very rapid patching of Operating Systems. • Third is very rapid patching of software • The fourth is minimizing the number of people on a network who have "administrator" privileges • Can also limit which applications can be installed

  7. Java Problems

  8. Let’s summarize the threat scape……. Laptops Results Have the #1 and #2 most vulnerable applications running Java Adobe Access networks and servers Leave the perimeter regularly with no control of usage Use a security tool that looks for known bad and is minimally effective Threat of stolen IP Credentials taken Servers brought off line Websites hacked and altered Malware keeps “coming back” Significant time & money spent on forensics Reimaging of machines due to malware Loss of productivity Brand tarnishing

  9. Challenge: Malware Gets on Endpoints and Servers Endpoint and Server Security Network Security Malware gets on machines 400M+ Variants Desktops & Laptops Windows & Mac Next-Gen Firewall Off-network Anti Virus Anti Virus Anti Virus Phishing Virtual Detonation Rogue employees “…it’s clear that blacklist-based antivirus is fighting a losing battle…” Forrester ResearchSept 2012 Web drive by Network Analytics Virtual/Physical Servers USB devices Zero-day Network Monitoring Hacking Watering holes Fixed-Function SIEM Connected to mobile phone Memory IPS/IDS

  10. Bit9: Next-Generation Endpoint and Server Security Next-GenerationEndpoint and Server Security Bit9 Solution Visibility 1 2 Real-time sensor and recorder • Actionable Intelligence for every endpoint and server • Every executable and critical system resource • Results in days or weeks • Low user, admin, and system impact Desktops & Laptops Detection Virtual/Physical Servers Forensics Fixed-Function Protection Real-time enforcement engine • Ban software • Allow only software you trust to run • Highest level of endpoint/server security • Implement as quickly as desired

  11. Bit9 Time to Results: Rapid with Low User/Admin Impact 1 2 3 4 Prioritize and InvestigateAlerts Define andApply TrustPolicies Deploy Bit9 Sensor/Recorder on Endpoints & Servers Turn on Bit9 Advanced Threat Indicators Customer Actions Visibility Detection Forensics Protection Customer Benefits Stop all untrusted software from executing Know what’s running on every computer right now Detect advanced threats in real-time without signatures Recorded details about what’s happened on every endpoint/server As quickly as desired Time to Results Days “Immediate” “Immediate”

  12. How Network Security Enhances Endpoint Security The industry’s first and only network connector Next-Generation Network Security Next-Generation Endpoint and Server Security • Prioritize network alerts • Investigate scope of the threat • Remediate endpointsand servers Incoming files on network Correlate endpoint/server and network data “Detonate” files for analysis Transfer alerts Automatic analysisofall suspicious files On-demand analysis of suspicious files Submit files automaticallySubmit files on-demand Endpoint and server files

  13. Customer Projects Bit9 Can Help With

  14. Real-Time Security 1of the Top 10 • Large Chemical Company • Bit9 on 60,000 endpoints and servers • Before Bit9: • Suspected infections but slow to confirm • After Bit9: • Immediately found Advanced threat on executive’s PC • Executable disguised as PDF • Bit9 confirmed malware was only on one machine • Customer removed malware and remediated threat CHEMICALPROVIDERS

  15. Visibility • Large Oil Manufacturer Company • Bit9 on 10,000 endpoints and servers • Before Bit9: • Unknown existing malware • FireEye Customer • After Bit9: • They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3 machines.  • With deeper inspection they saw that that malware had dropped another executable and that malware was on 15 machines.  • FE never saw that malware because it didn’t come through the network.  All this happened very quickly due to the real time visibility.

  16. What Makes Bit9 Unique? Next-Generation Endpoint and Server Security Lowest impact on systems, admins and users One agent for visibility, detection, forensics, protection Actionable Intelligence for every endpoint and server Real-time monitoring and recording of endpoints and servers Bit9 DB Faster incident response and remediation Real-time integration with network security Windows and Mac On- and off-network protection Cross-platform support Remote and disconnected users On- and off-network protection • Most deployments (1,000) • Windows certified • Largest scalability Proven reliability and scalability

  17. Bit9 Satisfies Many of Your Compliance Needs

More Related