240 likes | 430 Vues
There’s no silver bullet…but there is a silver lining. Data Connector Calgary 2014. InfoSec Trends – Continuous Monitoring and Response. Challenges Information security doesn't have the continuous visibility it needs to detect advanced attacks
 
                
                E N D
There’s no silver bullet…but there is a silver lining. Data Connector Calgary 2014
InfoSec Trends – Continuous Monitoring and Response Challenges • Information security doesn't have the continuous visibility it needs to detect advanced attacks • Detective, preventive, response and predictive capabilities from vendors have been delivered in non-integrated silos, increasing costs and decreasing effectiveness Recommendations • Shift your security mindset from "incident response" to "continuous response” • Favor context-aware network, endpoint and application security protection platforms … • Architect for comprehensive, continuous monitoring at all layers of the IT stack… Source: Gartner, Inc. “Designing an Adaptive Security Architecture for Protection From Advanced Attacks”, February 2014, MacDonald, Firstbrook
Continuous Monitoring & Mitigation Challenges Inadequate Visibility Transient Devices BYOD Devices Broken Managed Devices Inadequate Collaboration Detection-Mitigation Gap VA MDM Patch APT
Impacts to the Enterprise + IT Risks + IT Costs Greater IT Costs Greater IT Security Risks $ Investigation Mitigation Rogue devices System breach Data leakage Compliance violation
Desired State Real-time Visibility + Coordinated Controls Ticketing Switches Wireless SIEM Remediation MDM Vulnerability AAA Endpoint Security Systems Management
Real-time Network Asset Intelligence Complete Situational Awareness
Architecture for Real-Time Visibility Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols
Architecture for Real-Time Visibility 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols
Architecture for Real-Time Visibility 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus • WHO? • User • Name • Email • Title • Groups Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols • WHERE? • Controller IP • SSID • VLAN 3) Leverage your infrastructure (SNMP reads, LDAP, switches, wireless, VPN. etc.)
Architecture for Real-Time Visibility... and Control • Control at Device: • Alert the End User • Auto-Remediate 2) Interrogate the Device • Health? • Apps • Services • Processes • Registry • Patches • Encryption • Antivirus • WHO? • User • Name • Email • Title • Groups • Control w/Traffic • HTTP Guest Registration • HTTP Alerting • IPS • Virtual Firewall Span port / TAP • WHAT? • IP Address • OS • Browser Agent • Ports/Protocols • Control w/Architecture • Dynamic ACL (SSH or Telnet) • VLAN Change (SNMP Write) • Shut off a port (SNMP Write) • Push information to SIEM • WHERE? • Controller IP • SSID • VLAN 3) Leverage your infrastructure (SNMP reads, LDAP, switches, wireless, VPN. etc.)
Taking Visibility and Control to the Next Level User Behavior User Information Applications Operating Systems Device / Peripherals Physical Layer
Information Exchange and Response Automation ASSET MANAGEMENT Security Gateway GRC RISKMANAGEMENT NETWORK OPERATIONS Intelligence Exchange AAA SIEM Continuous Monitoringand Mitigation NGFW / VPN VA/DLP Next-Gen NAC System Management MDM / MAM Host Controls
Use Case Example: Threat Management Is it authorized? Is it breached? • Quarantine • Remediate • Investigate Next-GenNAC Is it attacking?
Continuous Monitoring and Mitigation Continuous Visibility Endpoint Mitigation Endpoint Authentication & Inspection Next-Gen Network Access Control Network Enforcement Information Integration
SIEM Interoperability CFI Alert ForeScout App for Splunk
The Players…. *Magic Quadrant for Network Access Control, December 2013, Gartner Inc. **NAC Competitive LandscapeApril 2013, Frost & Sullivan **Frost & Sullivan 2013 report NC91-74, Analysis of the Network Access Control Market: Evolving Business Practices and Technologies Rejuvenate Market Growth” Chard base year 2012. *This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from ForeScout. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Garnter, Inc. "Magic Quadrant for Network Access Control," Report G00249599, December 12, 2013, Lawrence Orans.
NAC features to look for Fast and easy to deploy Agentless andnon-disruptive Scalable, no re-architecting
NAC features to look for Fast and easy to deploy Infrastructure Agnostic Works with mixed, legacy environment Agentless andnon-disruptive Avoid vendor lock-in Scalable, no re-architecting
NAC features to look for Fast and easy to deploy Infrastructure Agnostic Flexible and Customizable Optimized for diversity and BYOD Works with mixed, legacy environment Agentless andnon-disruptive Supports openintegration standards Avoid vendor lock-in Scalable, no re-architecting
Pervasive Network Security an IT Game Changer Pervasive Network Security