Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Network tap wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Next-Generation Endpoint and Server Security Real-time monitoring and protection for endpoints and servers ©2013 Bit9. All Rights Reserved Acceleration of Intellectual Property Loss: Significant Breaches of 2012 Jan Feb Feb Mar Mar Apr Apr May May JunJun JulyJuly Aug Aug Sept Sept Oct Oct Nov NY Times article – posted 2/20/2013 Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook) Palo Alto Networks put out a study recently finding: • Attackers have shifted from email exploits to web-based exploits • Web pages load instantly and can be tweaked on the fly versus waiting for email attack to work • 94% of undetected malware came from web-browsers or web proxies • 95% of the FTP based exploits were never detected by anti-virus • 97% used non-standard ports to infect systems Palo Alto recommends the following: • • • • Investigate unknown traffic Restrict rights to DNS domains Real-time detection and blocking More fully deployed antimalware technology Have Hackers invented something earth shattering? USA Today on 3/27/13 by Geoff Collins Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes. But consider this: a vast majority of hacks are stunningly simple to deflect with 4 simple steps So what ARE the four simple measures? First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems. Third is very rapid patching of software The fourth is minimizing the number of people on a network who have "administrator" privileges • Can also limit which applications can be installed Java Problems Let’s summarize the threat scape……. Laptops Results Have the #1 and #2 most vulnerable applications running Threat of stolen IP Credentials taken Servers brought off line Websites hacked and altered Malware keeps “coming back” Significant time & money spent on forensics Reimaging of machines due to malware Loss of productivity Brand tarnishing • Java • Adobe Access networks and servers Leave the perimeter regularly with no control of usage Use a security tool that looks for known bad and is minimally effective Challenge: Malware Gets on Endpoints and Servers Endpoint and Server Security Network Security Malware gets on machines 400M+ Variants Desktops & Laptops Windows & Mac Next-Gen Firewall Anti Virus Phishing Virtual/Physical Servers Anti Virus Fixed-Function Anti Virus “…it’s clear that blacklist-based antivirus is fighting a losing battle…” Forrester Research Sept 2012 Virtual Detonation Web drive by Network Analytics Zero-day Network Monitoring Watering holes SIEM Memory IPS/IDS Bit9: Next-Generation Endpoint and Server Security Next-Generation Endpoint and Server Security Bit9 Solution Visibility Desktops & Laptops 1 Detection Virtual/Physical Servers Forensics Real-time sensor and recorder Actionable Intelligence for every endpoint and server Every executable and critical system resource Results in days or weeks Low user, admin, and system impact Fixed-Function Protection 2 Real-time enforcement engine Ban software Allow only software you trust to run Highest level of endpoint/server security Implement as quickly as desired Bit9 Time to Results: Rapid with Low User/Admin Impact Customer Actions 1 2 3 4 Deploy Bit9 Sensor/Recorder on Endpoints & Servers Turn on Bit9 Advanced Threat Indicators Prioritize and Investigate Alerts Define and Apply Trust Policies Visibility Detection Forensics Protection Know what’s running on every computer right now Detect advanced threats in real-time without signatures Recorded details about what’s happened on every endpoint/server Stop all untrusted software from executing Days “Immediate” “Immediate” As quickly as desired Customer Benefits Time to Results How Network Security Enhances Endpoint Security The industry’s first and only network connector Next-Generation Network Security Incoming files on network “Detonate” files for analysis Next-Generation Endpoint and Server Security Transfer alerts Correlate endpoint/server and network data Prioritize network alerts Investigate scope of the threat Remediate endpoints and servers Submit files automatically Submit files on-demand Endpoint and server files Automatic analysis of all suspicious files On-demand analysis of suspicious files Customer Projects Bit9 Can Help With Projects Advanced threat protection projects Resolution Bit9 can stop zero-day attacks and advanced threats Windows 7/8 roll out Bit9 reduces reimaging costs Removing admin rights Bit9 increases security without impeding users Virtualization Bit9 will secure your VDI, virtual servers, or terminal services FIM for Servers Bit9 ensure no one is tampering with your servers Compliance Bit9 reduce the operational and cost burden of AV and still be compliant Incident Response Bit9 can we accelerate your investigation, forensics, and remediation Real-Time Security 1 of the Top 10 CHEMICAL PROVIDERS Large Chemical Company Bit9 on 60,000 endpoints and servers Before Bit9: • Suspected infections but slow to confirm After Bit9: • • • • Immediately found Advanced threat on executive’s PC Executable disguised as PDF Bit9 confirmed malware was only on one machine Customer removed malware and remediated threat Visibility Large Oil Manufacturer Company Bit9 on 10,000 endpoints and servers Before Bit9: • Unknown existing malware • FireEye Customer After Bit9: • They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3 machines. • With deeper inspection they saw that that malware had dropped another executable and that malware was on 15 machines. • FE never saw that malware because it didn’t come through the network. All this happened very quickly due to the real time visibility. What Makes Bit9 Unique? Next-Generation Endpoint and Server Security Lowest impact on systems, admins and users One agent for visibility, detection, forensics, protection Real-time monitoring and recording of endpoints and servers Bit9 DB Actionable Intelligence for every endpoint and server Real-time integration with network security Faster incident response and remediation Cross-platform support On- and off-network protection Windows and Mac On- and off-network protection Remote and disconnected users Proven reliability and scalability • Most deployments (1,000) • Windows certified • Largest scalability Bit9 Satisfies Many of Your Compliance Needs Controls PCI SOX NERC CIP HIPAA FISMA Protect CC Data Protect Log Files Protect Critical Endpoints Protect PII Protect Log Files FIM FIM FIM FIM FIM Secure Infrastructure – Utilize Anti-Malware AV on Endpoints and Servers AV on Servers AV on Endpoints and Servers AV on Endpoints and Servers AV on Servers Asset Analysis – Threat and Trust Measure Compliance Risk Vulnerability Detection and Ranking Malicious intent and Malware Detection Risk Reporting and Assessment Risk Reporting Vulnerability Assessment Security Policy and Awareness Log and Records Audit and Review Critical Control and DR Plan Review Security Awareness and Data Privacy Training Logging and Authorized Access Tracking Protect Sensitive /Critical Data Control File Assets Security Policy Enforcement and Audit