Upload
ami-washington
View
219
Download
0
Embed Size (px)
Citation preview
.
McAfee Confidential
McAfee Web Protection Protect Your Enterprise Against Web Threats
.
McAfee Confidential
2
Malware Is Changing…
20132011 2012
Sophisticated evasion techniques• Unique, one time-only
URL or file• Obfuscation• Dynamic code generationBrowser-specific attacks• Ex: known Firefox exploits• Anticipate rise in HTML5
attacks
Rise in Adobe-based attacks• PDF, Flash
Zero-day Java and JavaScript-based attacks
.
McAfee Confidential
The Cloud Brings New Challenges
SECURITY
Increasingly sophisticated
malwareIncreased SSL-encrypted web
trafficAdvanced,
persistent threats
APPLICATIONVISIBILITY
More people & devices connecting to more applications outside traditional
network, often without IT knowledge
FLEXIBILITY
Need to accommodate
changing business conditions
Protection needs to travel with the user and device rather than stay in the
office
3
.
McAfee Confidential
The Cloud Brings New Challenges
SECURITY
Increasingly sophisticated
malwareIncreased SSL-encrypted web
trafficAdvanced,
persistent threats
APPLICATIONMANAGEMENT
More people & devices connecting to more applications outside traditional
network
FLEXIBILITY
Need to accommodate
changing business conditions
Protection needs to travel with the user and device rather than stay in the
office
4
.
McAfee Confidential
5
How bad is the problem?
How can I block web-borne threats?
What about outbound threats?
What other add-on tools should I consider?
Security
.
McAfee Confidential
.
File Reputation
Web Reputation
Ports / Protocol
Application
Network Activity
Geo-locationIP AddressAffiliations Email Address DNS ServerWeb Activity Data Activity
Mail ActivityURL
Sender Reputation
Domain
ThreatReputation
Global Threat Intelligence
Network IPS Firewall
Web Gatewa
yHost AV
Mail Gateway
Host IPS
3rd Party Feed
300M IPS attacks/mo.
300M IPS attacks/m
o.
2B Botnet C&C IP
Reputation Queries/mo.
20B Message Reputation
Queries/mo.
2.5B Malware Reputation
Queries/mo.
300M IPS Attacks/mo.
Geo location feeds
GTIGTI
6 SecurityConnected
.
McAfee Confidential
7
DISSECT
ANALYZE
EMULATE
• Unique to McAfee Web Protection
• Emulation provides real-time protection
• Most effective zero-day protection
McAfee Gateway Anti-Malware Engine Scanning
“MWG has strong malware protection due to its on-box browser code emulation capabilities.”
Gartner, Magic Quadrant for Secure Web Gateways
.
McAfee Confidential
8
SecurityMalware detection
0%
20%
40%
60%
80%
100%91%
99% 99%
74%
94%97%
25%
85%
71%
58%
91%
16%
McAfee
Blue Coat
Cisco
Websense
• Cloud intelligence
• Ability to open content and inspect
• Proactive scanning
• Signature-based protection
• Worms, Trojans
• PW stealing programs
• PDF exploits
• Macros for MS Office
• Malicious scripts
AV-Test.orgPerformance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.
95%99%99%
New 2013 results• Web Gateway
increases Zero-Day protection to 95%
• Other vendors invited to participate
– No response
Zero Day Protection Rate
PE Malware Detection Non-PE Malware Detection
.
McAfee Confidential
30-Day POC Evaluation
One sixth of web traffic sent to Web Gateway after being scanned by existing solution
9
Proof PointCompetitive POC
Scanned Results
BACKGROUND• Fortune 10 US corporation with world-wide network• Existing Blue Coat installation
OUTCOME
• 1,000 desktops saved from infection during POC
• Remediation costs: $150–$200 per desktop• During POC: $150,000–$200,000 savings• POC result: Prospect became a customer
Ninety-two million URLs
346,000 websites andweb objects
280,000 URLs categorized incorrectly by current proxy
50,000 URLs with unacceptable reputations
16,000 discrete web objects containing malware
.
McAfee Confidential
Apply comprehensive DLP rulesSupports preformatted McAfee DLP dictionaries
(HIPAA, PCI, UK-NHS, European IBAN)
SecurityIntegrated DLP prevents data leakage
Credit card numbers found
.
McAfee Confidential
11
SecurityEncrypt data going to the cloud
Encryption protects cloud-
based files
.
McAfee Confidential
12
McAfee Advanced Threat DefenseComprehensive approach to malware
FIXFREEZE
FIND
Advanced Threat Defense
Endpoint
Next GenerationFirewall
NetworkSecurity Platform
McAfeeEmail Gateway
McAfeeWeb Gateway
ThreatIntelligence Exchange
McAfee Enterprise Security Manager (SIEM)
McAfeeReal Time
.
McAfee Confidential
13
Application Discovery
• What applications are your users actually using?
Application Controls
• Can you manage application entitlements?
Application Access
• Can you deliver user access and strong authentication?
Application Management
.
McAfee Confidential
More than 80% of employees worldwide use SaaS applications without IT approval.Frost & Sullivan:The Hidden Truth Behind shadow IT
TODAY’S REALITY:
.
McAfee Confidential
15
What applicationsare on your network?
How much bandwidth are
they using?
Who are the top users?
Which are blocked?
Application DiscoveryWhat are your users up to?
What applicationsare on your network?
How much bandwidth are
they using?
Who are the top users?
Which are blocked?
.
McAfee Confidential
Content Security Reporter + McAfee ePO = visibility, control, compliance
Integrated, Actionable Discovery
16
.
McAfee Confidential
17
Enable/Disable specificapplications
Control entitlements, access, data sharing
Apply policy based on application, user, group, risk, …
Web Application ControlsEnforce acceptable usage policy
.
McAfee Confidential
Application ControlsYouTube example
Query for YouTube category in real-timeSet policy by: Category, Author, Channel
Customize block page with your
logo, colors, instructions…
.
McAfee Confidential19
Application AccessWeb identity
OneTimePassword
Laptop
Mobile
Internal User
Web Identity Launch Pad
SingleSignOn
.
McAfee Confidential
Web Gateway Multi-layered Protection
ePO
• Identify web applications in use• Controls enforce acceptable usage policy• SSO and multi-factor authentication for access
Anti-MalwareBotnet Client
Data Leakage
Application Manageme
nt
Content Inspection
SSL Scanning
•DLP Engine‒ Full dictionaries‒ Enforce data leakage policy
•File encryption‒ Protect data on file-sharing
sites
• Identify “phone-home” behavior
• Aggressive scanning of non-human initiated requests
•Signature-based AV•Zero-day malware detection‒ Dissect, emulate target
platform environment‒ Evaluate code behavior
• Scrutinize HTTPS traffic• Identify malware hidden in
encrypted web sessions• Enforce application
controls
• Reputation (GTI)• Geo-location (GTI)• URL categorization & filtering (GTI)• Media & file analysis
Outbound TrafficInbound Traffic
.
McAfee Confidential
21
What is the most effective deployment scenario for me?
• Should I go on-premises or the cloud?
How do I manage web access for remote or mobile users?
• Is there some way to protect them from malware infections?
FLEXIBILITY
.
McAfee Confidential
FlexibilityDeploy on-premise, in the cloud, or a hybrid combination
VM
Appliance and SaaS (Hybrid)
Appliance and SaaS (Hybrid)
Remote Users (SaaS)
SaaS or VM
Performance and Scalabilityfrom Branch Offices to Corporate HeadquartersCommon policy, management & reporting
HardwareAppliances Blade
Server
Virtual Appliance
Cloud-based
SaaS
.
McAfee Confidential
23
McAfee Client ProxyProtect mobile & remote users
Off Network
McAfee Data CenterSaaS Web Protection
(or Web Gateway in DMZ)
Internet
Active
?
Browser
Browser
Corporate OfficeOn-NetworkWeb Gateway
?
Client Proxy
.
McAfee Confidential
Features & Benefits
24
Flexible Architecture• Fit business requirements• Adapt as business needs change
Secure• Best of breed security services, #1 malware
defense• Protect on-premises and remote/traveling
users
Cost-effective• One SKU, one price• Buy only what you need
Manageable• Easy policy synchronization• Consistent, cross-platform reporting
Proven Scalability• Start small - SMB to enterprise• Add capacity, as needed
.
McAfee Confidential
25
Security
• Rules-based policy enforcement
• Global Threat Intelligence
• AV & Gateway Anti-Malware engines
• Built-in Data Loss Prevention
• Cloud storage file encryption
• Advanced Threat Defense integration
Application Management
• Identify and control rogue SaaS applications
• Single sign-on and multi-factor authentication
Flexibility
• Mobile & remote user protection
• Hybrid deployment options with policy synch
• Forward and reverse proxy options
McAfee Web Protection
.
McAfee Confidential
Next Steps – Prove It to Yourself!
APPLICATION NAME SUM OF HITS
BitTorrent Variants 22640
Google Analytics 1183
Hotmail 766
Facebook 754
Other 4093
TOTAL 29463
CATEGORYNAME# of
Detailed Web Access
Payment CardIndustry – Credit Card Number
Violations35
DLP: User-Defined Dictionary 23
SOX Compliance – Merger and Acquisition 1
TOTAL 59
MALWARE NAME SUM OF HITS
McAfeeGW: Heuristic.BehavesLike.JS.Infected.A 38
GoMcAfeeGW: Heuristic.BehavesLike.JS.Unwanted 19
McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.G 11
McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.K 7
Other 12
TOTAL 87
STEP TWO: REVIEW RESULTS
Run Web Gateway Proof of Concept
Communicate Results.Take Action!
STEP ONE STEP THREE
26