Intelligent Protection

Question:

Have you or your customers’ business experienced advanced threats such as Ransomware in the last 12 months?

Don’t forget what you are being paid to do.

• Align the goals of IT and IT Security to the goals of the business.

• Support management to reach those goals while mitigating risk to acceptable levels

• Making sure it is done in time and within budget.

• Be proactive

• Plan

• Prioritize

• Collaborate

• Analyze

• Understand

• Educate yourself and others

Steven Covey

What is impacting Businesses

State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute

Cyber attacks affected more SMBs in the past 12 months.

A growing problem for SMBs is the inability to staff their IT functions. The biggest problem is not having the personnel to mitigate cyber risks, vulnerabilities and attacks.

Ransomware: The TOP Security Concern

Ransomware is a form of computer malware that restricts access to your computer and/or its information, while demanding you pay a ransom to regain access.

Ransomware growth:

▪ Ransomware cost U.S. victims $209m in Q1, and $1b for 2016 - FBI

▪ 6 in 10 malware payloads are ransomware in Q1, 2017 – Kaspersky

▪ Ransomware spam up 6000% in 2016 – IBM

▪ Mobile ransomware increases 250% - Kaspersky

▪ A company is hit with ransomware every 40 seconds

▪ 83% of WatchGuard survey respondents believe ransomware #1 threat

Verizon 2017 DBIR

The Challenges of Advanced Malware Detection

ReputationSignatures & Lists of Malicious

URLs, Domains, IPs

HeuristicsCommon Malware Patterns

BehaviorsOdd Processes and

Actions

Deep Analysis

Detonation of Suspicious

Things

Volume of Threats

Only catch what they KNOW is a threatOn average antivirus software was only 61% effective in catching threats two weeks after their discovery.

Large volume of false positivesMore than 80% of the 17,000 malware alerts an average business receives each week are false positives.

Volume of threat indicators overwhelming4% of malware alerts are actually investigated by security teams

Identifying bleeding-edge threats an ongoing problem38% of Malware is zero-day, and 95% of detected Malware is less than 24 hours old

New Industry Focus on Detection and Response

Gartner’s Adaptive Security Architecture – Neil MacDonald

• Experts recommend rebalancing purchasing toward D&R

• Avoid siloed solutions. Look for ones that share info between stages –MacDonald

• If you lack expertise, consider MSSP or MDR.

DELIVERYThe attack payload is delivered through the network perimeter

RECONNAISSANCEThe attacker gathers information on the victim

Cyber Kill Chain 3.0

COMPROMISE/ EXPLOITVulnerabilities from reconnaissance stage are exploited to launch an attack

OBJECTIVES/ EXFILTRATIONThe goal of the attack is accomplished

INFECTION/ INSTALLATIONThe attack payload is installed on the

system and persistence is obtained

LATERAL MOVEMENT/ PIVOTINGThe attacker moves behind the network perimeter

to their final target

COMMAND AND CONTROLThe attack payload calls home for instructions

Packet

FilteringProxies

IPS APT

Blocker

Gateway

AntiVirus

Packet

Filtering

IPS APT

Blocker

Gateway

AntiVirusDLPApplication

ControlReputation

Enabled

Defense

Application

Control

Packet

FilteringWeb

Blocker

IPS APT

Blocker

Gateway

AntiVirus

Reputation

Enabled

Defense

RECONNAISSANCE

COMPROMISE/ EXPLOIT

COMMAND AND CONTROL

OBJECTIVES/ EXFILTRATION

DELIVERY

INFECTION/ INSTALLATION

LATERAL MOVEMENT/PIVOTING

APT

Blocker

Gateway

AntiVirusTDR

IPSWeb

Blocker

TDR Botnet

Protection

Packet

FilteringDLP Botnet

Protection

WatchGuardBreaks

the Kill Chain

What’s Needed?Endpoint Insight

Network Correlation and Threat Scoring

Advanced Threat Triage

Responding to the threat of advanced malware requires the ability to monitor endpoints for behaviors that would indicate an attack, and the means to take action to stop the threat – manually or automatically.

The vast majority of cyber threats are delivered via the network. Correlating network events and endpoint behaviors into a single threat score gives you the insight you need to confidently respond to threats with the appropriate action.

Malware is constantly evolving. Submitting suspicious files for execution in a cloud-sandbox that emulates a physical machine, manually or by policy, means you can protect against the latest threats, and triage security incidents with ease.

Businesses are vulnerable to exploits and malware. Only 39 percent of respondents say the technologies currently used by their organization can detect and block most cyber attacks.

State of Cybersecurity in Small and Medium Sized Businesses - Ponemon Institute

Our Security, Delivered Your Way1. Simplified Management

2. Intelligent Protection

3. Actionable Visibility

WatchGuard Total Security Suite

• Includes - Threat Detection and Response

that is a collection of advanced

Malware defense tools that correlate

threat indicators from Fireboxes and

Host Sensors to enable real-time,

automated response to stop known,

unknown and evasive threats.

APT BLOCKER – ADVANCED MALWARE PROTECTION APT Blocker uses an award-winning next-gen sandbox to detect and stop the most sophisticated attacks including ransomware, zero day threats and other advanced malware.

THREAT DETECTION AND RESPONSE Correlate network and endpoint security events with enterprise-grade threat intelligence to detect, prioritize and enable immediate action to stop malware attacks. Improve visibility by evolving your existing security model to extend past prevention, to now include correlation, detection and response.

INTRUSION PREVENTION SERVICE (IPS)IPS uses continually updated signatures to scan traffic on all major protocols to provide real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.

GATEWAY ANTIVIRUS (GAV)Leverage our continuously updated signatures to identify and block known spyware, viruses, trojans, worms, rogueware and blended threats –including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don’t slip by.

REPUTATION ENABLED DEFENSE SERVICE (RED)A powerful, cloud-based reputation lookup service that protects web users from malicious sites and botnets, while dramatically improving web processing overhead.

WEBBLOCKER URL FILTERINGIn addition to automatically blocking known malicious sites, WebBlocker’sgranular content and URL filtering tools enable you to block inappropriate content, conserve network bandwidth, and increase employee productivity.

spamBlockerReal-time spam detection for protection from outbreaks. Our spamBlocker is so fast and effective, it can review up to 4 billion messages per day.

Application ControlSelectively allow, block, or restrict access to applications based on a user’s department, job function, and time of day and to then see, in real-time, what’s being accessed on your network and by whom.

DATA LOSS PREVENTION (DLP)This service prevents accidental or malicious data loss by scanning text and common file types to detect sensitive information attempting to leave the network.

NETWORK DISCOVERY A subscription-based service for Firebox appliances that generates a visual map of all nodes on your network so you can easily see where you may be at risk.

Delivered Your Way – Intelligent Protection

Prevent

Detect

Respond

Provide layered threat prevention that shuts down attacks targeted at your customers.

Leverage cutting-edge technology to quickly and effectively detect threats from the network

to the endpoint with actionable alerts.

Take immediate action to mitigate known threats, whether they are on the network, endpoint,

or wireless environment with policy automation.

What about Wi-Fi1. Wi-Fi Password Cracking - Wireless access

points that still use older security protocols, like WEP, make for easy targets because the passwords are notoriously easy to crack.

2. Rogue APs and Clients - Nothing physically prevents a cyber criminal from enabling a foreign access point near your hotspot with a matching SSID, which invites unsuspecting customers to log in. Users that fall victim to the rogue AP are susceptible to a malicious code injection.

3. Planting Malware - A common tactic used by hackers is to plant a backdoor on the network, allowing them to return at a later date to steal sensitive information.

4. Eavesdropping - Guests run the risk of having their private communications detected, or packets sniffed, by nosey cyber snoops while on an unprotected wireless network.

5. Data Theft - Joining a wireless network puts users at risk of losing private documents that may contain highly sensitive information to cyber thieves who opportunistically intercept data being sent through the network.

6. Inappropriate and Illegal Usage - Adult or extremist content can be offensive to neighboring users, and illegal downloads of protected media leave the business susceptible to copyright infringement lawsuits.

7. Bad Neighbors - Mobile attacks, such as Android’s StageFright, can spread from guest to guest, even if victim zero is oblivious to the outbreak.

8. Man in the Middle Attack (MitM) - Mundane communication over Wi-Fi can lead to a breach when a villainous actor secretly intercepts and alters legitimate conversations.

9. Wireless DoS - Attackers can cause a standstill in Wi-Fi access by intentionally sending large amounts of traffic to legitimate access points, which disables the appliance from legitimate use.

10. Masquerading Attacks - Cyber criminals set on breaching Wi-Fi security commonly attempt to disguise their devices as legitimate or known devices by spoofing MAC addresses.

11. Misconfigured AP - Deploying access points without following Wi-Fi security best practices can lead to inadvertent misconfigurations, which often leads to a security risk.

WatchGuard Access Points and WIPS SecurityPatented marker-packet technology automatically classifies each access point so that rogue APs can be blocked

Protection to and from Cloud to On-premise

• Horizontal and Vertical Coverage

• Leverage IaaS, PaaS

• On-Premise and SaaS

• Ecosystem coverage

Comprehensive Coverage

Best in Class - Industry Leadership

A Complete Product Portfolio for Managed Security

Deploy

Maintain

Upgrade

Prevent

Detect

Respond

Monitor

Report

Troubleshoot

But when it all said and done…

Never forget what you are being paid to do.

• Align the goals of IT and IT Security to the goals of the business.

• Support management to reach those goals while mitigating risk to acceptable levels

• Making sure it is done in time and within budget.

• Be proactive

• Plan

• Prioritize

• Collaborate

• Analyze

• Understand

• Educate yourself and others

Steven Covey

And never, never, never, forget to:

Thank You!Questions?