Intelligent Security through Security Connected PlatformSecurity Connected Platform

Anthony Wai,Regional Sales Engineering DirectorRegional Sales Engineering Director –North Asia

Legal InformationINFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S

Legal Information

TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE MERCHANTABILITY OR INFRINGEMENT OF ANYTO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice.All d d d fi ifi d li i b d i d bjAll products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata arewhich may cause the product to deviate from published specifications. Current characterized errata are available on request.Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Oth d b d b l i d th t f th

2

*Other names and brands may be claimed as the property of others.Copyright © 2010 Intel Corporation.

Intel Innovation

Moore’s Law Technology Innovations

Unquestioned Architecture and Semiconductor Leadership• Microprocessor Architecture• DRAMDRAM• High-k/Metal Gate• 22nm 3D Tri-gate Transistors• and more…

Market-Making Platforms and Technologies

“The number of transistors incorporated in a chip will approximately double

24 th ”every 24 months”– Gordon Moore, Intel co-founder

MMX Centrino Intel VT-x

Why Did Intel Choose McAfee?y

Broad IndustryPartner Ecosystem

BroadSolutions Portfolio

McAfee Labs andGTI (Cloud)

World ClassManagement

Platform

Security is fundamental to computingy p g

We cannot go back to a worldwithout computing anymore thanwithout computing anymore thanwe can go back to a world without

electricity…electricity…

…Making computing secure is essential to live up to all that

ti h t ffcomputing has to offer…

Security Defense must now: Go Deep Go WideSecurity Defense must now: Go Deep, Go Wide, Be Connected and Aware

Advancing toward a worry-free computing experiencep

ANTI-MALWARE

IDENTITY

DATA

RECOVERY

Advancing toward a more worry free computing experienceexperience

RecoveryAnti‐Malware IdentityData

Costs growingProductivity impacts

ProliferationSophistication

Losses growingGrowing password lists

Data theftLaptop theft

Helping to get you back in Advancing to where  Driving towards Helping Data and action even after attack 

by malwareMalware finds 

nowhere to run or hidekeeping your identity 

safe and trustedassets stay where they 

belong

Architecting for the Futureg

Protect the OS Before it StartsProblem with traditional approach to stealth malware (rootkit) protection:Problem with traditional approach to stealth malware (rootkit) protection:

–– TraditionallyTraditionally, all security solutions run within the , all security solutions run within the OS to OS to provide provide protection andprotection andyy, y, y pp ppdo not see rootkit kernel do not see rootkit kernel accessaccess

–– Kernel Kernel rootkits can be especially difficult to detect and remove because they rootkits can be especially difficult to detect and remove because they p y yp y yoperate at the operate at the same security level as the OS and can intercept or subvert the same security level as the OS and can intercept or subvert the most trusted OS operationmost trusted OS operation

–– If If the operating system has been subverted, the operating system has been subverted, it it cannot be trusted to find cannot be trusted to find unauthorized modifications to itself or its unauthorized modifications to itself or its componentscomponents

–– Current Current security solutions only protect against known stealth techniques (i.e. security solutions only protect against known stealth techniques (i.e. rootkits) after they have been installed and secretly been stealing rootkits) after they have been installed and secretly been stealing datadata

–– Even if Even if you realise you are infected, manual you realise you are infected, manual repair may repair may not practical so renot practical so re--installation is a common, safer and faster remediationinstallation is a common, safer and faster remediation9

McAfee Deep DefenderEndpoint Security Beyond the Operating System p y y p g y

GTI

Deeper level of protection beyond the OS

Stop kernel mode rootkits in real-time before they install and launch hidden malware

Protection from previously hidden threats beyond the OS for enhanced security

Managed by ePO

Protect the OS Before it Starts

January 2013 AVJanuary 2013 AV--TEST Proactive Rootkit Comparison TestTEST Proactive Rootkit Comparison Test

11

Intel AES-NI and McAfee Endpoint Encryption for PCs (EEPC)p yp ( )

Intel® AES New Instructions (AES-NI) + McAfee• McAfee EEPC V6.1 is the first

encryption technology to support AES NI t h l

Intel AES New Instructions (AES-NI) + McAfee EEPC accelerates encryption operations

AES-NI technology

• AES-NI is AES hardware crypto acceleration included in the newacceleration included in the new Intel Core i5 & i7 processors

• Purpose Built Encryption Engine

Accelerate Encryption Operations

Whole-disk Encryption

File Storage Encryption

• Purpose-Built Encryption Engine Accelerates Encryption Operations By Up To 3.5x

McAfee Anti-Theft SolutionWith Intel Anti-theft Technologygy

Ul b k™ McAfee Anti-Theft solution for Ultrabook

•Uses Intel Anti Theft Technology with security built into the hardware

Ultrabook™Inspired by Intel - Ultra responsive - Ultra sleek

into the hardware

•Locks the device if lost or stolen

•Locates the device and recovers data if connected

•Data wipe and encryption

•Capability survives HDD/BIOS wipe

Securing Mobile DevicesMcAfee Mobile Securityy

Protection PrivacyProtectionInvesting in research, app intelligencePerformance

Privacy SMS/call blocking, App Alert

Partner EnablementEfficient use of battery, user experience On-device transaction, in-app upgrades

McAfee ePO Deep CommandSecurity Management Beyond the OSSecurity Management Beyond the OS

ePO Agent

•• Utilizes Intel Utilizes Intel vProvPro technology (AMT)technology (AMT)•• Local and remote AMT connectionsLocal and remote AMT connections

gHandler

McAfee SecurityMcAfee SecurityMcAfee SecurityMcAfee Security

AppsAppsAppsApps

•• Local and remote AMT connectionsLocal and remote AMT connections•• Permits remote assistance, policy control, Permits remote assistance, policy control,

and remediationand remediationePOePO class scalabilitclass scalabilit

Intel vProIntel vProPPIntel vProIntel vProPP

PrePre--bootbootPrePre--bootboot

OSOSOSOS

McAfee AgentMcAfee AgentMcAfee AgentMcAfee Agent •• ePOePO--class scalabilityclass scalability•• ValueValue

–– Reduce Cost of Security OperationsReduce Cost of Security Operationsd l AMT f bd l AMT f bProcessorProcessorProcessorProcessor and securely expose AMT for use byand securely expose AMT for use by

point productspoint products

What is a “Real Time” Speed MultiplierSpeed Multiplier Architecture?

The Necessary Evolution – Moving to Real-Timey g

INSTANT VISIBILITY = INSTANT RESPONSE: ENTERPRISE WIDEINSTANT VISIBILITY = INSTANT RESPONSE: ENTERPRISE WIDE

SecuritySecurityVisibility and Visibility and DetectionDetection ResponseResponse

Security Security Management Management and Reportingand Reporting

POWER OF REAL TIME INFORMATION

17

HOW DOES THIS WORK?

How many systems are How many systems are i Ab b A b t 8 ?i Ab b A b t 8 ?running Abobe Acrobat 8.x?running Abobe Acrobat 8.x?

How many systems are How many systems are running processes running processes connected to external IPconnected to external IPconnected to external IP connected to external IP addresses?addresses?

Capabilityp y

R lR l TiTiRealReal--Time Time Product StatusProduct Status

Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content

RealReal--Time Time Risk AnalysisRisk Analysis

Enhancing Enhancing McAfee McAfee

SolutionsSolutions

20

Capabilityp y

R lR l TiTiRealReal--Time Time Product StatusProduct Status

Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content Forensic Discovery Forensic Discovery

Across Enterprise Across Enterprise RealReal--Time Time

Risk AnalysisRisk Analysis

ppin Seconds in Seconds or Minutesor Minutes

Enhancing Enhancing McAfee McAfee

SolutionsSolutionsResponseResponse

21

Capabilityp y

R lR l TiTiRealReal--Time Time Product StatusProduct Status

Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content Forensic Discovery Forensic Discovery

Across Enterprise Across Enterprise Continuous Check Continuous Check

for Key Configuration for Key Configuration RealReal--Time Time

Risk AnalysisRisk Analysis

ppin Seconds in Seconds or Minutesor Minutes

y gy gSettings and Settings and System StateSystem State

Enhancing Enhancing McAfee McAfee

SolutionsSolutionsResponseResponse

Security Security Management Management and Reportingand Reportinggg

22

ePO Speed Multiplier - Queries you can askp p y

Get Installed Applications contains * from all machinespp

Get OS from all machines

Who is logged in and running a particular process?Who is logged in and running a particular process?

What are the hashes of files that are connecting to a known bad IP address?

Get McAfee File reputation from all machines

Get McAfee HIPS Status from all machinesGet McAfee HIPS Status from all machines

Get Open Port[80] from all machines

G t t bli h d ti t t l IP

23

Get established connections to external IP

Select the Question

24

Actions you can takey

Stop and start processes or services

Add or delete files

Read or modify registry keysy g y y

Install, patch, update, or remove applications

Anything else you can think of that you can accomplishAnything else you can think of that you can accomplish on a command line or shell!

25

Example: Take Action!p

26

What is aWhat is a “Security Connected” A hit t ?Architecture?

Share Information to Enable Intelligent ResponsesShare Information to Enable Intelligent Responses

INTEGRATION & DATA EXCHANGEINTEGRATION & DATA EXCHANGE

Web GatewayWeb GatewayIdentity ManagementIdentity Management

Mail GatewayMail Gateway

EncryptionEncryptionDatabase SecurityDatabase Security

Network FirewallNetwork FirewallApp & Change ControlApp & Change Control

IPSIPS

AntiAnti--MalwareMalware

Vulnerability ManagementVulnerability Management

App & Change ControlApp & Change Control

Access ControlAccess Control

VirtualizationVirtualizationData ProtectionData Protection

SECURITY MANAGEMENTSECURITY MANAGEMENT

HIPSHIPSThreat AnalysisThreat AnalysisMobile SecurityMobile Security

VirtualizationVirtualization

SIA / Third PartySIA / Third Party

28

McAfee Advanced Threat DefenseUnique and Differentiated Advanced Malware SolutionU que a d e e a ed d a ced a a e So u o

Global Threat Intelligence

DETECT

SWF

ANALYZE HEAL

Automated Host SWF

WINDOWS EXE

PDF

Cleaning(ePO)

Malware Fingerprint Query

Efficient AV Signatures

GTI ReputationMS OFFICE DOCUMENTS

JPEG

MORE Real-Time Analysis and

y(Real Time ePO)

Instant File Access Control

GTI Reputation

Static Code Analysis

Target-Specific Sandboxing

MORE yReports

Blacklist and

Access Control

NSP

GatewaysMcAfeeMcAfeeSignature

UpdateGTIAdvantagesAdvantages ePO

Global Threat IntelligenceGlobal Threat IntelligenceWh t it t k t k i ti fWh t it t k t k i ti fWhat it takes to make your organization safeWhat it takes to make your organization safe

2. GTI cross-correlates across threat databases and renders a response

1. GTI-enabled products query the 3. GTI replies with a reputation score and p q yGlobal Threat Intelligence cloud

p pthe product takes policy-based action

Security Connected Platform (SCP)y ( )

THREAT DATA

Global Threat Intelligence(GTI)

Local Threat Intelligence(LTI)

Third Party(Vertical, Geo, Behavior)

ANALYTICS McAfee SIEM, Identity, Forensics,Risk Analysis, Behavior Analysis

DeepSecurity

NetworkSecurity

EndpointSecurity

CloudSecurity

ACTIONABLESITUATIONALAWARENESS & REDUCED TCO

COUNTER-MEASURECOMMAND &

CONTROL • Anti-malware• HIPS

Encryption

• App and Change Control• Mobile Security

IPS

• Mail Gateway• Web Gateway

Vulnerability Management

yy y

Security Innovation

Alliance

SECURITYMANAGEMENT

• Encryption• Desktop Firewall• Database Security

• IPS• Network Firewall• Access Control

• Vulnerability Management• Identity Management• DLP

ePO + SIEM + Network PolicyMANAGEMENT

DATA LAYER

ePO + SIEM + Network Policy

ePO + SIEM

Hardware-Enhanced Security

I t lli t S it th hIntelligent Security throughSecurity Connect Platform

IT Forces Impacting SecurityDATA CENTER DATA CENTER

TRANSFORMATIONTRANSFORMATION

SITUATIONAL SITUATIONAL AWARENESSAWARENESS

NEXT GENERATION NEXT GENERATION NETWORKNETWORK

COMPREHENSIVE COMPREHENSIVE MALWARE PROTECTIONMALWARE PROTECTION

NEXT GENERATION NEXT GENERATION ENDPOINTENDPOINT

WEB ANDWEB ANDIDENTITYIDENTITYIDENTITYIDENTITY

Inherent ComplexityVirtualizationVirtualization

Real Time VisibilityReal Time VisibilityContinuous MonitoringContinuous Monitoring

DATA CENTER DATA CENTER TRANSFORMATIONTRANSFORMATION

EncryptionEncryption

CloudCloud Servers / Servers / NetworksNetworks

Database Database SecuritySecurity Compliance ReportingCompliance Reporting

Exploding DataExploding Data SITUATIONAL SITUATIONAL AWARENESSAWARENESS

Identity and Identity and Access ControlAccess Control

Data ProtectionData ProtectionData LossData LossPreventionPrevention

NEXT GENERATION NEXT GENERATION NETWORKNETWORK

Next Next Gen IPSGen IPSBYOD / MobileBYOD / Mobile Enable the WorkforceEnable the Workforce

IdentityIdentityApp ProtectionApp ProtectionIntelligenceIntelligence--DrivenDrivenResponseResponse

Counter Stealth AttacksCounter Stealth Attacks

Social MediaSocial MediaProtectionProtection

Web Web ProtectionProtectionProtect DevicesProtect Devices

ReportingReportingProtect IPProtect IP

Protect CriticalProtect CriticalInfrastructuresInfrastructures

Achieve CyberAchieve CyberReadinessReadiness COMPREHENSIVE COMPREHENSIVE

MALWARE PROTECTIONMALWARE PROTECTIONNEXT GENERATION NEXT GENERATION

ENDPOINTENDPOINT

WEB ANDWEB ANDIDENTITYIDENTITY

EmailEmailProtectionProtection Identity ProtectionIdentity Protection

OS Protection (Legacy,OS Protection (Legacy,Win 7/8, Android, Mac)Win 7/8, Android, Mac)

Targeted AttacksTargeted Attacks

IDENTITYIDENTITY

Increasing Complexity and Security NeedsVirtualizationVirtualization

Real Time VisibilityReal Time VisibilityContinuous MonitoringContinuous MonitoringDATA CENTER DATA CENTER

TRANSFORMATIONTRANSFORMATIONNEW / CHANGING NEW / CHANGING BUSINESS DEMANDSBUSINESS DEMANDSREQUIRE SECURITYREQUIRE SECURITY

EncryptionEncryption

CloudCloud Servers / Servers / NetworksNetworks

Database Database SecuritySecurity Compliance ReportingCompliance Reporting

Exploding DataExploding Data SITUATIONAL SITUATIONAL AWARENESSAWARENESS

LIMITED OR LIMITED OR Identity and Identity and Access ControlAccess Control

Data ProtectionData ProtectionData LossData LossProtectionProtection

NEXT GENERATION NEXT GENERATION NETWORKNETWORKTrythis@mc

af33UNTRAINED UNTRAINED RESOURCESRESOURCES

Next Next Gen IPSGen IPSBYOD / MobileBYOD / Mobile Enable the WorkforceEnable the Workforce

IdentityIdentityApp ProtectionApp ProtectionIntelligenceIntelligence--DrivenDrivenResponseResponse

Counter Stealth AttacksCounter Stealth Attacksaf33

COST OF COST OF TECHNOLOGYTECHNOLOGY

Social MediaSocial MediaProtectionProtection

Web Web ProtectionProtectionProtect DevicesProtect Devices

ReportingReportingProtect IPProtect IP

Protect CriticalProtect CriticalInfrastructuresInfrastructures

Achieve CyberAchieve CyberReadinessReadiness COMPREHENSIVE COMPREHENSIVE

MALWARE PROTECTIONMALWARE PROTECTIONNEXT GENERATION NEXT GENERATION

ENDPOINTENDPOINT

WEB ANDWEB ANDIDENTITYIDENTITY

NEWNEWCOMPLIANCE COMPLIANCE &&

EmailEmailProtectionProtection Identity ProtectionIdentity Protection

OS Protection (Legacy,OS Protection (Legacy,Win 7/8, Android, Mac)Win 7/8, Android, Mac)

Targeted AttacksTargeted Attacks

IDENTITYIDENTITYREPORTING REPORTING REQUIREMENTSREQUIREMENTS

The Security Dilemma…

DefenseDefenseInInInIn

DepthDepth

Security ConnectedDelivering an Optimized Security Capability

INTEGRATED & REAL TIME SITUATIONALINTELLIGENT

SOLUTIONSSITUATIONAL

AWARENESS & RESPONSE

1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 10 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0

1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

Optimization Adds Value Within Business Constraints

DATA CENTER DATA CENTER TRANSFORMATIONTRANSFORMATION

•• HW HW & & SW SW licensing & licensing & maint. maint. costscosts

IMPROVE BUDGET IMPROVE BUDGET LEVERAGE LEVERAGE BY BY REDUCING:REDUCING:

SITUATIONAL SITUATIONAL AWARENESSAWARENESS

•• System downtimeSystem downtime

IMPROVED USE OF IMPROVED USE OF RESOURCES BY REDUCING:RESOURCES BY REDUCING:

NEXT GENERATION NEXT GENERATION NETWORKNETWORK

•• Incident management issuesIncident management issues•• Help desk callsHelp desk calls

RESPOND RESPOND AND DEMONSTRATEAND DEMONSTRATEBUSINESS AGILITY BUSINESS AGILITY BY REDUCINGBY REDUCING::•• Patch & remediation cyclesPatch & remediation cycles•• Security data Security data report analysisreport analysis

COMPREHENSIVE COMPREHENSIVE MALWARE PROTECTIONMALWARE PROTECTION

NEXT GENERATION NEXT GENERATION ENDPOINTENDPOINT

WEB ANDWEB ANDIDENTITYIDENTITY

DELIVER PROACTIVEDELIVER PROACTIVECOMPLIANCE COMPLIANCE BY REDUCINGBY REDUCING::

•• Forensic analysisForensic analysis & response& response IDENTITYIDENTITY•• Forensic analysis Forensic analysis & response& response•• Audit Audit & compliance & compliance time & effort time & effort

Security Connected Platform Vision