Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Challenge:Automatizzare le azioni di isolamento e
contenimento delle minacce
rilevate tramite soluzioni di malware analysis
Security Automation
Network Admission Control
Not VisibleVisible
Visible withIoT
See
Managed Unmanaged
DIRECTORIES
PATCH
SIEM
ATD
VA
EMM
OTHER
Computing Devices
Network Devices
Applications
Antivirus out-of-date
Broken agent
Vulnerability
Continuous
Agentless
Users EndpointsNetwork Existing IT
Control
Automated
Policy-driven
Orchestrate
Automate
workflows
Share
context
IBM
IBM
ControlFabric Open APIs
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
IT Security – With ForeScout
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
Network
Internet
11 See corporate, BYOD, IoT, rogue devices.
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
IBM
IBM
Directories
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Managed DevicesBYOD Devices IoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
1
2
Rogue Devices
IBM
IBM
Directories
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
3
IBM
IBM
Directories
IT Security – With ForeScout
EMM
Network Infrastructure
Managed DevicesBYOD Devices IoT Devices
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
5
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
5
4
FIREWALL SIEM ATD VA ENDPOINT PATCH
IBM
IBM
Directories
IT Security – With ForeScout
FIREWALL SIEM ATD VA ENDPOINT PATCH EMM
Network Infrastructure
Network
Internet
See corporate, BYOD, IoT, rogue devices.
1
2
3
Automate enrollment for guests and BYOD including mobile devices
Find and fix vulnerabilities and security problems on managed endpoints
4
Rapidly respond to incidents, without human intervention
Control network access based on user, device, policy
65
IBM
IBM
Directories
Managed DevicesBYOD Devices Rogue DevicesIoT Devices
Granular Controls
Modest Strong
Open trouble ticket
Send email notification
SNMP Traps
Syslog
HTTP browser hijack
Auditable end-user acknowledgement
Self-remediation
Integrate with systems and security management platforms. Send to WebService. Write to SQL/LDAP.
Deploy a virtual firewall around an infected or non-compliant device
Reassign the device into a VLAN with restricted access
Update access lists (ACLs) on switches, firewalls and routers to restrict access
DNS hijack (captive portal)
Automatically move device to a pre-configured guest network
Reassign device from production VLAN to quarantine VLAN
Block access with 802.1X
Alter login credentials to block access, VPN block
Block access with device authentication
Turn off switch port (802.1X, SNMP)
Wi-Fi port block
Terminate unauthorized applications
Disable peripheral device
Alert & Remediate Limit Access Move & Disable
Next Generation Security Platform
Next Generation Security Platform
Identification Technologies Transform the Firewall
•App-ID™
•Identify the application
•User-ID™
•Identify the user
•Content-ID™
•Scan the content
Single-Pass Parallel Processing™ (SP3) Architecture
Single Pass
• Operations once per packet
- Traffic classification (app identification)
- User/group mapping
- Content scanning –threats, URLs, confidential data
• One policy
Parallel Processing
• Function-specific parallel processing hardware engines
• Separate data/control planes
Up to 200Gbps, Low Latency
Wildfire
TrapsAdvanced Endpoint Protection
Prevent ExploitsIncluding zero-day exploits
Prevent MalwareIncluding advanced & unknown malware
Collect Attempted-Attack ForensicsFor further analysis
Scalable & LightweightMust be user-friendly and cover complete enterprise
Integrate with Network and Cloud SecurityFor data exchange and crossed-organization protection
Security Reimagined
Multi-Vector Virtual Execution Engine
PURPOSE-BUILT FOR SECURITY
HARDENED HYPERVISOR
SIGNATURE-LESS
EXPLOIT BASED DETECTION, NOT JUST FILE
FINDS KNOWN AND UNKNOWN THREATS
MULTI-VECTOR
PERFORMANCE
EFFICACY
Analyze, Detonate and Correlate
WITHIN VMs
ACROSS VMs
CROSS ENTERPRISE
DETONATE
CORRELATE
2 MILLION
OBJECTS
PER HOUR
ANALYZE
FireEye Ecosystem
Put pieces together!
Forescout + PaloAlto
Forescout + FireEye
DEMO!
Q&A