Upload
claudy75
View
165
Download
2
Embed Size (px)
Citation preview
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
SECURITERisques, tendances & préconisations à venir
Eric HOHBAUER, Directeur Commercial Stormshield
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Stormshield
The European leader
for network, data and endpoint
cybersecurity solutions.
Eric HOHBAUER
Sales Director
06 16 40 31 90 / [email protected]
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
ACTIVE CYBER-PROTECTION RISKS, TRENDS, PROACTIVITY
NATIONAL AND PERSONAL INTERESTS ARE ALL AT RISK
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
THIS IS REALITY
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Critical National Infrastructures are exposed
Stuxnet, BlackEnergy,…
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
State-sponsored cyber-espionnage is effective
Regin, Red October, …
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Hacktivists are disturbing National Interests
Singapour, Israël, China, US, Tunisia…
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Military e-strikes are more and more frequent and systematic
Recent US/North Korea conflict
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
An online information goldmine
The explosion of social networks has made it so much easier to collect information on the victim and increase the chances of successful hack.
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Attacks have become more intelligent and harder to detect
11
Spearphishing
Multi-vector attacks
Polymorphic malware
0-day exploitation
…RSA, VMWare, Google,
French Ministry of
Finance, DoD, New York
Times, Domino’s Pizza,…
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Traditional methods are no longer enough
12
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
SECURITY ANALYSIS ARE PERFORMED ON THE SOURCE, ON SECURITY
DEVICES AND ON THE DESTINATION WITHOUT ANY RELATIONSHIP
BETWEEN THESE ANALYSIS.
Traditional model
13
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
HACKERS TODAY USE ADVANCED TECHNIQUES TO BYPASS
PROTECTION SYSTEMS OR SECURITY ENGINES SO AS TO REACH THEIR
TARGETS
Traditional model
14
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
A Multi-Layer and In-depth Defense
Approach is Needed
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
A behavioral approach
0-day
Exploit
Advisory Public
Exploit
Patch
Deployment
Risk of vulnerability
exploit
Time
SIGNATURE-BASED
RESPONSE
STORMSHIELD ENDPOINT
SECURITY RESPONSE
Signature
deployment
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 CONFIDENTIAL – Copyright © 2014
PROTECTION ON THE INFRASTRUCTURES & ON THE
ENDPOINTS
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
OUR visionmulti-layer collaborative security
INTERNAL
COLLABORATION
THREAT
INTELLIGENCE
CONTEXT
AWARENESS
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Layer 1: internal collaboration
19
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Layer 2: context-awareness
20
20
VM
VM
VM
VM = Vulnerability Manager
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Stormshield Cloud
SOC, CERT, Partenaires THREAT INTELLIGENCE
Layer 3: threat intelligence
21
Stormshield community(Network + Endpoint)
Statistical reportsGlobal risk level
Main threats
Anonymized security
alerts (may be disabled)
Countermeasures Signatures, dedicated reports, filter rules
Information security traffic Security information and qualified alerts
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Stormshield provides a
global and comprehensive solution with its
Stormshield Network Security
and
Stormshield Endpoint Security
product lines
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 CONFIDENTIAL – Copyright © 2014
GLOBAL PROTECTION
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Protecting Endpoints against
Targeted and Sophisticated Attacks
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 CONFIDENTIAL – Copyright © 2014
THE 3 STEPS OF A TARGETED ATTACK
Get in the
infrastructure
• Exploit
vulnerabilities:
PDF, Flash,
browsers, etc.
• Leverage
removable
devices misuses
Spread and seek
targets
• Make good use of the Pass-the-Hash design flaw
• Capitalize on removable devices’ mobility
Steal or destroy
• Exfiltrate data to
C&C
• Wipe out
repositories
• Lure hardware
into abnormal
and harmful
behaviors
These attacks are widely used in cyberespionnage targeting governments
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Protecting Industrial
Environments
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Securing Sensitive National
Information
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Ensure In-depth
Infrastructure Protection
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Trusted Solutions
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
TRUSTED SOLUTIONS
Corporate Overview
To ensure full confidence in your security, it is necessary to choose solutions that are certified and labeled by non-commercial, independent and impartial organisms.
Stormshield Security solutions are based upon Arkoon and NETASQ technologies which provide the best guarantees:
Common Criteria certifications, EAL 3 + / EAL4 +, granted by a European administration. The EAL4 + certification for NETASQ products was awarded by two different European certifying organisms (France and Netherlands).
Standard Level Qualification which certifies that the product complies with the french security requirements. The qualification process includes a detailed audit and review of the code related to encryption mechanisms.
NATO Restricted classification carried by a European certification body.
EU Restricted classification which certifies that the product has a sufficient level of confidence to protect sensitive data in the EU. The NETASQ products are the only firewall / UTM products to be referenced in the official catalog of the EU.
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105 © 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
© 2015 by NWARE - LE PRINTEMPS DE L’INFRA – 26 MARS 2105
Thanks for your attention
Eric HOHBAUER
Sales Director
06 16 40 31 90 / [email protected]