Adaptive Security Architecure Gartner© By Blue Coat : “ATP LifeCycle”

Slides:



Advertisements
Présentations similaires
What is your connection to the REAL network and why is the REAL Network important to your association? ?
Advertisements

LESSON OBJECTIVES By the end of this lesson, I will be able to:
L’Essentiel sur… La sécurité de la VoIP
Comment Protéger les bases SQL avec System Center Data Protection Manager 2007.
Microsoft Corporation
MY. Which ones which? MON (masculine) p ère MA (feminine) m ère MES (all plurals) parents.
MICROFINANCE ET ASSISTANCE TECHNIQUE
Média Sociaux Pourquoi les entreprises doivent y être.
+ Les Dates Importantes. + Narration en françaisAttention à la forme des dates… Voici mes projets pour la semaine: mercredi le 21 mars, je vais au gymnase.
Boostez la sécurité de votre réseau avec NETASQ Vulnerability Manager
Santé pubic Plan catastrophe Globalisation de léconomie Agenda vert Emissions Phénomène durbanisation Population viellissante Qualité de service Enjeux.
Muriel Bôle– Partner SE
Savoir and connaître both mean to know. They are both irregular verbs. Je ne sais pas!
Intelligence Economique et PME 1. Cest en raison de plusieurs évolutions majeures du contexte économique que le concept dintelligence économique a émergé
IAFACTORY | conseil en architecture de linformation | | |
RE161 IDS : Intrusion Detection System Le trafic habituel qui entre dans votre réseau sert à : Résoudre des requêtes DNS Accéder à des pages web La messagerie.
Office 365: Vue d’ensemble de la solution
INTERNET AND SME’S European Commission (D.G. XXIII) Ministère de l’Economie des Finances et de l’Industrie Conference Centre “Pierre Mendes France” 8-9.
Objectives Revise the numbers Say and ask for the time in French Tell what part of the day it is Ecrivez la date Aujourd’hui c’est _________, le _____.
When do we use numbers? Why are they important? Why is it important to know numbers in French (or any other language)? Can you think of some REAL WORLD.
Core Module 10 Advocacy: Engaging the Public Association des conseils scolaires des écoles publiques de l’Ontario (ACÉPO) Association franco-ontarienne.
Unité 2 La grammaire d’Unité 2. L’accord o One must make agreement from the noun(s) to the verb: - Il coûte… - Elle coûte… - Ils coûtent… - Elles coûtent…
UEO 3: Langue des affaires Semestre 6 Mme. Mountain.
-Utilisation du logiciel Download helper -Utilisation de la vidéo -Utilisation d'un exercice via Hot Potatoes.
Le verbe aller : to go Je vais Tu vas Il/Elle/On va
Transition Unit Personal Information Lesson 1
Learning Objectives: To be able to say what you and other people are going to do using the NEAR FUTURE tense.
Le passé composé The perfect tense Eg: J’ai mangé une pizza I have eaten/ate a pizza.
Le passé composé Review en short.
Objectifs Today we will work on:  Days of the week  Months of the year  Exchanging simple spoken and written information in French Activité  Completez.
Sortie le 30/09/2009 Cible : toutes cibles 550 Copies Plan média : 2,5 M€ bruts Entrées en cours Stop rectoStop Verso TotemAffichette Teaser THE BLAIR.
Les adjectifs possessifs
Depuis Describing how long one has been doing something.
Leçon 4B, la date – de la page 60 jusqu’à la page 63
La mémoire(1): Comment bien travailler
Your team’s name. Préselection file You have just downloaded the preselection file: it’s the first step for you to win the challenge! In this file, you.
Slide 1 of Slide 2 of 35.
Business intelligence
#1-Isn't it strange how a dollar bill seems like such a large amount when you donate it to church, but such a small amount when you go shopping? IT IS.
SORTIR Leçon 8: Tu es sorti? to go out to get out je sors nous sortons
1. Est-ce que Est-ce que, literally translated "is it that," can be placed at the beginning of any affirmative sentence to turn it into a question: Je.
J’ai une question! Objectifs: 1) Poser une question de 3 manières différentes 2) Parler de votre famille.
On conjugue! [Avoir et Etre] It is very important to learn and practise using the conjugations of verbs in French.
Phase d’étudeDéveloppement Marketing & Vente.
EDHEC OPEN INNOVATION 2016 #OpenInno 2016 [Bus. Case title – Company] Company LOGO.
LE PROGRAMME FRANÇAIS. Écouter (Aural) (Listen) Parler Oral (Speak) Lire = (Read) Écrire = Write Les Méthodes Communicatives.
Fiche méthodologique 1: How to understand a text? (Written comprehension) General remarks: 1.It is OK NOT to understand everything…….yes, it is!! 2. You.
Confidentiel SecludIT
Leçon 4C: Le temps Main topic: Talking about the weather.
// 1 FABERNOVEL DATA LAB : UNE JOURNEE POUR ESSAYER, MANIPULER ET COMPRENDRE LE « BIG DATA » ET SON ECOSYSTEME.
Les jours de la semaine.
It’s.  Both C’est and Il est/Elle est can mean it’s.  There are specific times to use each.
ever for This presentation requires PowerPoint XP or later.
Les identités numériques dans un monde connecté Digicloud 2016 – Marrakech Ouadie TALHANI Consultant Senior Sécurité Tél.: +336.
BIG DATA ET CYBER SECURITE Blue Coat Systems DOMINIQUE LOISELET REGIONAL SALES DIRECTOR, FRANCE & FRENCH SPEAKING AFRICA /
1 © 2016 Proofpoint, Inc. Le facteur humain 2016 Points clés Charles Rami SE Manager South EMEA
Mohammed Achour Systems Engineer, Cisco La sécurité au coeur de la transformation digitale.
Merci de remplir le formulaire et de le renvoyer à avant le 16 mai 2016 Please complete and send to
TITLE Business PowerPoint Templates PowerPoint note pad template.
Technology Module.  Technology is the application of knowledge and skills to make goods or to provide services.  It includes the tools and machines.
WINS Windows Internet Name Service. What is WINS?  It does name resolution (?!) DNS resolves IP numbers and FQDN ARP resolves IP numbers and MAC addresses.
Point de départ You are familiar with the class of French verbs whose infinitives end in -er. The infinitives of a second class of French verbs end.
Asking about Days , Months, years, and dates
Point de départ You are familiar with the class of French verbs whose infinitives end in -er. The infinitives of a second class of French verbs end.
M’SILA University Information Communication Sciences and technology
Transcription de la présentation:

Adaptive Security Architecure Gartner© By Blue Coat : “ATP LifeCycle” Fouad Delli, Security Engineer, Fouad.delli@bluecoat.com

Qu’attendent vos clients et vos utilisateurs ? CONFIANCE « Les coûts directs liés à la gestion de crise varient généralement de 5 à 30 M€ par évènement »

La confiance dans quel contexte We all have seen the headlines highlighting the dynamic threat landscape. It has changed from random guys to nation states and organized crime, the attacks are much more targeted. Notes:- Key elements to be mentioned here include Targeted Attacks Changing or dynamic threat landscape In the past it was random now organized crime and nation states.

Modern Tactics & Techniques Post-prevention security gap Nation States Cybercriminals Hactivists Insider-Threats Threat Actors Known Threats Known Malware Known Files Known IPs/URLs Traditional Threats Novel Malware Zero-Day Threats Targeted Attacks Modern Tactics & Techniques Advanced Threats NGFW IDS / IPS Host AV Web Gateway SIEM Email Gateway DLP Web Application Firewall Advanced Threat Protection Content Detection Analytics Context Visibility Analysis Intelligence So, we’ve talked about the threat actors and some of the advanced threats they pose and the attack methods they use. For years we have been trying to stop those threats with the “next new” technologies. We use next generation firewalls, hosted AV, SIEM, email gateways and many other point solutions to detect and block these threats. Unfortunately, they can only prevent what they know to stop and many threats today get by. What we need today is as modern, post-prevention security solution that gives us the context, content, visibility, detection and real-time, evolving intelligence we need to have a fighting chance against today’s threats. Signature-based Defense-in-Depth Tools SSL

La confiance dans queL Contexte ? We all know that the threats we are facing today are nothing like those of the past. Today’s landscape is increasingly dangerous. We can generally point to four primary sources of threats or primary “threat actors”: traditional cyber criminals, hactivists and insider-threats, but we see more and more attacks supported by nation states. All of these threats use a number of methods to attack ranging from DDOS, basic data theft, Zero-Day attacks, advanced malware and more to get to your networks and valuable data. They often use novel attack methods that the industry hasn’t yet seen and that we aren’t prepared for. If we step back and look at where we are today on our security footprint, it’s safe to say that we've attempted to build a very high, pretty robust fortress using a lot of security point products. We’ve all been involved in deploying a new technology that we believe will be the “one tool” to stop and prevent bad things from getting in or good things leaving the network. These are all prevention-based technologies, but at the end of the day we are left with somewhat of a picket fence where the fence may be high and wide, but at the end of the day, there are gaps between the pickets and between these security technologies. These technologies do serve a purpose and are absolutely critical to protect us from known threats. Turn them on, update them, and use them to their fullest capabilities. They can provide some protection against the threats that we know. But to fill the gap within these tools we need solutions that will provide the Context, Visibility and Advanced Threat Protection needed to maintain the Integrity, Availability and Confidentiality of the data that is so critical to our organizations. We need to recognize that today’s threats and attacks will fly under the radar today’s “prevention-only” tools and will compromise our networks. We need to do much more to be prepared.

20-30% of Traffic is Encrypted Most of APTs Operate Over SSL invisible Threats we can’t see… 20-30% of Traffic is Encrypted Visibility of everything crossing our network is paramount if we expect to quickly discover and remediate any threat or security breach. While encryption plays a vital role in protecting our own data and systems, it also hinders visibility and provides a way for attacks to hide and go undetected. We can only address what we know and can see. What we see today is only the tip of the iceberg. Today, upwards of 40% or even more of our network traffic is encrypted over SSL. These sophisticated threats live deep below, outside our traditional view of activity. With the growth of encryption, more targeted attacks operate over SSL to evade discovery by security tools. This will continue to be a significant problem and we can expect more and more threats to that hide below our view. Exposing those hidden threats is key. Most of APTs Operate Over SSL

L’Urgence de la visibilté des Flux SSL Key elements- we cannot ignore this type of traffic as it will be part of every discussion we have in today’s threat protection, because potentially we cannot see it. And It’s growing

Les Challenges Les solutions bloquantes et de préventions sont aujourd’hui insuffisantes pour protéger l’entreprise contre les attaques évoluées La plupart des organisations continuent à investir uniquement sur des stratégies de prévention Les solutions de détection, de prévention et prédictives sont déployées sous forme de silos non intégrés Les solutions de sécurité n’ont pas la visibilité nécessaire pour identifier les attaques ciblées Puisque l’entreprise est continuellement sous attaque, une approche de type « Réponse à Incident » n’est plus adaptée. (Février 2014)

L’approche de la sécurité n’est plus Suffisamment efficace Hours 60% Days 13% weeks 2% Seconds 11% Minutes 13% Months 1% Durée moyenne D’une attaque Months 62% Weeks 12% Minutes 1% Days 11% Hours 9% Years 4% Durée moyenne De la résolution Initial Compromise to Discovery 67% of attacks are discovered by external parties! 84% des attaques prennent des secondes, des minutes ou des heures pour infecter votre entreprise 78% d’entre elles prennent des semaines ou des mois pour être découvertes

How Big is the Gap? 67% of attacks are discovered by external parties! Breaches compromised targets in minutes, hours or days… 67% of attacks are discovered by external parties! Discovered in Days or Less 25% Compromised in Days or Less 90% Who did this to us? How did they do it? What systems & data were affected? Can we be sure it is over? Can it happen again? And then took weeks, months or years to be discovered! Source: Verizon 2014 Data Breach Investigations Report

Les recommandations Assumer que le SI est infecté Passer d’une approche « réponse à incidents » à une stratégie « réponse continuelle » Dépenser moins en prévention mais investir en capacité de détection Intégrer les capacités de prévention, de détection et d’apprentissage Mettre en place un SOC et un CERT capables de communiquer et de monitorer continuellement les attaques avancées Adopter une Architecture de Sécurité Adaptative (Février 2014)

Roles et Activités du cert SOC Security Operation Center and CERT Computer Emergency Response Team : Organisme chargés d’assurer les services de prévention des risques et d’assistance aux traitements incidents. Ces organismes sont des centres d’alerte et de réaction aux attaques informatiques destinées aux entreprises et ou aux administrations. Prévention des attaques a travers des actions de veille et de gestion des vulnerabilities informatiques La gestion de crise apportant l’expertise permettant de comprendre les incidents et réduire leurs impacts (Février 2014)

Gartner: adaptive security architecture for aTP (Février 2014)

Ou vont les budgets ? En 2020, 60% des budgets de sécurité seront dédiés à la détection et à la capacité de répondre aux incidents Contre seulement 10% en 2014 En 2020, 40% des entreprises auront mis en place des technologies de Big Data dédiées à la sécurité Contre seulement 5% en 2014 (Février 2014)

Gartner: adaptive security architecture for aTP (Février 2014)

Architecture en SILOS ? « … Les approches isolées de détection des menaces complexes ou spécialisées sont difficiles à appliquer en raison des informations en corrélation dispersées au sein de l'infrastructure de sécurité … », « … Afin de détecter et de bloquer de telles attaques, les entreprises doivent adopter une approche de sécurité intégrée en reliant les différents centres d'informations sur les menaces au sein de leur infrastructure, afin d'accélérer la détection des anomalies et la résolution des incidents en matière de sécurité… » Phil Hochmuth, responsable du programme de recherche sur la sécurité,IDC

Qu’apporte un leveur d’alerte Protege t’il réellement mon organisation Que savons-nous vraiment La menace est-elle avérée ? Est-elle terminée ? Est-ce le patient Zéro ? Qui nous a attaqué ? Depuis Quand ? Comment ont-ils procédé ? Quels systèmes ont été compromis ? Quelles informations ont été volées ? Comment me protéger ? Sandboxing ? IPS/IDS 16 936 détonations / semaine 3218 semblent réelles 705 sont analysées Source Ponemom Institute Jan 2015 SIEMS

Comment lever les doutes ET prioritiser les analyses Internet Rembobiner le réseau Pour revivre l’événement et le comprendre SIEMS IDS/IPS Bac à Sable Alertes / Suspicions d’attaques

Ou vont les budgets ? 60% En 2020, 60% des budgets de sécurité seront dédiés à la détection et à la capacité de répondre aux incidents Contre seulement 10% en 2014 — Gartner 2014 A recent report from Gartner indicated that 75% of Enterprise IT security budgets will be devoted to rapid response approaches. It’s clear that protecting the organization’s critical digital assets will come by way of swift incident response, not merely blocking what we can already identify.

Une SOLUTIon integree contre les advanced threat defense Block with Certainty Detect Advanced Threats Respond Rapidly Minimize threats on your network. Quickly detect Advanced Persistent Threats for immediate response Capture and analyze all network traffic to gain actionable insight and stop the most dangerous threats

Gartner: adaptive security Architecture par BLUE COAT Flux en Clair ou Chiffrés Contrôler l’accès aux ressources infectées Global Intelligence Network Bloquer les Menaces Connues Alerter sur les suspicions de menaces Inconnues Revivre le passé pour lever les doutes et réagir rapidement

Q & A