Intelligent Security through Security Connected Platform Security Connected Platform Anthony Wai, Regional Sales Engineering Director Regional Sales Engineering Director – North Asia
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Intelligent Security through Security Connected PlatformSecurity Connected Platform
Anthony Wai,Regional Sales Engineering DirectorRegional Sales Engineering Director –North Asia
Legal InformationINFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S
Legal Information
TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE MERCHANTABILITY OR INFRINGEMENT OF ANYTO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice.All d d d fi ifi d li i b d i d bjAll products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata arewhich may cause the product to deviate from published specifications. Current characterized errata are available on request.Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Oth d b d b l i d th t f th
2
*Other names and brands may be claimed as the property of others.Copyright © 2010 Intel Corporation.
Intel Innovation
Moore’s Law Technology Innovations
Unquestioned Architecture and Semiconductor Leadership• Microprocessor Architecture• DRAMDRAM• High-k/Metal Gate• 22nm 3D Tri-gate Transistors• and more…
Market-Making Platforms and Technologies
“The number of transistors incorporated in a chip will approximately double
24 th ”every 24 months”– Gordon Moore, Intel co-founder
MMX Centrino Intel VT-x
Why Did Intel Choose McAfee?y
Broad IndustryPartner Ecosystem
BroadSolutions Portfolio
McAfee Labs andGTI (Cloud)
World ClassManagement
Platform
Security is fundamental to computingy p g
We cannot go back to a worldwithout computing anymore thanwithout computing anymore thanwe can go back to a world without
electricity…electricity…
…Making computing secure is essential to live up to all that
ti h t ffcomputing has to offer…
Security Defense must now: Go Deep Go WideSecurity Defense must now: Go Deep, Go Wide, Be Connected and Aware
Advancing toward a worry-free computing experiencep
ANTI-MALWARE
IDENTITY
DATA
RECOVERY
Advancing toward a more worry free computing experienceexperience
RecoveryAnti‐Malware IdentityData
Costs growingProductivity impacts
ProliferationSophistication
Losses growingGrowing password lists
Data theftLaptop theft
Helping to get you back in Advancing to where Driving towards Helping Data and action even after attack
by malwareMalware finds
nowhere to run or hidekeeping your identity
safe and trustedassets stay where they
belong
Architecting for the Futureg
Protect the OS Before it StartsProblem with traditional approach to stealth malware (rootkit) protection:Problem with traditional approach to stealth malware (rootkit) protection:
–– TraditionallyTraditionally, all security solutions run within the , all security solutions run within the OS to OS to provide provide protection andprotection andyy, y, y pp ppdo not see rootkit kernel do not see rootkit kernel accessaccess
–– Kernel Kernel rootkits can be especially difficult to detect and remove because they rootkits can be especially difficult to detect and remove because they p y yp y yoperate at the operate at the same security level as the OS and can intercept or subvert the same security level as the OS and can intercept or subvert the most trusted OS operationmost trusted OS operation
–– If If the operating system has been subverted, the operating system has been subverted, it it cannot be trusted to find cannot be trusted to find unauthorized modifications to itself or its unauthorized modifications to itself or its componentscomponents
–– Current Current security solutions only protect against known stealth techniques (i.e. security solutions only protect against known stealth techniques (i.e. rootkits) after they have been installed and secretly been stealing rootkits) after they have been installed and secretly been stealing datadata
–– Even if Even if you realise you are infected, manual you realise you are infected, manual repair may repair may not practical so renot practical so re--installation is a common, safer and faster remediationinstallation is a common, safer and faster remediation9
McAfee Deep DefenderEndpoint Security Beyond the Operating System p y y p g y
GTI
Deeper level of protection beyond the OS
Stop kernel mode rootkits in real-time before they install and launch hidden malware
Protection from previously hidden threats beyond the OS for enhanced security
Managed by ePO
Protect the OS Before it Starts
January 2013 AVJanuary 2013 AV--TEST Proactive Rootkit Comparison TestTEST Proactive Rootkit Comparison Test
11
Intel AES-NI and McAfee Endpoint Encryption for PCs (EEPC)p yp ( )
Intel® AES New Instructions (AES-NI) + McAfee• McAfee EEPC V6.1 is the first
encryption technology to support AES NI t h l
Intel AES New Instructions (AES-NI) + McAfee EEPC accelerates encryption operations
AES-NI technology
• AES-NI is AES hardware crypto acceleration included in the newacceleration included in the new Intel Core i5 & i7 processors
• Purpose Built Encryption Engine
Accelerate Encryption Operations
Whole-disk Encryption
File Storage Encryption
• Purpose-Built Encryption Engine Accelerates Encryption Operations By Up To 3.5x
McAfee Anti-Theft SolutionWith Intel Anti-theft Technologygy
Ul b k™ McAfee Anti-Theft solution for Ultrabook
•Uses Intel Anti Theft Technology with security built into the hardware
Ultrabook™Inspired by Intel - Ultra responsive - Ultra sleek
into the hardware
•Locks the device if lost or stolen
•Locates the device and recovers data if connected
•Data wipe and encryption
•Capability survives HDD/BIOS wipe
Securing Mobile DevicesMcAfee Mobile Securityy
Protection PrivacyProtectionInvesting in research, app intelligencePerformance
Privacy SMS/call blocking, App Alert
Partner EnablementEfficient use of battery, user experience On-device transaction, in-app upgrades
McAfee ePO Deep CommandSecurity Management Beyond the OSSecurity Management Beyond the OS
ePO Agent
•• Utilizes Intel Utilizes Intel vProvPro technology (AMT)technology (AMT)•• Local and remote AMT connectionsLocal and remote AMT connections
gHandler
McAfee SecurityMcAfee SecurityMcAfee SecurityMcAfee Security
AppsAppsAppsApps
•• Local and remote AMT connectionsLocal and remote AMT connections•• Permits remote assistance, policy control, Permits remote assistance, policy control,
and remediationand remediationePOePO class scalabilitclass scalabilit
Intel vProIntel vProPPIntel vProIntel vProPP
PrePre--bootbootPrePre--bootboot
OSOSOSOS
McAfee AgentMcAfee AgentMcAfee AgentMcAfee Agent •• ePOePO--class scalabilityclass scalability•• ValueValue
–– Reduce Cost of Security OperationsReduce Cost of Security Operationsd l AMT f bd l AMT f bProcessorProcessorProcessorProcessor and securely expose AMT for use byand securely expose AMT for use by
point productspoint products
What is a “Real Time” Speed MultiplierSpeed Multiplier Architecture?
The Necessary Evolution – Moving to Real-Timey g
INSTANT VISIBILITY = INSTANT RESPONSE: ENTERPRISE WIDEINSTANT VISIBILITY = INSTANT RESPONSE: ENTERPRISE WIDE
SecuritySecurityVisibility and Visibility and DetectionDetection ResponseResponse
Security Security Management Management and Reportingand Reporting
POWER OF REAL TIME INFORMATION
17
HOW DOES THIS WORK?
How many systems are How many systems are i Ab b A b t 8 ?i Ab b A b t 8 ?running Abobe Acrobat 8.x?running Abobe Acrobat 8.x?
How many systems are How many systems are running processes running processes connected to external IPconnected to external IPconnected to external IP connected to external IP addresses?addresses?
Capabilityp y
R lR l TiTiRealReal--Time Time Product StatusProduct Status
Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content
RealReal--Time Time Risk AnalysisRisk Analysis
Enhancing Enhancing McAfee McAfee
SolutionsSolutions
20
Capabilityp y
R lR l TiTiRealReal--Time Time Product StatusProduct Status
Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content Forensic Discovery Forensic Discovery
Across Enterprise Across Enterprise RealReal--Time Time
Risk AnalysisRisk Analysis
ppin Seconds in Seconds or Minutesor Minutes
Enhancing Enhancing McAfee McAfee
SolutionsSolutionsResponseResponse
21
Capabilityp y
R lR l TiTiRealReal--Time Time Product StatusProduct Status
Rapid Deployment of Rapid Deployment of Software and ContentSoftware and Content Forensic Discovery Forensic Discovery
Across Enterprise Across Enterprise Continuous Check Continuous Check
for Key Configuration for Key Configuration RealReal--Time Time
Risk AnalysisRisk Analysis
ppin Seconds in Seconds or Minutesor Minutes
y gy gSettings and Settings and System StateSystem State
Enhancing Enhancing McAfee McAfee
SolutionsSolutionsResponseResponse
Security Security Management Management and Reportingand Reportinggg
22
ePO Speed Multiplier - Queries you can askp p y
Get Installed Applications contains * from all machinespp
Get OS from all machines
Who is logged in and running a particular process?Who is logged in and running a particular process?
What are the hashes of files that are connecting to a known bad IP address?
Get McAfee File reputation from all machines
Get McAfee HIPS Status from all machinesGet McAfee HIPS Status from all machines
Get Open Port[80] from all machines
G t t bli h d ti t t l IP
23
Get established connections to external IP
Select the Question
24
Actions you can takey
Stop and start processes or services
Add or delete files
Read or modify registry keysy g y y
Install, patch, update, or remove applications
Anything else you can think of that you can accomplishAnything else you can think of that you can accomplish on a command line or shell!
25
Example: Take Action!p
26
What is aWhat is a “Security Connected” A hit t ?Architecture?
Share Information to Enable Intelligent ResponsesShare Information to Enable Intelligent Responses
INTEGRATION & DATA EXCHANGEINTEGRATION & DATA EXCHANGE
Web GatewayWeb GatewayIdentity ManagementIdentity Management
Mail GatewayMail Gateway
EncryptionEncryptionDatabase SecurityDatabase Security
Network FirewallNetwork FirewallApp & Change ControlApp & Change Control
IPSIPS
AntiAnti--MalwareMalware
Vulnerability ManagementVulnerability Management
App & Change ControlApp & Change Control
Access ControlAccess Control
VirtualizationVirtualizationData ProtectionData Protection
SECURITY MANAGEMENTSECURITY MANAGEMENT
HIPSHIPSThreat AnalysisThreat AnalysisMobile SecurityMobile Security
VirtualizationVirtualization
SIA / Third PartySIA / Third Party
28
McAfee Advanced Threat DefenseUnique and Differentiated Advanced Malware SolutionU que a d e e a ed d a ced a a e So u o
Global Threat Intelligence
DETECT
SWF
ANALYZE HEAL
Automated Host SWF
WINDOWS EXE
Cleaning(ePO)
Malware Fingerprint Query
Efficient AV Signatures
GTI ReputationMS OFFICE DOCUMENTS
JPEG
MORE Real-Time Analysis and
y(Real Time ePO)
Instant File Access Control
GTI Reputation
Static Code Analysis
Target-Specific Sandboxing
MORE yReports
Blacklist and
Access Control
NSP
GatewaysMcAfeeMcAfeeSignature
UpdateGTIAdvantagesAdvantages ePO
Global Threat IntelligenceGlobal Threat IntelligenceWh t it t k t k i ti fWh t it t k t k i ti fWhat it takes to make your organization safeWhat it takes to make your organization safe
2. GTI cross-correlates across threat databases and renders a response
1. GTI-enabled products query the 3. GTI replies with a reputation score and p q yGlobal Threat Intelligence cloud
p pthe product takes policy-based action
Security Connected Platform (SCP)y ( )
THREAT DATA
Global Threat Intelligence(GTI)
Local Threat Intelligence(LTI)
Third Party(Vertical, Geo, Behavior)
ANALYTICS McAfee SIEM, Identity, Forensics,Risk Analysis, Behavior Analysis
DeepSecurity
NetworkSecurity
EndpointSecurity
CloudSecurity
ACTIONABLESITUATIONALAWARENESS & REDUCED TCO
COUNTER-MEASURECOMMAND &
CONTROL • Anti-malware• HIPS
Encryption
• App and Change Control• Mobile Security
IPS
• Mail Gateway• Web Gateway
Vulnerability Management
yy y
Security Innovation
Alliance
SECURITYMANAGEMENT
• Encryption• Desktop Firewall• Database Security
• IPS• Network Firewall• Access Control
• Vulnerability Management• Identity Management• DLP
ePO + SIEM + Network PolicyMANAGEMENT
DATA LAYER
ePO + SIEM + Network Policy
ePO + SIEM
Hardware-Enhanced Security
I t lli t S it th hIntelligent Security throughSecurity Connect Platform
IT Forces Impacting SecurityDATA CENTER DATA CENTER
TRANSFORMATIONTRANSFORMATION
SITUATIONAL SITUATIONAL AWARENESSAWARENESS
NEXT GENERATION NEXT GENERATION NETWORKNETWORK
COMPREHENSIVE COMPREHENSIVE MALWARE PROTECTIONMALWARE PROTECTION
NEXT GENERATION NEXT GENERATION ENDPOINTENDPOINT
WEB ANDWEB ANDIDENTITYIDENTITYIDENTITYIDENTITY
Inherent ComplexityVirtualizationVirtualization
Real Time VisibilityReal Time VisibilityContinuous MonitoringContinuous Monitoring
DATA CENTER DATA CENTER TRANSFORMATIONTRANSFORMATION
EncryptionEncryption
CloudCloud Servers / Servers / NetworksNetworks
Database Database SecuritySecurity Compliance ReportingCompliance Reporting
Exploding DataExploding Data SITUATIONAL SITUATIONAL AWARENESSAWARENESS
Identity and Identity and Access ControlAccess Control
Data ProtectionData ProtectionData LossData LossPreventionPrevention
NEXT GENERATION NEXT GENERATION NETWORKNETWORK
Next Next Gen IPSGen IPSBYOD / MobileBYOD / Mobile Enable the WorkforceEnable the Workforce
IdentityIdentityApp ProtectionApp ProtectionIntelligenceIntelligence--DrivenDrivenResponseResponse
Counter Stealth AttacksCounter Stealth Attacks
Social MediaSocial MediaProtectionProtection
Web Web ProtectionProtectionProtect DevicesProtect Devices
ReportingReportingProtect IPProtect IP
Protect CriticalProtect CriticalInfrastructuresInfrastructures
Achieve CyberAchieve CyberReadinessReadiness COMPREHENSIVE COMPREHENSIVE
MALWARE PROTECTIONMALWARE PROTECTIONNEXT GENERATION NEXT GENERATION
ENDPOINTENDPOINT
WEB ANDWEB ANDIDENTITYIDENTITY
EmailEmailProtectionProtection Identity ProtectionIdentity Protection
OS Protection (Legacy,OS Protection (Legacy,Win 7/8, Android, Mac)Win 7/8, Android, Mac)
Targeted AttacksTargeted Attacks
IDENTITYIDENTITY
Increasing Complexity and Security NeedsVirtualizationVirtualization
Real Time VisibilityReal Time VisibilityContinuous MonitoringContinuous MonitoringDATA CENTER DATA CENTER
TRANSFORMATIONTRANSFORMATIONNEW / CHANGING NEW / CHANGING BUSINESS DEMANDSBUSINESS DEMANDSREQUIRE SECURITYREQUIRE SECURITY
EncryptionEncryption
CloudCloud Servers / Servers / NetworksNetworks
Database Database SecuritySecurity Compliance ReportingCompliance Reporting
Exploding DataExploding Data SITUATIONAL SITUATIONAL AWARENESSAWARENESS
LIMITED OR LIMITED OR Identity and Identity and Access ControlAccess Control
Data ProtectionData ProtectionData LossData LossProtectionProtection
NEXT GENERATION NEXT GENERATION NETWORKNETWORKTrythis@mc
af33UNTRAINED UNTRAINED RESOURCESRESOURCES
Next Next Gen IPSGen IPSBYOD / MobileBYOD / Mobile Enable the WorkforceEnable the Workforce
IdentityIdentityApp ProtectionApp ProtectionIntelligenceIntelligence--DrivenDrivenResponseResponse
Counter Stealth AttacksCounter Stealth Attacksaf33
COST OF COST OF TECHNOLOGYTECHNOLOGY
Social MediaSocial MediaProtectionProtection
Web Web ProtectionProtectionProtect DevicesProtect Devices
ReportingReportingProtect IPProtect IP
Protect CriticalProtect CriticalInfrastructuresInfrastructures
Achieve CyberAchieve CyberReadinessReadiness COMPREHENSIVE COMPREHENSIVE
MALWARE PROTECTIONMALWARE PROTECTIONNEXT GENERATION NEXT GENERATION
ENDPOINTENDPOINT
WEB ANDWEB ANDIDENTITYIDENTITY
NEWNEWCOMPLIANCE COMPLIANCE &&
EmailEmailProtectionProtection Identity ProtectionIdentity Protection
OS Protection (Legacy,OS Protection (Legacy,Win 7/8, Android, Mac)Win 7/8, Android, Mac)
Targeted AttacksTargeted Attacks
IDENTITYIDENTITYREPORTING REPORTING REQUIREMENTSREQUIREMENTS
The Security Dilemma…
DefenseDefenseInInInIn
DepthDepth
Security ConnectedDelivering an Optimized Security Capability
INTEGRATED & REAL TIME SITUATIONALINTELLIGENT
SOLUTIONSSITUATIONAL
AWARENESS & RESPONSE
1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 10 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1
Optimization Adds Value Within Business Constraints
DATA CENTER DATA CENTER TRANSFORMATIONTRANSFORMATION
•• HW HW & & SW SW licensing & licensing & maint. maint. costscosts
IMPROVE BUDGET IMPROVE BUDGET LEVERAGE LEVERAGE BY BY REDUCING:REDUCING:
SITUATIONAL SITUATIONAL AWARENESSAWARENESS
•• System downtimeSystem downtime
IMPROVED USE OF IMPROVED USE OF RESOURCES BY REDUCING:RESOURCES BY REDUCING:
NEXT GENERATION NEXT GENERATION NETWORKNETWORK
•• Incident management issuesIncident management issues•• Help desk callsHelp desk calls
RESPOND RESPOND AND DEMONSTRATEAND DEMONSTRATEBUSINESS AGILITY BUSINESS AGILITY BY REDUCINGBY REDUCING::•• Patch & remediation cyclesPatch & remediation cycles•• Security data Security data report analysisreport analysis
COMPREHENSIVE COMPREHENSIVE MALWARE PROTECTIONMALWARE PROTECTION
NEXT GENERATION NEXT GENERATION ENDPOINTENDPOINT
WEB ANDWEB ANDIDENTITYIDENTITY
DELIVER PROACTIVEDELIVER PROACTIVECOMPLIANCE COMPLIANCE BY REDUCINGBY REDUCING::
•• Forensic analysisForensic analysis & response& response IDENTITYIDENTITY•• Forensic analysis Forensic analysis & response& response•• Audit Audit & compliance & compliance time & effort time & effort
Security Connected Platform Vision
Related Documents
