1 / 17

The Threat Within

The Threat Within. September 2004. Agenda. Customer Pain Industry Solutions Network Behavior Enforcement Example Successes Q&A. Insider Threats Are Growing. US CERT study of cyber crimes in Financial Services: 78 percent of events caused by insiders Gartner:

naasir
Download Presentation

The Threat Within

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Threat Within September 2004

  2. Agenda • Customer Pain • Industry Solutions • Network Behavior Enforcement • Example Successes • Q&A

  3. Insider Threats Are Growing • US CERT study of cyber crimes in Financial Services: • 78 percent of events caused by insiders • Gartner: • Insiders responsible for 70 percent of security incidents that cause loss • Network boundaries are disappearing

  4. Perimeter Defenses Leave External Security Holes • Signature based systems are limited • Sophisticated attackers • Historical view • 65% of all security incidents are the result of mis-configuration (Gartner) • Worms fast moving threats continue to plague enterprises

  5. Policy And Compliance • Policy compliance • Example: IM, P2P usage • Security exposure • Legal exposure • Wastage • Industry regulation • SOX • HIPAA • GLB • etc, etc

  6. Enforcement Domain Is Becoming Distributed Tomorrow: Distributed Enforcement Today: Perimeter Enforcement • Blurred network boundaries, internal concerns demand distributed enforcement • IPS Functions being built into many products • Firewalls, Switches, Routers, OS

  7. Enterprise-wide Threat Analysis, Detection And Response Needed Today: Perimeter Enforcement

  8. An Analogy: Airport Security Surveillance Enforcement • Check rules • Block Total Security • Check behavior • Block

  9. Profiles network behavior of systems, applications Analyzes network flows Models behavior Identifies anomalies External threats: Worms, Trojans, DOS Internal threats: Insider attacks, stealthy scans Policy violation: P2P, IM, network misuse Compliance violation: HIPAA Identifies corrective measures Real-time and historical view Months of network activity stored Application level details and data capture Comprehensive search mechanisms TAKE ACTION! Network Surveillance And Behavior Enforcement

  10. Addressing Internal And External Risks Stealthy activity Worm activity

  11. Increasing Operational Efficiency • Rapid time-to-resolve • Instant access to activity database ensures rapid event resolution without additional staff • Complete audit of network activity - no transaction is lost • Instant real-time access to terabytes of data - very granular • Ability to pivot data on demand ensures rapid identification of problem source • Network, protocol, ports and application views of data • Local, remote and geographic views of data • Threat views • Problem easily isolated to specific machines, network segments • Security event data integration • Hierarchical multi-user and role-based access

  12. Behavioral Enforcement addresses key provisions of the Security Rule Example Compliance: HIPAA

  13. Q1 Labs Solution:Real-time Anomaly Detection And Resolution

  14. Borgess Case Study • 140 sites of care • 65 satellite clinics • 3500 hosts • 100 applications • Environment: • Main frame • AS400 • Unix • Windows • Linux

  15. Borgess And QRadar Success Story • Before QRadar: May 2003, Lovegate infection • Over 2000 hosts were infected • Clean-up took several weeks • There were significant service disruptions • After QRadar:May 2004, MyDoom infection • Three hosts were infected • Clean-up took 1 hour • QRadar also used to identify policy violations • Cleartext passwords • QRadar key element of HIPAA compliance

  16. Summary • Security gaps persist • Internal threats • External threats • policy and compliance enforcement • Industry is reshaping to address gaps • A new security architecture emerges • Behavior analytics and enforcement is at the core • QRadar is a leading behavioral enforcement platform • Analytics • Surveillance • Enforcement

  17. Thank You! Brendan Hannigan EVP Marketing And Product Development Q1 Labs

More Related