hussam abu-rida threat defens… · connected threat defense: better, faster protection. respond....

w w w . m e n a i s c . c o m

Connected Threat Defense

HUSSAM ABU-RIDATECHNICAL LEAD

TREND MICRO

It was already difficult to securethe enterprise five years ago…

3

The modern workplace has noboundaries

On-premise or perimeter defenses aren’t enough

85%HAVE A MULTI-CLOUD STRATEGY

80%OF WORKLOADS ARE VIRTUALIZED

95%RUNNING APPS OR EXPERIMENTING WITH INFRASTRUCTURE AS A SERVICE

5

The threat landscape is

evolving

Ransomware

Macro Malware

Point of SaleRAM Scrapers

Targeted Attacks

Flash Exploits

Difficult to get visibilityacross the

environment

Many points of entry to protect

Risk Management Requires Layered Protection

Servers

Protect server workloads wherever

they may be -- physical, virtual or cloud

Networks

Risk Management Requires Layered Protection

Servers

Detect and block threats hitting the data center and

user environments, maximizing efficiency

Users

Networks

Risk Management Requires Layered Protection

Protect user activities anywhere on any device reducing initial point of

infection Need for connected threat defense and centralized visibility

increases

Servers

Connected Threat Defense: Better, Faster Protection

Gain centralized visibility across the system, and

analyze and assess impact of threats

Enable rapid response through shared threat

intelligence and delivery of real-time security

updates

Detect advanced malware, behavior and communications invisible to standard defenses

Assess potential vulnerabilities and proactively protect endpoints, servers and applications

PROTECT

DETECT

RESPOND

Connected Threat Defense: Better, Faster Protection

PROTECT

DETECT

RESPOND

Connected Threat Defense: Better, Faster Protection

PROTECTAnti-Malware and Content Filtering

Intrusion Prevention

App Control

Integrity Monitoring

Encryption and Data Loss Prevention

Connected Threat Defense: Better, Faster Protection

DETECT

PROTECT

RESPONDRESPOND PROTECT

Connected Threat Defense: Better, Faster Protection

DETECT

“The traditional defense-in-depth components are still necessary, but are no longer sufficient in protecting against advanced targeted attacks and advanced malware.”

Network Content Inspection

Custom Sandbox Analysis

Behavioral Analysis

Machine Learning

Lateral Movement Detection

DETECT

PROTECT

Connected Threat Defense: Better, Faster Protection

RESPOND

DETECT

PROTECT

Connected Threat Defense: Better, Faster Protection

RESPOND 1. Malware infects an endpoint

2. Deep Discovery detects malware

3. Real-time signature pushed to endpoints (logging or blocking)

4. Endpoint Sensor can investigate whether threat had spread

RAPID RESPONSE

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

CUSTOM SANDBOX

OfficeScan URL, File, IPEndpoint Sensor IOC, SHA, IP, DomainOfficeScan ActionEndpoint Sensor

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

CUSTOM SANDBOX

ScanMail for Exchange SHA-1InterScan Mail Security

SHA, IP, DomainScanMail for Exchange Risk Level InterScan Mail Security

Risk Level

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

WEBGATEWAY

CUSTOM SANDBOX

InterScan Web Security

URL, File, IPInterScan Web Security

Action

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

WEBGATEWAY

CUSTOM SANDBOX

HYBRID CLOUDSECURITY

Deep Security URL, FileDeep Security Action

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

WEBGATEWAY

CUSTOM SANDBOX

HYBRID CLOUDSECURITY

TippingPoint IPS URL, File, IP, Domain

INTRUSION PREVENTION

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

WEBGATEWAY

CUSTOM SANDBOX

HYBRID CLOUDSECURITY

Control Manager URL, File, IP,Domain, SHA

INTRUSION PREVENTION

Connected Threat Defense: Better, Faster Protection

RESPOND

CENTRALIZED THREAT SHARING AND VISIBILITY

ENDPOINT PROTECTION

MAILSECURITY

WEBGATEWAY

CUSTOM SANDBOX

HYBRID CLOUDSECURITY

INTRUSION PREVENTION

Connected Threat Defense: Better, Faster Protection

RESPONDThreat Information can be shared with third party applications such as SIEMs, Firewalls, IPS and other applications via Web API

THIRD PARTY SHARING

CUSTOM SANDBOX

NETWORKDETECTION

NEXT GENFIREWALL

SIEM NETWORK IPSIBM Qradar

HP ArcsightSplunkAlienVault

IBMCheck PointPalo Alto NetworksBlue Coat

API

WEB API

DETECT

PROTECT

Connected Threat Defense: Better, Faster Protection

RESPOND

DETECT

RESPOND PROTECT

Connected Threat Defense: Better, Faster ProtectionUser-based visibility,

investigation and management

Strong Central VisibilitySingle dashboard with visibility across

layers of protection

w w w . m e n a i s c . c o m

CONNECTED THREAT DEFENSE

Questions?

HUSSAM ABU-RIDATECHNICAL LEADTREND MICRO