Download - McAfee Vision
SENIOR VICE PRESIDENT, ADVANCED TECHNOLOGY AND FIELD ENGINEERING, MCAFEE
MICHAEL FEY
1990–1995
File Infectors (COM and EXE)
Boot infectors
Multi-partite
Batch
W16 viruses
Floppy disks
Local Area Networks
Peer fame / notoriety
Personal challenge
Macro viruses
Web
Windows 95
AV advanced macro heur
Peer fame
Revenge
Boot & floppy threats decline
PWS Trojans emerge
Office 97 introduces tighter macro security
1996–2000
Authors exploit engine/product lifecycle (obfuscation)
Email worms take over
P2P IM
100 million users on Internet
Financial
Floppy disks
Local Area Networks
VBScript and W32 take over, W16 & DOS dry up
Joke PUPs emerge
Threats
Vectors
Influences
Motivation
50M
60M
40M
30M
20M
10M
2007 2008 2009 2010 2011
MALWAREGROWTH
Source: McAfee Labs (2011 and 2016 are estimates)
50M
60M
40M
30M
20M
10M
2007 2008 2009 2010 2011
2007
2008
2009
2010
2011
2016
200M
Source: McAfee Labs (2011 and 2016 are estimates)
McAfee Solution Platform
INFORMATION SECURITY
Email Security
Web Security
Data Loss Prevention
Encryption
SECURITY MANAGEMENT
Security Operations ConsolePolicy Auditing & ManagementVulnerability ManagementRisk Management
Compliance
SIEM
PARTNER COMMUNITY
McAfee Connected
Global Strategic Alliance Partners
Security Innovation Alliance (SIA)
Next Generation Firewall
Intrusion Prevention
Access Control
Network User Behavior Analysis
NETWORK SECURITY
Server & Database Protection
Smartphone and Tablet Protection
Virtual Machine and VDI Protection
On Chip (Silicon-Based) Security
Embedded Device Protection
ENDPOINT SECURITY
Malware Protection
Device Encryption
Application Whitelisting
Desktop Firewall
Device Control
Email Protection
Network Access Control
Endpoint Web Protection
Host Intrusion Protection
McAfee/Intel Initiatives
Next-GenerationEndpoint Security
Security Platform
Beyond the OS
Expanding Global Threat Intelligence (GTI)
ActivateSilicon Features
Power Management
Embedded Encryption
Out of Band Management
Out of Band Recovery
Anti-Theft
SecureEmbedded Devices
Application Whitelisting
Integrity Monitor
Change Control
Device Management
Expanding GTI
CloudSecurity Platform
Identity and Trust Management
Application to Application Security
Expanding GTI
SecureMobile Devices
Hardware Root of Trust
OS Security
App Sandboxing
App Validation
Management
Expanding GTI
DEEPSAFE
STATE OFMACHINE
CONTEXTWHITELISTCLOUD
BLACKLISTDAT
NEXT GEN ENDPOINT PROTECTION ENGINE
Applications
Operating System
Anti-Virus Data Loss Prevention Intrusion Prevention System Firewall
DeepSAFE
Central Processing Unit
Input/Output Memory Disk Network Display
Applications
Operating System
Anti-Virus Data Loss Prevention Intrusion Prevention System Firewall
DeepSAFE
Central Processing Unit
Input/Output Memory Disk Network Display
DeepSAFE
CRITICAL SYSTEM RESOURCES
Memory I/O DisplayDisk Network
APPLICATION SPACE
DeepSAFE
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory I/O DisplayDisk Network
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
XXXXX
DEEPSAFE
STATE OFMACHINE
CONTEXTWHITELISTCLOUD
BLACKLISTDAT
DEEPSAFE
STATE OFMACHINE
CONTEXTWHITELIST
CLOUDBLACKLIST
DAT
SECURECONTAINER
TRUST CONTENT
BOOTDAT
EXPLOIT SEEKER
PROCESS PROFILER
GTI
NEXT GEN ENDPOINT PROTECTION ENGINE
SERVERSPC
LAPTOP
DATABASE
USB
SMART PHONE
ROUTING/SWITCHING
CLOUD
INFRASTRUCTURE
SAN
VOIP
TABLET
EMBEDDEDDEVICES
WIRELESS
APPS
THE EXPANDING ATTACK SURFACE
SERVERS
LAPTOP
DATABASE
USB
SMART PHONE
ROUTING/SWITCHING
CLOUD
INFRASTRUCTURE
SAN
VOIP
TABLET
EMBEDDEDDEVICES
WIRELESS
APPS
THE EXPANDING ATTACK SURFACE
USB
VIRTUAL
WEB
PC LAPTOP
SERVERS
LAPTOP
DATABASE
USB
SMART PHONE
ROUTING/SWITCHING
CLOUD
INFRASTRUCTURE
SAN
VOIP
TABLET
EMBEDDEDDEVICES
WIRELESS
APPS
THE EXPANDING ATTACK SURFACE
SERVERSSERVERS
VOIP
DATABASE
SAN
DNS
WEB
HR
SharePoint
FINANCE
LEGAL
AD/LDAP
DHCP
PC
SERVERS
LAPTOP
DATABASE
USB
SMART PHONE
ROUTING/SWITCHING
CLOUD
INFRASTRUCTURE
SAN
VOIP
TABLET
EMBEDDEDDEVICES
WIRELESS
APPS
PC
THE EXPANDING ATTACK SURFACE
EMBEDDEDDEVICES
POS
ATM
MEDICAL DEVICES
SCADA
PRINTERS
PCSERVERS
LAPTOP
DATABASE
USB
SMART PHONE
ROUTING/SWITCHING
CLOUD
INFRASTRUCTURE
SAN
VOIP
TABLET
EMBEDDEDDEVICES
WIRELESS
APPS
THE EXPANDING ATTACK SURFACE
ROUTING/SWITCHING
WIRELESS
CLOUD
FIREWALLS
DATA CENTERS
VDI
INFRASTRUCTURE
THE EXPANDING ATTACK SURFACE
SMART PHONE
TABLET
APPS
SOCIAL NETWORKING
BYOPC
GTI
Network IPS
300M IPS attacks/mo.
Firewall
300M IPS attacks/mo.
Web Gateway
2B Botnet C&C IP
Reputation queries/mo.
Mail Gateway
20B Message Reputation queries/mo.
Host AV
2.5B Malware Reputation queries/mo.
Host IPS
300M IPS attacks/mo.
3rd Party Feed
Geo Location Feeds
UR
L
GTI
Network IPS
300M IPS attacks/mo.
Firewall
300M IPS attacks/mo.
Web Gateway
2B Botnet C&C IP
Reputation queries/mo.
Mail Gateway
20B Message Reputation queries/mo.
Host AV
2.5B Malware Reputation queries/mo.
Host IPS
300M IPS attacks/mo.
3rd Party Feed
Geo Location Feeds
GTI
GTI
COUNTERMEASURE COMMAND AND CONTROL
GTI
Enterprise
Additional Threat FeedsRelative DefenseBehavior-based Intelligence Private Zones and Policies
NEXT GEN GTI PROXY
GTI
GTI
CLOUD PROTECTION
Data Loss Prevention
Services Gateway
EmailGateway
Cloud Identity Gateway
WebGateway
Data Loss Prevention
Services Gateway
EmailGateway
Cloud Identity Gateway
WebGateway
RESPOND
Oct 17 10:00:26, Src 66.55.23.4, s_port 4523, dst 192.168.46.15, service smtp, proto tcp, xlatesrc
Oct 17 10:00:27, Application=smtp, Event='Email Status', [email protected], size=25140, source=(66.55.23.4), reputation=49, tls=1
10/17/2011 10:02:52 PM, Deleted (detection isn't cleanable), W7MANG\host35 C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\4.1\vmware-vmrc.exe, C:\Users\brogers\Desktop\455_23_setup.exe Generic.dx!bbfq
10/17/2011 10:00:27, TRAFFIC, end, 66.55.23.4, 192.168.46.15, Monitor SPAN Port, Tap Zone, ethernet1/12, 83752, 1, 59404, 25, tcp, allow, any
Oct 17 10:00:26, Src 66.55.23.4, s_port 4523, dst 192.168.46.15, service smtp, proto tcp, xlatesrc
Oct 17 10:00:27, Application=smtp, Event='Email Status', [email protected], size=25140, source=(66.55.23.4), reputation=49, tls=1
10/17/2011 10:00:27, TRAFFIC, end, 66.55.23.4, 192.168.46.15, Monitor SPAN Port, Tap Zone, ethernet1/12, 83752, 1, 59404, 25, tcp, allow, any
10/17/2011 10:02:52 PM, Deleted (detection isn't cleanable), W7MANG\host35 C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\4.1\vmware-vmrc.exe, C:\Users\brogers\Desktop\455_23_setup.exe Generic.dx!bbfq
Correlation Engine
11 001 100 010011 100 10010001 100110 11 1
100 110100110 10 110 100 1001 100110 100 001111010011 11 100
SIEM
EVENT LOG AUDIT/COMP.
CONTEXT
CONTENT
ThreatIntelligence Real-Time
Command & Control
High Performance
Database
COUNTER MEASURES
SITUATIONAL AWARENESS AND RESPONSE
REAL-TIME RISK ANALYSIS
Info
Minor
Warning
Major
Critical User Has Administrator PrivilegesAccess
Privileges
System Has Endpoint Security Controls (AV, FW, Hips)Destination
Reputation
Requestor Coming From a Suspicious LocationSource
Reputation
System Has Vulnerabilities;System Is Finance Database
Context
Payload Is Extract of Sensitive Financial Data
Content
MCAFEE SIEM DASHBOARD
OPTION 1
Real-Time Risk Analysis
Info Minor Warning Major Critical
User Has Administrator
Privileges
AccessPrivileges
System Has Endpoint Security
Controls (AV, FW, Hips)
DestinationReputation
Requestor Coming from a
Suspicious Location
SourceReputation
System Has Vulnerabilities;
System Is Finance
Database
Context
Payload Is Extract of Sensitive Financial
Data
Content
McAfee SIEM Dashboard
OPTION 2
OPTIMIZED SECURITY DELIVERING BUSINESS VALUE
McAfee Approach:• GTI-powered intelligence in depth
• Centralized management platform
• Extensible architecture
• Broadest set of technologies
• Flexible delivery options
McAfee Delivers: • Lower operational costs
• Enhanced overall security posture
• Partnership with #1 name in Security
McAfee Security Connected
