mcafee vision

Download McAfee Vision

If you can't read please download the document

Post on 02-Nov-2014




4 download

Embed Size (px)


Michael Fey, Senior Vice President, Advanced Technology and Field Engineering, McAfee



2. 1990199519962000File Infectors Multi-partite Macro viruses VBScript and W32 take Autho(COM and EXE)over, W16 & DOS dry upproduThreatsBoot infectorsBatch Joke PUPs emerge Boot & floppy threats declineEmail worm take over W16 viruses PWS Trojans emerge Floppy disksEmail P2PLocal Area NetworksWebVectors Floppy disks AV advancedmacro heur Local Area Networks Windows 95100 millionInfluences on InternetOffice 97 introducestighter macro security Peer fame / Peer fame notoriety Personal challengeRevenge FinancialMotivation 3. MALWAREGROWTH2007 2008 2009 20102011 Source: McAfee Labs (2011 and 2016 are estimates) 4. 200720082009201020112016 2007 2008 2009 20102011Source: McAfee Labs (2011 and 2016 are estimates) 5. McAfee Solution PlatformNETWORK SECURITY ENDPOINT SECURITYNext Generation FirewallMalware ProtectionIntrusion PreventionDevice EncryptionAccess ControlApplication WhitelistingNetwork User Behavior AnalysisDesktop FirewallDevice ControlEmail ProtectionNetwork Access ControlINFORMATION SECURITYEndpoint Web ProtectionEmail SecurityHost Intrusion ProtectionWeb SecurityData Loss PreventionServer & Database ProtectionEncryptionOn Chip (Silicon-Based) SecuritySmartphone and Tablet ProtectionVirtual Machine and VDI ProtectionSECURITY MANAGEMENT Embedded Device ProtectionSecurity Operations ConsolePolicy Auditing & Management PARTNER COMMUNITYVulnerability ManagementRisk Management Security Innovation Alliance (SIA)ComplianceMcAfee ConnectedSIEMGlobal Strategic Alliance Partners 6. McAfee/Intel Initiatives Next-GenerationSecure SecureCloud ActivateEndpoint Security Embedded DevicesMobile DevicesSecurity Platform Silicon Features Security PlatformApplication Whitelisting Hardware Root of TrustIdentity and TrustPower Management Integrity MonitorOS SecurityManagementBeyond the OS Embedded Encryption Change Control App SandboxingApplication to ApplicationExpanding Global ThreatOut of Band Management Security Intelligence (GTI) Device Management App Validation Out of Band Recovery Expanding GTIExpanding GTI Management Anti-Theft Expanding GTI 7. NEXT GEN ENDPOINT PROTECTION ENGINEBLACKLIST WHITELIST CONTEXT STATE OF DEEP DAT CLOUDMACHINESAFE 8. ApplicationsAnti-VirusData Loss Prevention Intrusion Prevention System Firewall Deep Defender Operating System DeepSAFE Central Processing Unit Input/Output MemoryDisk Network Display 9. ApplicationsAnti-VirusData Loss PreventionIntrusion Prevention System Firewall Deep DefenderAPPLICATION SPACE Operating SystemDeepSAFE DeepSAFECRITICAL SYSTEM RESOURCES Central Processing UnitMemory I/O Disk Network Display Input/Output Memory Disk Network Display 10. APPLICATION SPACE CRITICAL SYSTEM RESOURCES APPLICATION SPACE Memory I/O DeepSAFE DiskCRITICAL SYSTEM RESOURCES NetworkMemory I/ODisk Network Display Display 11. APPLICATION SPACE CRITICAL SYSTEM RESOURCES Memory I/O Disk Network Display 12. APPLICATION SPACE CRITICAL SYSTEM RESOURCESXMemoryXXI/OXX Disk Network Display 13. NEXT GEN ENDPOINT PROTECTION ENGINE WHITELIST DEEP CLOUD CONTEXTGTIBLACKLISTDAT STATE OF MACHINE SAFE EXPLOIT SECUREPROCESSTRUST BOOT SEEKER CONTAINERCONTEXT STATE OFBLACKLIST WHITELISTPROFILER CONTENTDEEPDAT DAT CLOUDMACHINE SAFE 14. SMART PHONE CLOUDUSBEMAILSAN LAPTOPTABLET ROUTING/PCSERVERS SWITCHINGDATABASE VOIP WIRELESSINFRASTRUCTURE EMBEDDEDDEVICESAPPSTHE EXPANDING ATTACK SURFACE 15. EMAIL SMART PHONE CLOUDUSB EMAIL SAN TABLET LAPTOP USB ROUTING/PC LAPTOPSERVERS SWITCHINGDATABASEWIRELESSINFRASTRUCTURE VOIP VIRTUAL EMBEDDEDDEVICESAPPS WEBTHE EXPANDING ATTACK SURFACE 16. VOIPSharePoint SMART PHONE CLOUDUSB DATABASEFINANCEEMAILSAN LAPTOP TABLET SAN ROUTING/ LEGALPCSERVERS SWITCHINGDATABASE WIRELESSINFRASTRUCTURE VOIPSERVERSSERVERSDNS AD/LDAPEMBEDDED DEVICESWEB DHCP APPS HRTHE EXPANDING ATTACK SURFACE 17. POS SMART PHONE CLOUDUSBEMAILSAN LAPTOP ATM TABLET ROUTING/PCSERVERS SWITCHINGDATABASEWIRELESSINFRASTRUCTURE VOIP MEDICAL DEVICES EMBEDDEDDEVICES SCADA EMBEDDEDDEVICES APPS PRINTERSTHE EXPANDING ATTACK SURFACE 18. ROUTING/SWITCHINGSMART PHONE CLOUDUSB EMAILWIRELESS SAN LAPTOP TABLET ROUTING/PCCLOUDSERVERS SWITCHINGDATABASE WIRELESSINFRASTRUCTURE VOIPFIREWALLS INFRASTRUCTUREEMBEDDED DEVICESDATA CENTERS APPSVDITHE EXPANDING ATTACK SURFACE 19. SMART PHONETABLETAPPSSOCIAL NETWORKINGBYOPCTHE EXPANDING ATTACK SURFACE 20. GTINetwork WebMail 3rd PartyFirewall Host AV Host IPSIPSGatewayGateway Feed 300M IPS300M IPS2B Botnet20B Message2.5B Malware300M IPS Geoattacks/mo. attacks/mo. C&C IP Reputation Reputationattacks/mo. LocationReputation queries/mo.queries/mo.Feedsqueries/mo. 21. GTINetwork WebMail 3rd PartyFirewall Host AV Host IPSIPSGatewayGateway Feed 300M IPS300M IPS2B Botnet20B Message2.5B Malware300M IPS Geoattacks/mo. attacks/mo. C&C IP Reputation Reputationattacks/mo. LocationReputation queries/mo.queries/mo.Feedsqueries/mo. 22. GTI Additional Threat Feeds Relative Defense Behavior-based Intelligence Private Zones and PoliciesEnterpriseNEXT GEN GTI PROXYCOUNTERMEASURE COMMAND AND CONTROL 23. CLOUDPROTECTIONServicesGatewayData Loss WebEmailPrevention GatewayGatewayData LossServicesWebCloud IdentityEmailPrevention Gateway GatewayGatewayGateway Cloud Identity Gateway 24. Oct 17 10:00:27,Oct 17 10:00:27, Application=smtp,Application=smtp, Event=Email Status,Event=Email Status, 10/17/2011 10:00:27,,,TRAFFIC, end, 10:00:27, 10/17/2011,size=25140,TRAFFIC, end,, size=25140,, MonitorSPANsource=(,, Monitor source=(,reputation=49, tls=1SPAN Port, Tap Zone, Port, Tap Zone, reputation=49, tls=1ethernet1/12, 83752, 1,ethernet1/12, 83752, 1, 59404, 25, tcp, allow, any59404, 25, tcp, allow, 10/17/2011 10:02:52 PM, PM,any10/17/2011 10:02:52OctOct 17 10:00:26, Src17 10:00:26, SrcDeleted (detection isnt, s_port 4523,, s_port 4523, Deleted (detection isntcleanable), W7MANGhost35 dst, servicedstsmtp, proto tcp, xlatesrc192.168.46.15, service cleanable), W7MANGhost35C:Programsmtp, proto tcp, xlatesrcC:ProgramFilesVMwareInfrastructureVirtual Infrastructure FilesVMwareInfrastructurClient4.1vmware-vmrc.exe, eVirtual InfrastructureC:UsersbrogersDesktop45 Client4.1vmware-5_23_setup.exeGeneric.dx!bbfq vmrc.exe, C:UsersbrogersDesktop4 55_23_setup.exeRESPONDGeneric.dx!bbfq 25. SITUATIONAL AWARENESS AND RESPONSE ThreatIntelligenceReal-Time Command & ControlHigh CorrelationPerformance SIEMEngine DatabaseEVENT LOGAUDIT/COMP. 11 001 100 010011 100 10010001 100110 11 1100 110100110 10 110CONTEXT 100 1001 100110 100001111010011 11 100CONTENTCOUNTER MEASURES 26. OPTION 1 REAL-TIME RISK ANALYSIS Critical User Has Administrator AccessPrivilegesPrivilegesMCAFEE SIEM DASHBOARDSystem Has Endpoint SecurityDestinationReputationControls (AV, FW, Hips)MajorRequestor Coming From a SourceReputationSuspicious LocationWarningSystem Has Vulnerabilities; ContextSystem Is Finance DatabaseMinorPayload Is Extract of SensitiveInfo ContentFinancial Data 27. OPTION 2 Real-Time Risk Analysis InfoMinor Warning MajorCriticalMcAfee SIEM Dashboard Access DestinationSourcePrivilegesReputationReputation Context Content User HasSystem HasRequestorSystem HasPayload IsAdministrator EndpointComing Vulnerabilities; Extract of PrivilegesSecurityfrom aSystem IsSensitive Controls (AV, Suspicious Finance FinancialFW, Hips) Location Database Data 28. McAfee Security ConnectedOPTIMIZED SECURITY DELIVERINGBUSINESS VALUEMcAfee Approach: GTI-powered intelligence in depth Centralized management platform Extensible architecture Broadest set of technologies Flexible delivery optionsMcAfee Delivers: Lower operational costs Enhanced overall security posture Partnership with #1 name in Security