next generation firewalls: a discussion on consolidated security, application inspection and blended...
TRANSCRIPT
![Page 1: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/1.jpg)
Next Generation Firewalls:A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation
Christian Barnes
Materials:Kostas Sfakiotakis, FCNSPManager, Systems Engineering
![Page 2: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/2.jpg)
The Threats You Face Continue to Grow
Exponential Growth in Malware Threatsin thousands
U.S. DoD Reported Incidents of Malicious Cyber Activityin thousands
Coordinated and blended attacks are now a common practice
Increased processing power required
Motive and intent has moved from notoriety to financial gain
Cyber security is critical
In the News:
Stuxnet attack on Iranian Nuclear Facility
Flame Virus-10 times more sophisticated than Stuxnet
RSA and Sony APT breaches
Anonymous BART attack
Healthnet’s Medical Records compromised
US banks targeted by Russian cyber-gangster groups
Google & Yahoo targeted DNS attacks
Scada Protocols targeted by Cyber-terrorist groups
Hundreds more…
![Page 3: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/3.jpg)
You Have to Do More with Less
• Increase access to backend data and systems• Decrease risk of unauthorized access• Increase effectiveness of existing resources and investments• Reduce complexity of security infrastructure• Lower operating and capital costs
![Page 4: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/4.jpg)
You Need to Prepare for the Next Threat
• Eliminate your blind spots • Demonstrate your policy compliance• Lower your response time• Accelerate adoption of best practices and
expert systems• Reduce the potential of significant or
catastrophic loss to reputation or revenue
![Page 5: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/5.jpg)
Evolution of the Threat Landscape
Recreation
Activism
Financial Gain
Enterprising
![Page 6: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/6.jpg)
Thinking Strategically About Security
• Future-proof your security infrastructure
− Anticipate change in threatscape• Look for opportunities to
consolidate without compromise− Reduce complexity− Increase protection− Decrease risk− Lower CapEx & OpEx
• Move beyond tactical responses to threats
Magic Quadrant for Unified Threat Management
![Page 7: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/7.jpg)
Reducing Complexity Is Critical
•Source: Navigating IT: Objective & ObstaclesInfoworld, May, 2011
Q: What are the top security-related challenges your organization is facing? (base: of those that are involved in Security investments)
![Page 8: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/8.jpg)
Solve Everyday Problems
Emily, a financial trader, installed Skype on her company laptop to talk with family.
Bill works for a Fortune 100 company and shares company details on Facebook.
Ed shared a company presentation via his personal Gmail account.
Jill is at Starbucks and needs to communicate and be protected as if she was at HQ.
Endpoint Control
2-Factor Authentication
VPN TunnelingWAN Optimization
Identity & Device-Based Policies
Data Leak Protection
![Page 9: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/9.jpg)
Improve Productivity – Limiting Web Access
“Your daily quota for this category of webpage has expired…URL: beach-camera.store.buy.com
Category: Shopping and Auction”
![Page 10: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/10.jpg)
• Overlapping, complementary layers of protection• Comprehensive, integrated inspection• Allow but don’t trust any application• Examine all application content
Examine All Applications-Don’t Trust Any
![Page 11: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/11.jpg)
Application Inspection and Control Overview
![Page 12: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/12.jpg)
Application Security Evolution
• In the beginning − Apps easily defined
▪ Port or Protocol− Policies easily defined and enforced
▪ Allow or deny▪ Content and behavior predictable
• And then came the Web− The world has never been the same
![Page 13: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/13.jpg)
Application Security Evolution
• Traditional Approach: Primary line of defense at the perimeter » One-to-one assignment of port to
application usage• Web, SNMP, FTP, Telnet
» To block the applications, simply close the port
Web
SNMP
FTP
Telnet
Data Center
![Page 14: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/14.jpg)
PORT 80
Application Security Evolution
• Today: Web-centric world • Requires new approach for securing
applications» How to allow trusted applications, deny
untrusted?• Threats are application agnostic
» Any application can serve as a host to malicious activity
twitterfacebook
YAHOO! MAIL
salesforceWL MessengerGoogle
![Page 15: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/15.jpg)
What is Application Control?
• Layer 7 analysis of traffic determines the application regardless of TCP port»Doesn’t just associate a port with an
application»Can detect IM/P2P/etc running over port
80
• Detects applications inside of applications»Tunneling P2P/IM/etc inside http
![Page 16: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/16.jpg)
What is Application Control?
• Granular control of applications in a network»Allow, block or traffic shape individual applications»Perform above actions based on user identity»Control application commands»Control web applications
• Allows a new level of application, port and user-based reporting»What does the application look like on the surface
• Port, Source Address, Country of Origin
»What does the application look like under the surface• Application, Behavior, Signatures, Reputation
![Page 17: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/17.jpg)
Controlling Web Applications
• Allow Facebook, but block Facebook applications» Farmville, anyone?
» Facebook Chat
» Facebook Video
• Allow YouTube, but block YouTube download• Allow Google Maps, but block Google Web Talk
![Page 18: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/18.jpg)
Proxy Avoidance
• Web content filtering provides protection against proxy websites
• Application control provides protection against proxy based applications»Ultrasurf, Gtunnel, dozens of others
![Page 19: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/19.jpg)
Rate Shaping
• Traffic doesn’t have to be just allowed or blocked• Now we can rate shape on an application basis instead of just a port number
• Allow streaming media usage, but limit bandwidth• Regain control of your Internet link(s)
![Page 20: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/20.jpg)
Controlling Application Commands and Web Applications
• Allow users to download via FTP (GET) but block uploading (PUT)
• Block HTTP Resume• Can circumvent A/V inspection
• URL filtering isn’t enough• More and more applications on the web
• Impossible to control via a traditional firewall
![Page 21: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/21.jpg)
Business Drivers for Application Control
• New services and applications»Web 2.0 services over HTTP(S)» IM, P2P and gaming that port-hop
• Non-business applications can be problematic and expose liability» IM, P2P and anonymous proxy»Non-productive bandwidth usage»Evasion of security or corporate policy»Difficult to detect and stop
• TCP/UDP port filtering ineffective• Next-generation firewall required!
![Page 22: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/22.jpg)
Threat Landscape:Malicious Activity within Trusted Applications
![Page 23: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/23.jpg)
Security Challenges
• Blended attacks• Application-focused attacks• “Oldies but Goodies” still exist
− Nothing goes away. Ever.
• “Survival instinct” of applications much higher than before− Built-in evasion techniques
• Must assume malicious activity occurs within trusted applications
• Let’s take a closer look at some examples…
![Page 24: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/24.jpg)
Advanced Evasion Techniques (AETs)
Botnets and APTs employ AETs: Advanced Persistent Threats (Cyber Threats) Advanced Evasion Techniques Fast Flux and Proxies Communication Encryption and Watermarking
IE: Port 443 Custom Protocol Communication
Code Obfuscation and Packing Data Safe Havens Metamorphic & Polymorphic Malware
![Page 25: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/25.jpg)
Advanced Evasion Techniques (AETs)
![Page 26: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/26.jpg)
Threat Landscape-Blended Threat & Botnet Examples
• The Corporate Botnet - PhishingEmployee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the compromise of the integrity of the entire network.
.
CIO Fears and Concerns
• The Corporate BotnetEmployee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.
.
ZEUS/ZBOT
• Email contains link to false domain• Credentials entered in to fake site• BOT infection sent to user as a “ Facebook
Security Update” application• User installs BOT and is now infected, all data
is compromised• Connection is then redirected to real
Facebook site so user is not suspicious• Prevalent today and sold as a crime kit.
![Page 27: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/27.jpg)
Threat Landscape-Blended Threat & Botnet Examples
• The Corporate Botnet – Legitimate Site CompromisedEmployee access a legitimate site, but it or one of its content providers has been compromised and is now hosting malicious code.
.
CIO Fears and Concerns
• The Corporate BotnetEmployee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.
.
FakeAV Botnet
• In 2009 the advertising network used by the New York Times was infected by a malicious flash advertisement
• Readers were accessing the NYT site but were provided with the infected advertisement
• This directed users to a site hosting the exploit code to install fake antivirus software.
.
![Page 28: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/28.jpg)
Threat Landscape-Blended Threat & Botnet Examples
• Targeted Attack – Spear PhishingUsing social engineering to distribute emails with links to malware, the emails are relevant to the corporation being targeted. Infected documents (PDF, DOC, XLS) can use software exploits to infect systems
.
CIO Fears and Concerns
• The Corporate BotnetEmployee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.
.
Kneber (Zeus) Botnet
• In 2010 a spear phishing attack on US .mil and .gov employees by a Zeus variant infected 50,000+ end systems
• Data stolen included: Corporate Login credentials Email and webmail access Online Banking sites Social Network credentials SSL Certificates
![Page 29: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/29.jpg)
Threat Landscape-Blended Threat & Botnet Examples
• RansomwareOnce installed is very difficult to reverse, files are encrypted, this isn’t just based on the fear that something might happen, once you are reading the ransom note your data has already been encrypted.
CIO Fears and Concerns
• The Corporate BotnetEmployee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.
.
gpCode Ransomware
• Once installed searches hard drive for document and media files
• Files are encrypted with a 1024bit key which only the attacker has the decryption key
• Ransom note is displayed to user, system continues to operate but data is inaccessible
• Will encrypt xls, doc, pdf, txt, rar, zip, avi, jpg, mov, etc…
![Page 30: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/30.jpg)
Trends: Crimeware & Crime Services
Ransom, Blackmail, Turf Wars Up to $150k USD Monthly
Crimeware Weaponized Exploits for Sale
($10k+) Crime Services
New Horizons: Cloud Processing
![Page 31: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/31.jpg)
![Page 32: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/32.jpg)
Affiliate Programs (PPI):Earn $140 / 1K Installs (USA)
Trends: Crimeware & Crime Services
![Page 33: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/33.jpg)
• Zeus botnet operators rely heavily on mules …
![Page 34: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/34.jpg)
Crimeware: Documents, GUIs, Management
![Page 35: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/35.jpg)
Mobile Vulnerabilities
< 2010: iOS Jailbreaks, Public Concept
2011: Rage in the Cage Android < 2.1/2.2 March 2011 – 21 Apps Pulled
2012: Levitator Android < 2.3.6 Honeycomb, Ice Cream (3&4)
2012-2013: Galaxy S3
NFC (Near Field Communication) Payload Drive-By Remote Wipe
![Page 36: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/36.jpg)
Mobile Malware
2012-2013: Tigerbot Auto-Jailbreak [Spy Trojan]• Symbian, Blackberry, AndroidZitmo (Zeus in the Mobile) SMS Spy Upgrade Android/Fakemart (20 Y/O Arrest, 500k Euros Profit) Cloud To Device Messaging (Google C2DM) CAPTCHA Cracking (OCR), Uninstall Hooks Ransomware and APT...
![Page 37: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/37.jpg)
Addressing the Threat Landscape:Complete Content Protection
![Page 38: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/38.jpg)
LOCK & KEY
ANTI-SPYWARE
ANTI-SPAM
WEB FILTER
ANTI-VIRUS
VPN
IPS
FIREWALL
APP CONTROL
PHYSICAL
CONNECTION-BASED
HARDWARE THEFT
1980s 1990s 2000s Today
Pe
rfo
rma
nc
e
- D
am
ag
e
CONTENT-BASED
SPYWARE
WORMS
SPAM
BANNED CONTENT
TROJANS
VIRUSES
INTRUSIONS
APP LAYER ATTACKS
HARDWARE THEFTHARDWARE THEFT
Security:Followed The Internet Evolution
![Page 39: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/39.jpg)
“I.T. departments must manage a growing array of specialized security technologies that may or may not work together to help security departments detect and halt attacks.”“Security Professionals Say Network Breaches Are Rampant” Ponemon Institute Survey New York Times 6/22/11
The Result:More Expense, Less Security, Less Control
![Page 40: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/40.jpg)
PHYSICAL
CONNECTION-BASED
CONTENT-BASED
ANTI-SPYWARE
ANTI-SPAM
WEB FILTER
ANTI-VIRUS
VPN
IPS
FIREWALL
LOCK & KEY
SPYWARE
WORMS
SPAM
BANNED CONTENT
TROJANS
VIRUSES
INTRUSIONS
HARDWARE THEFT
1980s 1990s 2000s Today
Pe
rfo
rma
nc
e
- D
am
ag
e
APP CONTROLAPP LAYER ATTACKS
Complete Content Protection
![Page 41: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/41.jpg)
Consolidated Security with Real Time Updates
• Intrusion Prevention: Vulnerabilities and ExploitsBrowser and website attack code crafted by hackers and criminal gangs.
• Application Control: Unwanted Services and P2P LimitingBotnet command channel, compromised Facebook applications, independent of port or protocol
• Web Filtering: Multiple categories and Malicious sitesBotnet command, phishing, search poisoning, inappropriate content
• Antispam: Unsolicited messagesPhishing, Malware, Social Engineering and Junk
• Antivirus: All malicious codeDocuments, macros, scripts, executablesDelivered via Web, Email, USB, Instant messaging, social networks, etc
• Vulnerability Management: Real time exploit updatesMultiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan
![Page 42: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/42.jpg)
The Zeus Attack vs. Complete Content Protection
• Email Sent – Contains link to compromised site.
Mail message detected as spam (phishing)
• Phishing site sends BOT infection to user disguised as ‘Security Update’ application
Content scanning prevents malicious content from being downloaded
• End user executes BOT application, is infected and now all their data is compromised
Botnet command channel is blocked, no compromised data can be sent.Security administrator is alerted of the infected system.
• End user accesses phishing site, enters credentials, and criminals now have their details .. Access to phishing website is blocked
ANTISPAM
WEB FILTER
ANTIVIRUS
INTRUSIONDETECTION
![Page 43: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/43.jpg)
Real Threat Protection in Action
“Innocent” Video Link:Redirects to malicious Website
Integrated Web FilteringBlocks access to malicious Website
Network AntivirusBlocks download of virus
Intrusion ProtectionBlocks the spread of the worm
Solution:
Error message:
“Drops” copy of itself on system and attempts to propagate
“Out of date” Flash player error:“Download” malware file
Problem:
![Page 44: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/44.jpg)
FortiGate
• Integrated security appliance− Network threat detection− Application-aware content scanning
• Accelerated performance− Hardware acceleration with custom ASICs
• Reduce the number of vendors and appliances
− No 3rd party software/subscription dependencies− No user count or application licensing
• FortiGuard Services− Antivirus, IPS, App Controls, Antispam, Web
Content Filtering
![Page 45: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/45.jpg)
World’s Fastest Firewall
Tests Using BreakingPoint™ FireStorm Prove FortiGate-5140B to be the World's Fastest Firewall
• 559 Gbps of UDP traffic • 526 Gbps of real-world application traffic
» Facebook, Pandora Radio and AOL Instant Messenger» Up to 10,000 iTunes songs per second» Up to 228,000 Web pages per second
Real-World Testing
![Page 46: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/46.jpg)
FortiGuard Distribution Network:Global Research, Updates, Services
FortiGuard Research:• Rootkits: Kernel Hooks• Botnets: Dynamic Monitoring, Spambots,
New Malware Protocols• Malware: Code Techniques-PDF/Flash/Doc• Security: Exploits & Vulnerabilities, Zero Day Detection• Packer Research: Unpacking, Generic Detection
FortiGuard Services:• AV Signatures – 4x Daily• IPS Signatures – 2x Daily• Antispam/Web Content Filtering – Real Time• Sample Collection• Signature Creation• Alerts & Escalation
Global Distribution Network:• Application Control• Vulnerability Management• Antispam• Web Filtering• Intrusion Prevention• Antivirus
![Page 47: Next Generation Firewalls: A Discussion on Consolidated Security, Application Inspection and Blended Threat Mitigation Christian Barnes Materials:Kostas](https://reader038.vdocuments.mx/reader038/viewer/2022102808/56649cbe5503460f949840c1/html5/thumbnails/47.jpg)
Thank you!
Questions?