Know what is going on in your network!

Advanced Security Network Monitoring

Cyber security situation today

2

Main targets: governments,

infrastructure, corporates,

financial institutions…

80% acts organized activity

Cyber crime – Targeted Attacks

3

- 5 Chinese military officers charged with

stealing data from six US companies

- steal blueprints, manufacturing processes,

test results, about nuclear & solar power

- periodically revisit the victim’s network over

several months

Source: The Guardian 20.5.2014

WATERING HOLE ATTACKS

-Focus on websites that employees

from targeted organizations visit

-Malware inserted to gain sensitive

information

TrustPort in a nutshell

− World most effective antivirus

− Network Behavior Analysis using

Artificial Intelligence

4

− Producer of security solutions

− Daughter of Cleverlance

TrustPort

− World most effective antivirus

Virus Bulletin RAP continuous 1st place (08/13 – 02/14)

5

Threat Intelligence overall

6

− Monitoring of network flows and

security incidents (all in one solution)

− Real time analysis of network behavior

(performance monitoring, application

awareness, bandwidth usage etc.)

− Detection of attack symptoms in

network traffic

Specific features

Network Behavior Analysis (NBA)

Signature based network analysis (IDS)

Flow based network analysis

Performance network analysis

Antivirus

Honeypots

Example – case study

The client: a European service provider

500 employees, 3 branch offices

Filling Gaps

− Detection of severe security events not detected by other

means

− Continuous affirmation that the perimeter defense is

working correctly

− Detection of anomalous and outlier network behavior

7

Example – case study

Testing of Three Competing Solutionsthree competing products:

− McAfee NTBA

− IBM Qradar

− Cisco Cognitive Analytics

Problems:

− Large data transfers

− Several serious security incidents

− Solutions did not discover any unknown threats

8

Example – case study

Deployment and Results of Threat Intelligence

− Three hardware network probes were deployed at the

three border routers

− The most serious incident discovered by TI was 10

trojanized smart phones (connected to the network

through WiFi)

− The malware was sending data (based communication) to

IP in Japan

− TI detected these Trojans mostly by recognizing repetitive

behavioral patterns (machine behavior different v human)

− Detected in first 15 mins after implementation

9

Results

− Tested for six weeks

− reports were analyzed by TP

− results were handed over to the client

− the solution was fully deployed

− client's network personnel was trained

− high detection capabilities of TrustPort Threat Intelligence

− high value for money

− an intuitive user interface

− the integration of IDS

10

Example – case study

11

NBA Detection Core

Why TI?

12

− All in one solution

− High sensitive protection (zero day, APT’s etc.)

− Adaptive detection (latest detection methods)

− Fast Detection (unknown attacks 1-2 min)

− Machine Learning (Self configuration during the first 24

hrs.)

− Easy deployment (in hours, easy deployment, most

networks)

− Most detailed NBA (frequency characteristics analysis)

− Most advanced AI (winners of NIST challenge)

− Intuitive GUI (program designed from past experience)

13