Professional Documents
Culture Documents
14 - MR Sanket - Intel Security
14 - MR Sanket - Intel Security
14 - MR Sanket - Intel Security
Lifecycle
Protect Detect Correct
Sanket Bhasin
Senior Security Consultant, Intel Security Southeast Asia
McAfee Confidential
Expanding IT Boundaries
By 2020, 65-85% of applications will be
delivered via cloud infrastructure creates a
situation where the networks ability to
inspect traffic is diminishing
Intel Estimates
.
McAfee Confidential
Minutes
Minimal
Adversarial Effort
Time to
Discover
Time to
Recover
Years - Months
Months -Weeks
Overwhelmed
Security Teams
$$$ Catastrophic
Impact $$$
McAfee Confidential
Result
Slow, heavy, and burdensome
Complex and expensive to maintain
Limited vendor participation
Fragmented visibility
.
McAfee Confidential
Time to
Discover
Months
Significant
Adversarial Effort
Hours
Hours
Optimized
Security Teams
Time to
Recover
Minutes
$ Minimized
Impact $
McAfee Confidential
Collaborative Fabric-Based
Ecosystem (DXL)
Result
Result
Fragmented visibility
Holistic visibility
.
McAfee Confidential
McAfee Confidential
McAfee
Global Threat
Intelligence
McAfee
TIE Server
McAfee
ATD
3rd Party
Feeds
YES
NO
McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
Created by an untrusted
process
.
McAfee Confidential
McAfee
TIE Server
McAfee
NSP
McAfee
Web Gateway
3rd Party
McAfee
ATD
Proactively and
efficiently protect
your organization
as soon as a threat
is revealed
3rd Party
Feeds
McAfee
ePO
McAfee
ESM
Security
components
operate as one to
immediately share
relevant data
between endpoint,
gateway, and other
security products
McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
.
McAfee Confidential
Disconnected
Baseline
Time to Respond
1455:17 min
24hr
Time to Protect
254:02 min
4.2hr
Capacity
6 IOC/day
Coverage Gap
Hash Data in
SIEM
Data Confidence
Consoles
6 products
Manual Steps
19
McAfee Confidential
10
Adaptive Response
NSP
Sandbox
ATD
SIEM
ESM
IOC 1
IOC 2
IOC 3
IOC 4
network and
endpoints adapt
payload is
analyzed
new IOC
intelligence
pinpoints historic
breaches
DXL Ecosystem
DXL Ecosystem
previously breached
systems are isolated
and remediated
Endpoints
TIE Endpoint
Module
TIE Endpoint
Module
TIE Endpoint
Module
TIE Endpoint
Module
Integrated
System
Time to Respond
6:50 min
Time to Protect
1:08 min
Capacity
210 IOC/day
Coverage Gaps
Data Confidence
Consoles
Manual Steps
McAfee Confidential
12
Integrated
System
Time to Respond
1455:17 min
87372 sec
6:50 min
410 sec
Time to Protect
254:02 min
15242 sec
1:08 min
68 sec
Capacity
6 IOC/day
210 IOC/day
EFFICENCY
Coverage Gaps
Gap in hash
data sent to
SIEM
Data Confidence
Consoles
Manual Steps
19
Requirements
EFFICACY
Average Time to Respond reduces dwell time
to less than 7 min
McAfee Confidential
13
14