Scribd Logo
Upload

Welcome to Scribd!

  • 20 views

    14 - MR Sanket - Intel Security

    Uploaded by

    Sajin Shivdas
    This document discusses the challenges facing security teams and proposes an integrated threat defense lifecycle approach using a data exchange layer (DXL) to improve security effectiveness and efficiency. It provides examples of how an integrated system using DXL can reduce the time to respond to and protect against threats from hours/days to minutes/seconds by automating the sharing of threat intelligence across security products in real-time. This level of integration allows security components to operate as a coordinated whole.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    14 - MR Sanket - Intel Security

    Uploaded by

    Sajin Shivdas
    20 views14 pages
    This document discusses the challenges facing security teams and proposes an integrated threat defense lifecycle approach using a data exchange layer (DXL) to improve security effectiveness and efficiency. It provides examples of how an integrated system using DXL can reduce the time to respond to and protect against threats from hours/days to minutes/seconds by automating the sharing of threat intelligence across security products in real-time. This level of integration allows security components to operate as a coordinated whole.

    Original Description:

    Intel Security

    Original Title

    14- Mr Sanket_ Intel Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses the challenges facing security teams and proposes an integrated threat defense lifecycle approach using a data exchange layer (DXL) to improve security effectiveness and efficiency. It provides examples of how an integrated system using DXL can reduce the time to respond to and protect against threats from hours/days to minutes/seconds by automating the sharing of threat intelligence across security products in real-time. This level of integration allows security components to operate as a coordinated whole.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    20 views14 pages

    14 - MR Sanket - Intel Security

    Uploaded by

    Sajin Shivdas
    This document discusses the challenges facing security teams and proposes an integrated threat defense lifecycle approach using a data exchange layer (DXL) to improve security effectiveness and efficiency. It provides examples of how an integrated system using DXL can reduce the time to respond to and protect against threats from hours/days to minutes/seconds by automating the sharing of threat intelligence across security products in real-time. This level of integration allows security components to operate as a coordinated whole.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 14

    Intel Security : Threat Defense

    Lifecycle
    Protect Detect Correct

    Sanket Bhasin
    Senior Security Consultant, Intel Security Southeast Asia
    McAfee Confidential

    Securitys Perfect Storm


    Exponential Attack
    Surface Growth
    By 2020, there will be 26 smart objects for
    every person, and 57 times more
    Gigabytes of data than all the grains of
    sand on all the beaches on earth
    Intel / IDC

    Expanding IT Boundaries
    By 2020, 65-85% of applications will be
    delivered via cloud infrastructure creates a
    situation where the networks ability to
    inspect traffic is diminishing

    The Imperative of Time


    Growing need to
    resolve more threats,
    faster, with fewer
    resources

    It takes a large organization an average


    of 31 days at a cost of $20,000/day to
    clean up and remediate after a cyberattack. $640,000.
    Ponemon, 2014

    Acute Resource Constraints


    Staffing and skills shortages were the #1 impediment to
    effective incident response expressed by 66% of
    organizations surveyed by SANS Institute in mid-2015.
    SANS, 2015

    Intel Estimates
    .

    McAfee Confidential

    Current ThreatScape Realities


    Time to
    Compromise

    Minutes

    Minimal
    Adversarial Effort

    Time to
    Discover

    Time to
    Recover

    Years - Months

    Months -Weeks

    Overwhelmed
    Security Teams

    $$$ Catastrophic
    Impact $$$

    McAfee Confidential

    Current Industry Realities


    Standardize integration and communication to break down operational silos
    Disjointed API-Based
    Integrations

    Result
    Slow, heavy, and burdensome
    Complex and expensive to maintain
    Limited vendor participation
    Fragmented visibility
    .

    McAfee Confidential

    Business and Security Outcomes


    Time to
    Compromise

    Time to
    Discover

    Months

    Significant
    Adversarial Effort

    Hours
    Hours

    Optimized
    Security Teams

    Time to
    Recover

    Minutes

    $ Minimized
    Impact $

    McAfee Confidential

    Industry Collaboration through DXL


    Standardize integration and communication to break down operational silos
    Disjointed API-Based
    Integrations

    Collaborative Fabric-Based
    Ecosystem (DXL)

    Result

    Result

    Slow, heavy, and burdensome

    Fast, lightweight, and streamlined

    Complex and expensive to maintain

    Simplified and reduced TCO

    Limited vendor participation

    Open vendor participation

    Fragmented visibility

    Holistic visibility
    .

    McAfee Confidential

    Intel Securitys Threat Defense Lifecycle


    Shift to a continuous defensive cycle
    Protect Stop pervasive attack vectors while also
    disrupting never-before-seen techniques and payloads.
    Detect Illuminate low-threshold maneuvering through
    advanced intelligence and analytics.
    Correct Improve triage and prioritize response as part of
    a fluid investigation.
    Adapt Apply insights immediately throughout an
    integrated security system.

    McAfee Confidential

    Use case 1 : Adapt and Immunize


    From Encounter to Containment in Milliseconds

    McAfee
    Global Threat
    Intelligence

    McAfee
    TIE Server

    McAfee
    ATD

    3rd Party
    Feeds
    YES

    NO

    Data Exchange Layer


    File age hidden
    Signed with a revoked
    certificate
    McAfee
    ePO

    McAfee
    TIE Endpoint
    Module

    McAfee
    TIE Endpoint
    Module

    Created by an untrusted
    process
    .

    McAfee Confidential

    Use case 1 : Adapt and Immunize


    From Encounter to Containment in Milliseconds

    Gateways block access based on endpoint convictions


    3rd Party
    McAfee
    Global Threat
    Intelligence

    McAfee
    TIE Server

    McAfee
    NSP

    McAfee
    Web Gateway

    3rd Party

    McAfee
    ATD

    Proactively and
    efficiently protect
    your organization
    as soon as a threat
    is revealed

    3rd Party
    Feeds

    McAfee
    ePO

    McAfee
    ESM

    Security
    components
    operate as one to
    immediately share
    relevant data
    between endpoint,
    gateway, and other
    security products

    Data Exchange Layer

    McAfee
    TIE Endpoint
    Module

    McAfee
    TIE Endpoint
    Module
    .

    McAfee Confidential

    Use case 2 : IOC consumption


    Legacy Disconnected Architecture
    Requirements

    Disconnected
    Baseline

    Time to Respond

    1455:17 min
    24hr

    Time to Protect

    254:02 min
    4.2hr

    Capacity

    6 IOC/day

    Coverage Gap

    Hash Data in
    SIEM

    Data Confidence

    Consoles

    6 products

    Manual Steps

    19

    McAfee Confidential

    10

    Adaptive Response

    Detection, Protection and Correction


    Network & Gateway
    NGFW

    NSP

    Sandbox
    ATD

    Web Gateway Email Gateway

    SIEM
    ESM

    IOC 1
    IOC 2
    IOC 3
    IOC 4

    network and
    endpoints adapt

    payload is
    analyzed

    new IOC
    intelligence
    pinpoints historic
    breaches
    DXL Ecosystem

    DXL Ecosystem

    previously breached
    systems are isolated
    and remediated

    Endpoints
    TIE Endpoint
    Module

    TIE Endpoint
    Module

    TIE Endpoint
    Module

    TIE Endpoint
    Module

    Use case 2 : IOC consumption


    Integrated System Performance
    Requirements

    Integrated
    System

    Time to Respond

    6:50 min

    Time to Protect

    1:08 min

    Capacity

    210 IOC/day

    Coverage Gaps

    Data Confidence

    Consoles

    Manual Steps

    McAfee Confidential

    12

    Integrated System Value


    Disconnected
    Architecture

    Integrated
    System

    Time to Respond

    1455:17 min
    87372 sec

    6:50 min
    410 sec

    Time to Protect

    254:02 min
    15242 sec

    1:08 min
    68 sec

    Capacity

    6 IOC/day

    210 IOC/day

    EFFICENCY

    Coverage Gaps

    Gap in hash
    data sent to
    SIEM

    66% reduction in technology components


    reduces the cost of security

    Data Confidence

    Consoles

    85% decrease in manual steps allows


    customer to repurpose the analysts to harder
    tasks

    Manual Steps

    19

    3500% increase in IOC handling capacity

    Requirements

    EFFICACY
    Average Time to Respond reduces dwell time
    to less than 7 min

    Full use of intelligence gives customer a


    higher confidence that security is effective

    McAfee Confidential

    13

    14

    You might also like