Io T Security Part 2 The Malware June

  • Slides: 19
Download presentation
Io. T Security Part 2, The Malware June, 2016 Angelo Brancato, Chief Technologist –

Io. T Security Part 2, The Malware June, 2016 Angelo Brancato, Chief Technologist – HPE Security angelo. brancato@hpe. com Mobile: +49 174 1502278 CISSP, CISM. CCSK

This Presentation is recorded: https: //youtu. be/AVw. CZF 84 gew

This Presentation is recorded: https: //youtu. be/AVw. CZF 84 gew

HPE Secure Io. T Application Lifecycle Replay Part 1, Management) The Data HPE ITOM

HPE Secure Io. T Application Lifecycle Replay Part 1, Management) The Data HPE ITOM (IT Operations HPE Security Arc. Sight (Security Intelligence) Visualization HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) HPE ADM, ITOM and Security solutions provide a secure Io. T Application Lifecycle Io. T Cloud / Platform HPE Aruba (Communication Security ) Connectivity Edge Computing Io. T Endpoints Data, Applications, Communication, Users HPE ADM (Application Delivery Management)

HPE Secure Io. T Application Lifecycle HPE ITOM (IT Operations Management) HPE Security Arc.

HPE Secure Io. T Application Lifecycle HPE ITOM (IT Operations Management) HPE Security Arc. Sight (Security Intelligence) Visualization HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) HPE ADM, ITOM and Security solutions provide a secure Io. T Application Lifecycle Io. T Cloud / Platform HPE Aruba (Communication Security ) Connectivity Edge Computing Io. T Endpoints Data, Applications, Communication, Users HPE ADM (Application Delivery Management)

HPE Secure Io. T Application Lifecycle – Security Intelligence Visualization HPE Security Fortify (Application

HPE Secure Io. T Application Lifecycle – Security Intelligence Visualization HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) Io. T Cloud / Platform HPE Aruba (Communication Security ) Connectivity Edge Computing Io. T Endpoints Data, Applications, Communication, Users HPE Security Arc. Sight (Security Intelligence) Io. T Platform

HPE Secure Io. T Application Lifecycle – Security Intelligence HPE Security Arc. Sight (Security

HPE Secure Io. T Application Lifecycle – Security Intelligence HPE Security Arc. Sight (Security Intelligence) Visualization Io. T Cloud / Platform Connectivity Log Data Edge Computing Io. T Endpoints Io. T Platform

Security Intelligence - What is Security Analytics? Streams of Data Rivers of Data Ocean

Security Intelligence - What is Security Analytics? Streams of Data Rivers of Data Ocean of Data / Data Lake

Security Intelligence - What is Security Analytics?

Security Intelligence - What is Security Analytics?

Security Intelligence - What is Security Analytics? Tactical Level E. g. Streams of Data

Security Intelligence - What is Security Analytics? Tactical Level E. g. Streams of Data Users Clients, Servers Applications Firewalls, IDS/IPS, VPN, Routers, WLAN Io. T Edge Devices, Sensors, Actuators

Security Intelligence - What is Security Analytics? Operational Level Real-time correlation of known attack

Security Intelligence - What is Security Analytics? Operational Level Real-time correlation of known attack patterns Streams of Data Rivers of Data Sample Arc. Sight correlation rule

Security Intelligence - What is Security Analytics? Operational Level some Arc. Sight Key Differentiators

Security Intelligence - What is Security Analytics? Operational Level some Arc. Sight Key Differentiators - Arc. Sight ESM Real-time correlation of known attack patterns Streams of Data True Real-Time and Contextual Correlation - Pre-Defined Use Cases (correlation rules) and Rivers of Data Content Sharing Platform - 400+ supported event sources - Flex-Connector - Normalization / Categorization - Guaranteed Event Delivery and Event Load-Balancing - Multi-Tenancy

Security Intelligence - What is Security Analytics? Tactical Level Ubiquitous, reliable and scalable event

Security Intelligence - What is Security Analytics? Tactical Level Ubiquitous, reliable and scalable event collection and normalization, Remediation Streams of Data Operational Level Strategic Level Feed back to Operational Level, creation of real-time correlation rules Hunt for yet unknown attack patterns in the Big Data Lake Arc. Sight ESM Rivers of Data Hunt Team Ocean of Data / Data Lake

Security Intelligence - What is Security Analytics? Tactical Level Ubiquitous, reliable and scalable event

Security Intelligence - What is Security Analytics? Tactical Level Ubiquitous, reliable and scalable event collection and normalization, Remediation Streams of Data Operational Level Strategic Level Feed back to Operational Level, creation of real-time correlation rules Hunt for yet unknown attack patterns in the Big Data Lake Arc. Sight ESM DMA Rivers of Data Hunt Team In-A-Box Arc. Sight DNS Malware Analytics Ocean of Data / Data Lake

HPE Arc. Sight DMA – DNS Malware Analytics Overview

HPE Arc. Sight DMA – DNS Malware Analytics Overview

HPE Arc. Sight – DNS Malware Analytics (DMA) HPE Security Arc. Sight (Security Intelligence)

HPE Arc. Sight – DNS Malware Analytics (DMA) HPE Security Arc. Sight (Security Intelligence) Visualization HPE Arc. Sight DNS Malware Analytics (DMA) Io. T Cloud / Platform Connectivity DNS Data DMA Edge Computing Io. T Endpoints Io. T Platform

Challenges in Collecting & Monitoring DNS Data Why is DNS monitoring this a hard

Challenges in Collecting & Monitoring DNS Data Why is DNS monitoring this a hard problem for Enterprise Environments? Case Study: • Every new employee, device, server etc. only adds to the total 220, 000 50, 000 Routers VPN 14, 000 100, 000 3, 000 The right information is not logged 150, 000 200 • Logging impacts severely performance of the DNS Infrastructure 200, 000 80 • 18 -20 Billion DNS packets move through HPE’s core data centers every day Volume! 7 • Events per second 250, 000 0 HPE – 2013 -2016 Mc. Afee e. PO Active Directory Web Proxy DNS

HPE Arc. Sight – DNS Malware Analytics (DMA) ! ! ü Alerting (Infected Systems)

HPE Arc. Sight – DNS Malware Analytics (DMA) ! ! ü Alerting (Infected Systems) HPE Analytics Cloud ü Arc. Sight REST connector, Secure communication ü Secure communication Visualization Arc. Sight ADP/ESM DNS Capture Module ü Easy to install pre-configured appliance ü Constantly analyze DNS data for security threats ü Local DNS Preprocessing ü Data visualization & exploration ü Filter out 99% of traffic ü Web-based detail & visual drill down ü Statistics and diagnostics Cloud ! Manual or automatic remediation On-Site Io. T Cloud / Platform Io. T Platform Network Tap Connectivity Edge Computing Io. T Endpoints HPE Aruba Clear. Pass

HPE Arc. Sight – DNS Malware Analytics (DMA) Recap DMA is a solution that:

HPE Arc. Sight – DNS Malware Analytics (DMA) Recap DMA is a solution that: • provides high fidelity – very low to zero false-positive rate • enables Operational Staff (L 1) to mitigate/remediate • fit into an existing SOC infrastructure without expansion DMA is an automated service to detect and identify hosts (things) that: • are positively infected with malware, bots, or other unknown threats • are trying to contact Command Control (C&C) Servers or exfiltrate data • other signature based perimeter or internal security products have not detected

Thank You! Angelo Brancato, Chief Technologist – HPE Security angelo. brancato@hpe. com Mobile: +49

Thank You! Angelo Brancato, Chief Technologist – HPE Security angelo. brancato@hpe. com Mobile: +49 174 1502278 hpe. com/security CISSP, CISM. CCSK