the Presentation
advertisement
McAfee Threat Intelligence Exchange George Younan | Enterprise Solutions Architect The Resulting Impact World’s Biggest Data Breaches 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Apple AvMed, Inc. AT&T AOL Cardsystems Solutions Inc 24,000,000 Dai Nippon Printing 8,637,405 12,367,232 Blue Cross Blue Shield of Tennessee Heartland GS Caltex Citigroup Health Net T-Mobile Deutsche Telecom 94,000,000 Jefferson County Norwegian Tax Authorities Emergency Healthcare Physicians, Ltd. 130,000,000 Lincoln Medical & Mental Health Center New York City Health & Hospitals Corp. 25,000,000 Accidentally Published Hacked US Dept of Defense University of Utah Hospitals & Clinics University of Miami Inside Job US Military Morgan Stanley Smith Barney California Dept. of Child Support Services 76,000,000 Triple-S Salud, Inc. US National Guard Lost/Stolen Computer Yale University Spartanburg Regional Healthcare System US Law Enforcement 152,000,000 LexisNexis Mac Rumors.com 20,000,000 Neiman Marcus Living Social 50,000,000 Ubisoft State of Texas Sutter Medical Foundation Korea Credit Bureau Medicaid Military singles.com Sony Online Entertainment Stratfor Advocate Medical Group Adobe 50,000,000 Linkedin KT Facebook 6,000,000 eHarmony Last.fm Corp NHS 77,000,000 24,000,000 Formspring Health Net IBM 8,300,00 South Shore Hospital, Massachusetts Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ McAfee Confidential Memorial Healthcare System Sony PSN Starbucks 26,500,000 Nemours Foundation JP Morgan Chase 32,000,000 Stanford University UK Revenue & Customs Eisenhower Medical Center AOL Evernote RockYou! 17,000,000 US Dept of Vet Affairs 14,000,000 Educational Credit Management Corp 11,100,000 TK/TJ Maxx Blizzard Colorado Government Chile Ministry of Education Gap Inc. 92,000,000 Apple 18,000,000 BNY Mellon Shareowner Services 40,000,000. AOL Action.co.kr TerraCom &YourTel South Africa police Central Hudson Gas & Electric Crescent Health Inc., Walgreens Florida Nintendo Courts Ebay Drupal Twitter Ubuntu “unknown” 145,000,000 Target Yahoo 110,000,000 US Army Tricare Yahoo Lost/Stolen Media 22,000,000 Scribd NASDAQ SnapChat Washington State court system Poor Security Unknown Virus . 3 3 The Need for Adaptive Threat Prevention The current model is broken Solution: Problem Threat Intelligence Exchange • Products work act intogether isolation • Intelligence shared Integrations is are slow and brittle • Responses immediate Intelligence are is not shared • Environment responds Too much white noise as a whole • Can immunize Responses arethe notenvironment automated immediately • Can action withoutitsvendor involvement Eachtake product requires own update • Vendor or 3rd party dependency . McAfee Confidential 4 McAfee Threat Intelligence Exchange Bringing adaptive threat prevention to your environment Ultrafast, bi-directional messaging fabric that connects individual security products so they operate as one entity. Network, Gateway, endpoint and cloud countermeasures are connected through this fabric. Dedicated server acts as a repository for all of your threat intelligence. This includes the latest threat information from: - McAfee Security Connected components such as ATD, MWG, NSP, etc. - McAfee Global Threat Intelligence and 3rd party sources (e.g. VirusTotal) - System level and enterprise level intelligence A new plugin to you’re your McAfee Agent. It examines files on execution and makes intelligent decisions to protect your entire environment. These decisions are driven by a behavioral rules engine that understands your environment and leverages your threat intelligence. . McAfee Confidential 5 Data Exchange Layer . McAfee Confidential 13 BPM Asset Identity Data Exchange Layer An innovative, real-time, bi-directional communications fabric providing with product integration simplicity. Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security. Risk Threat Activity Location Data THE SECURITY CONNECTED FRAMEWORK ADAPTIVE SECURITY ARCHITECTURE . McAfee Confidential 14 Threat Intelligence Exchange Workflow McAfee Global Threat Intelligence McAfee TIE Server McAfee ATD 3rd Party Feeds YES NO Data Exchange Layer File age hidden Signed with a revoked certificate McAfee ePO McAfee Confidential McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module Created by an untrusted process . 18 Threat Intelligence Exchange Workflow Gateways block access based on endpoint convictions McAfee NGFW McAfee Global Threat Intelligence McAfee TIE Server McAfee NSP McAfee McAfee Web Gateway Email Gateway McAfee ATD Proactively and efficiently protect your organization as soon as a threat is revealed 3rd Party Feeds McAfee ePO McAfee Confidential McAfee ESM Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products Data Exchange Layer McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module . 19 Threat Intelligence Exchange Workflow McAfee NGFW McAfee Global Threat Intelligence McAfee TIE Server McAfee NSP McAfee McAfee Web Gateway Email Gateway McAfee ATD 3rd Party Feeds YES NO Data Exchange Layer Endpoints are protected based on gateway convictions McAfee ePO McAfee Confidential McAfee ESM McAfee VSE Threat Intelligence Module McAfee VSE Threat Intelligence Module . 20 TIE Summary You control what is good and bad in your environment You have Full visibility into every file executing in your environment VirusTotal Integration for quick analysis No more waiting for extra.dat files for malware that may be targeting your environment. Identify patient zero in the case of a malware attack. . McAfee Confidential 21 2
