Layer Zero:
Enabling The Security Stack
Brandon Hoffman
CTO, Lumeta
© 2015 Lumeta Corporation
The Security Stack
No single device or product will provide full security. A security stack is needed.
Application
• WAF, AppSec Analyzers, Application
Testers
Data
• DLP, Encryption, Session Managers,
Proxies
Host/Device
Network
• HBFW, HIDS, Vuln Scanners,
Agents/Shims, MDM
• Router ACLs, Firewalls, IPS.IDS, NAC,
Modelers
NGFWs
• SSO, IAM, Entitlements
APT/ATA Controls
Cloud
Identity
The Security Stack
These devices leverage data and metadata generated or analyzed by devices in other layers.
In most cases they need this data to be effective.
Application
• WAF, AppSec Analyzers, Application
Testers
Data
• DLP, Encryption, Session Managers,
Proxies
Host/Device
Network
• HBFW, HIDS, Vuln Scanners,
Agents/Shims, MDM
• Router ACLs, Firewalls, IPS.IDS, NAC,
Modelers
NGFWs
• SSO, IAM, Entitlements
APT/ATA Controls
Cloud
Identity
The Security Stack: Missing Links
The challenge is that all of these devices need other data that is not available
from any of these sources.
NGFWs
Needed:
 Real time index of all attached
devices
 Full device profiling
 Multi homed host identification
 Unmanaged/unscanned hosts
(agent/scan discrepancy)
APT/ATA
Controls
Cloud
Needed:
 Invalid/self-signed/unmanaged
certificates
 Traffic behind NAT/Proxies
 Historic data asscoiation
 Real time index of port usage
 HTTP(s) banner enumeration
 File share accessibility
Needed:
 Real time index of all network
devices
 Validation of zone/segment access
 Shadow IT identification
 Perimeter validation
 Leak paths
 Unknown connected networks
The Security Stack: Layer Zero
NGFWs
APT/ATA
Controls
Cloud
Foundational intelligence to enable the security stack
Network Situational Awareness via Recursive
Network Indexing
The Security Stack: Layer Zero
COMPREHEND
PREDICT
NGFWs
INDEX
APT/ATA
Controls
Cloud
Network Situational Awareness Steps
Network Situational Awareness via Recursive
Network Indexing
Network Situational Awareness
Foundational intelligence to enable the security stack.
Network Situational Awareness via Recursive
Network Indexing
INDEXING:
•
•
•
•
•
•
Identify all devices that
comprise the network
and all devices attached
Identify certificates
Identify all ports in use
Identify all banners and
file shares
Profile all devices
Identify Shadow IT
INDEX
•
•
•
•
•
•
COMPREHEND:
COMPREHEND
Determine unscanned hosts
Determine
agentless/unmanaged hosts
Determine multi-homed
hosts
Validate zone/segment
access
Determine leak paths
Determine
unknown/unmanaged
networks
PREDICT:
PREDICT
•
Identify C2 leak paths
•
•
•
•
•
Correlate
vulnerabilities/malware to
inappropriate access
Feed automated patching
Enhance asset inventory
systems
Trend data for historic
association and review
Close asset management gaps
Recursive Network Indexing
•
•
•
•
•
•
•
•
Determine unscanned hosts
Determine
agentless/unmanaged hosts
Determine multi-homed
hosts
Validate zone/segment
access
Determine leak paths
Determine
unknown/unmanaged
networks
PREDICT:
•
•
•
•
•
Identify C2 leak paths
Correlate
vulnerabilities/malware to
inappropriate access
Feed automated patching
Enhance asset inventory
systems
Trend data for historic
association and review
Close asset management gaps
NGFWs
•
•
•
Identify all devices that
comprise the network
and all devices attached
Identify certificates
Identify all ports in use
Identify all banners and
file shares
Profile all devices
Identify Shadow IT
COMPREHEND:
APT/ATA
Controls
•
Cloud
INDEXING:
•
Network Situational Awareness via Recursive
Network Indexing
Get the data you need for the security you demand!