Transcript the Presentation

REDSEAL
SECURITY ANALYTICS FOR DIGITAL RESILIENCE
Agenda
•
•
•
•
•
•
•
Meet the team
Complexities in Todays Environment
RedSeal role in providing Security analytics for Digital resilience
How we work with your Ecosystem
Three things to remember about RedSeal
Fill in Survey- Win an 12 yr old Scotch
Questions?
RedSeal: Security Analytics Platform
for Digital Resilience
Target Global 2000 enterprises, governments, large organizations
customers
Installed base Serving over 240 customers in North America, Europe, and
Japan
Go to market Direct sales with channel, system integrators, managed service
providers
Competitive Robust and patented functional model of the entire “as-built”
advantage digital infrastructure
Location Headquartered in Sunnyvale, California
Employees 110
Venture Venrock, Leapfrog Ventures, Sutter Hill Ventures, Icon Ventures,
Investors Olympic Venture Partners, In-Q-Tel, and Tyco International
Data Breaches Are Accelerating
Size of bubble reflects number
of records breached, which
are listed for largest breaches.
World's Biggest Data Breaches: 2004-2014
Aol
Aol
Adobe
AOL
Court
Ventures
92,000,000
Card
systems
Solutions
Inc.
200,000,000
Ebay
Evernote
50,000,000
Home
Depot
145,000,000
Heartland
56,000,000
130,000,000
Massive
American
Business
Hack
Rock You!
32,000,000
TK/TJ
Maxx
T-mobile
Deutche
2004
2006
JP
Morgan
Chase
160,000,000
76,000,000
77,000,000
US
Military
94,000,000
US Dept.
of Vet
Affairs
Sony
PSN
Living
Social
50,000,000
UK
Reserve
&
Customs
Steam
Zappos
2008
2010
Sony
Pictures
Ubisoft
Tianya
76,000,000
2012
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Target
Yahoo
Japan
2014
70,000,000
Latest
Full Network Understanding and Measurement are
Essential Steps to Bridge this IT/Security Gap
• Cybersecurity challenges far exceed an organization’s human abilities to
effectively understand, manage, and defend their networks
- Perimeter security is necessary but no longer sufficient
- Management practices have not evolved
- $75B per year in point solutions don’t work.
- Organizations need a systemic solution for a systemic problem
• Effective management requires measurement, and effective measurement
requires full network understanding
- Full network understanding provides context
- Scoring your network security provides a framework
- Network understanding and metrics underpins a rigorous management program
Cyber Attacks Increasing in Frequency and Magnitude
Target CEO fired—
can you be fired if
your company is
hacked?
–Forbes
Giant Home Depot
data breach court
battle kicks off
–Fortune
JPMorgan CEO
Jamie Dimon asks
for help with data
breaches after
spending $250m on
security in 2013
–Huffington Post
Lawsuits say Sony
Pictures should
have expected
security breach
–CNN
Cybersecurity Today
Lots of tools and data make it difficult to:
-
Make sense of the information
- Skills shortage
- Sheer scale
- Prioritize actions
- Efficiently demonstrate compliance
- Measure effectiveness
A day in the life of a CISO
RedSeal Platform: Create a Model of Your “As-Built” Network
Routers
Firewalls
Host and
vulnerability data
Extranet
Switches
Load
balancers
Cloud
“configs”
Remote
DMZ
Network
configuration
managers
Company
RedSeal Core
Partners
Lab
Data
Center
RedSeal Delivers the Digital Resilience to Close the Gap
Network Elements - Thousands
10,000,000
1,000,000
100,000
10,000
1,000
100
Human
Understanding
without Assistance
10
1990
1995
2000
2005
2010
2015
2020
Increasing Network Complexity
SDN
LEGACY INFRASTRUCTURE
AND ACQUISITIONS
You don’t always know
what you have.
CLOUD DEPLOYMENTS
Less control over
infrastructure-as-a-service
Load
Balancers
SOFTWARE DEFINED DATACENTERS
Difficult to keep security controls current
in these dynamic environments
Large and Complex Networks
Breed Opportunities for Breaches
• Increasing network complexity
- Legacy infrastructure and acquisitions
- Cloud deployments
- Software-defined data centers
• Unknown and unmanaged network and
security assets
• Proliferation of new applications
• Unpatched or out-of-date services
• Shifting regulatory environment
• Human error
Ask Yourself: Is My Network Secure?
How easily can attackers get in
and move around?
How big is my attack surface?
What vulnerabilities should
I address first?
What is the impact of change?
How much of my infrastructure
is compliant?
Will my network be safer tomorrow?
?
RedSeal: Cybersecurity Analytics for Digital Resilience
Measure,
benchmark
and set targets
Understand your
network with asbuilt model
Establish standard
policies and verify
compliance
Accelerate
response to
vulnerabilities
and incidents
Step 1: Understand Your Network
Remote
Extranet
Allowed access
DMZ
Unintended Company
access
Core
Partners
Lab
Advanced, secret lab
Discontinued protocol
still active
Data
Center
Step 2: Measure, Benchmark and Set Targets
Resilience score
Smartphone
application
Trending
Share throughout
enterprise IT
Step 3: Establish standards and policies and verify
compliance
Key controls for:
– Credit cards (PCI DSS)
– Critical infrastructure (NERC CIP)
– Federal Information Systems (NIST 800-53)
– DoD security guides (DISA’s STIGs)
– Health care (HIPAA)
Benefit: More efficient and effective
compliance initiatives
–Fast
–Automatic
–Continuous
–Cost effective
Major control areas:
–Network segmentation
–Vulnerability scans and penetration tests
–Configuration hardening
Step 4: Accelerate Response to
Incidents and Vulnerabilities
Remote
Extranet
DMZ
Indicator of
compromise:
directly reachable
Company
IoC
Core
Partners
Indirectly
reachable
critical system
Lab
Data
Center
RedSeal Platform Enables Multiple Enterprise Security
Functions
Incident response
• Quickly assess “blast radius”
• Identify remediation options
Security access, compliance
• Continuous compliance
• Eliminate manual data
Executive management
• Metrics and benchmarks
toward goals
Measure,
benchmark
and set targets
Understand your
Networkwith
and assecurity
network
operations
built
model
• Troubleshooting
• Configuration
validation
Establish standard
policies and verify
compliance
Accelerate
response to
Vulnerability management
vulnerabilities
and incidents
• Improved prioritization
• Automated reporting
RedSeal Product Vision
Security Analytics Platform that provides digital resilience through an integrated model of your ecosystem.
Common model across Networking, Security, & Compliance
Data Center Security
IT Service
SIEM
HP
ArcSight
RedSeal
IT Infrastructure
Vulnerability Managers
Network Devices
RedSeal Integrates With Vulnerability Management Solutions
• Integrates vulnerability scan data
- Import vulnerability information and
system configurations
• Improves existing products
- Identify unknown, unscanned systems
- Flag stale scan data
• Adds value
- Network context aids in prioritization
- Analysis of detailed traffic paths
identifies alternate remediations
- Patching
- Firewall rule changes
- Segmentation
- Isolation or shutdown system(s)
RedSeal Discovers Unmanaged, Unscanned Hosts
Unscanned subnets
Remote
Extranet
DMZ
Newly deployed
cloud infrastructure
Company
Core
Partners
Lab
Advanced secret lab
Data
Center
RedSeal Provides Network Access Context to Prioritize Vulnerabilities
Unapproved,
forbidden access
CVSS 6
Approved,
planned access
Remote
Extranet
DMZ
Company
CVSS 7
Core
Partners
Lab
Vulnerabilities on this server should be
considered “high risk” – there is an
unauthorized access path to it
CVSS 4
Data
Center
Leverage Your Security Products
Network information sources
ROUTERS
FIREWALLS
LOAD BALANCERS
CONFIGURATION
MANAGEMENT DATABASES
CLOUD INFRASTRUCTURE
SECURITY
VULNERABILITY
MANAGEMENT
RedSeal value generated
Calculates your
actual security
posture (policy)
Verifies access rules for
Cloud-based hosts and data
Looks at reachability
and asset value and
identifies which
vulnerabilities should
be fixed first.
RedSeal Selected Customer Snapshot
TECHNOLOGY
RETAIL
FINANCE
FEDERAL
UTILITIES & SPs
1/2016
Problems solved by RedSeal
• Federal government
- Problem: Discontiguous wildcard masks in ACLs, cloned across routers
- RedSeal solution: Pinpointed precise configuration settings with this error
• Hotel chain
- Problem: Remote server re-booting, 6 month investigation could not identify cause
- RedSeal solution: Identified duplicate IP/Mirrored system with failover executing
• Retail
- Problem: Delays in detecting “left open” ACLs in store routers until IDS traffic spike
- RedSeal: Daily monitoring/detection of “forbidden” access
• Consumer electronics
- Problem: Re-constructed network after breach required “flawless” security
- RedSeal solution: Continual validation of security policities while rebuilding network
Three Things to Remember
• RedSeal organizes past investments
• RS provides actionable intelligence into today’s
operational environment
• RS is a staging platform for designing controls into new
IT investments (Network Development Lifecycle)
(Deploy new infrastructure – Securely)
Don’t Forget to fill in Survey
Thanks
RedSeal
The Measure of Resilience
redseal.co