Transcript Slide 1
Rapid Threat Response
From 7 Days to 7 Seconds
© 2013 Bradford Networks. All rights reserved.
Agenda
•
•
•
•
•
•
Changing Threat Landscape
Evolution of NAC to Security Automation
Intro to Bradford Networks
Leveraging Integration and Correlation
Rapid Threat Response
Business Impact
Profile of Today’s Advanced Cyber Threats
Phishing
Email on End
User’s Device
User’s Device
Compromised
Attack surface is now
Internal
Network
Scan
Data
Consolidation
Data
Exfiltration
3x what is was just a few years ago.
The Enterprise Today … Dynamic, Complex
BLIND
SPOT
SAFE
SAFE
Network Access Control
Assessing the Risk of
Every User and Device
SAFE
SAFE
BACK
DOOR
Visibility
Policies
Enforcement
Network Visibility
WHERE
LOCATION 1
Real-Time
Visibility
LOCATION 2
….
Single
Network Sentry
Appliance
LOCATION N
VPN
WHO
WHAT
WHEN
Flexible Network Access Policies
WHO
WHAT
WHERE
WHEN
TRUSTED
LOCATIONS
TRUSTED
USERS
TRUSTED
TIME
TRUSTED
DEVICES
Policy Enforcement
Assign
Network Access
Assess
Risk
Unrestricted
Access
Identify
Device
Identify
User
Restricted
Access
Guest
Access
No
Access
Endpoint Compliance
Device
Risk Assessment
Safe
Configuration
Required OS
Patch Levels
Endpoint
Protection
Mandatory
Applications
Minimum
Application Version
VLAN
Assignment
Gaining and Removing Network Access
Criteria for
Criteria for
Gaining
Removing
Network Access
Network Access
Network Access Control
Active Directory
Security Information &
Event Management
Visibility
Antivirus
Patch
Management
Mobile Device
Management
Application
Whitelisting
Trusted
Configurations
Network Access Policies
Self-Service
Onboarding
Threat / Device
Correlation
Endpoint Visibility &
Compliance
Network Change
Automation
Connect
Reassign
Reconfigure
Risk
Indication
Threat Investigation
Workflows
Control
Network
Access
Rapid Threat
Response
Isolate
Investigate
Block
Intrusion Detection
Systems
Advanced Persistent
Threat Detection
Security Intelligence &
Big Data Analytics
Evolution of NAC
Rapid
Threat Response
Minimize Threat Think Time
NAC 3.0
Threat
Investigation
Security Automation
Simplify Investigation Workflows
Consumerization/
BYOD
NAC 2.0
Enable Safe Network Provisioning
BYOD
Endpoint
Compliance
Ensure Safe Devices
NAC 1.0
Safe Onboarding
Enable
Scalable Onboarding
Self-Service
Onboarding
Rapid Threat Response
© 2013 Bradford Networks. All rights reserved.
Cyber Threat Lifecycle
Attack
To
Compromise
Attack
Compromise
To
Detection
Compromise
Detection
To
Containment
Detection
Cyber Threat Lifecycle
Containment
Why Detection to Containment Takes 7 Days
Escalating
Total Cost
More Records
Breached
Theft
More Impact
on Brand
Impact
Detection to Containment Time
Threats Are Targeted
and Complex
Fragmented
IT Skills
Silos of Security
Information
Too Many
Security Events
Getting Threat Response Down to 7 Seconds
Cyber Security Strategy
Visibility
Prevention
Automation
Detection
Response
Threat Containment
Block
Device
Restrict
Access
Manual
7 SECONDS
Remediate
Device
Threat Intelligence
Determine
Motive
Trace
Method
Uncover
Mistakes
About Bradford Networks
Leader in
Rapid Threat Response
SmartEdge
Integration Platform
Live Inventory of Network
Connections (LINC)
Best Buy Rating
From SC Magazine
Network Analytics and
Forensics
SmartEdge Platform
BYOD
SIEM
Endpoint
Protection
Detection
Network
Firewalls
USER
TIME
DEVICE
APPLICATIONS
CONNECTION
Rapid Threat Response (RTR) Essentials …
Live Inventory of Wired, Mobile and VPN Connections
Integrated High Fidelity Security Alerts
Business-Criticality of User and Endpoints
Real-Time and Flexible Control of Network Access
Network Sentry/RTR in Action
Detection
Response
7 SECONDS
Threat
Containment
Block
Device
IP Address
+ User Name
+ Security Group
+ Device Type
+ Operating System
+ Wired Adapters
+ Wireless Adapters
+ Installed Applications
+ Network Location
+ Connection Port
Restrict
Access
Remediate
Device
Business Impact with Bradford Networks
Reduce Threat Response Time From Days to Seconds
Automate Response and Reduce Burden on Security
Staff
Quickly Contain Threats, Prevent Propagation
Minimize Cost , Protect Brand, Protect Assets