Transcript Application Management - blackardconsulting.com

McAfee Web Protection
Protect Your Enterprise Against Web
Threats
.
McAfee Confidential
Malware Is Changing…
2011
Rise in Adobebased attacks
• PDF, Flash
2012
Zero-day Java
and JavaScriptbased attacks
2013
Sophisticated evasion
techniques
• Unique, one time-only URL or
file
• Obfuscation
• Dynamic code generation
Browser-specific attacks
• Ex: known Firefox exploits
• Anticipate rise in HTML5
attacks
.
2
McAfee Confidential
The Cloud Brings New Challenges
SECURITY
APPLICATION
VISIBILITY
FLEXIBILITY
Increasingly
sophisticated malware
Increased SSLencrypted web traffic
Advanced, persistent
threats
More people & devices
connecting to more
applications outside
traditional network,
often without IT
knowledge
Need to accommodate
changing business
conditions
Protection needs to
travel with the user
and device rather than
stay in the office
.
3
McAfee Confidential
The Cloud Brings New Challenges
SECURITY
APPLICATION
MANAGEMENT
FLEXIBILITY
Increasingly
sophisticated malware
Increased SSLencrypted web traffic
Advanced, persistent
threats
More people & devices
connecting to more
applications outside
traditional network
Need to accommodate
changing business
conditions
Protection needs to
travel with the user
and device rather than
stay in the office
.
4
McAfee Confidential
Security
How bad is the problem?
How can I block web-borne
threats?
What about outbound threats?
What other add-on tools should I
consider?
.
5
McAfee Confidential
Global Threat Intelligence
Threat
Reputation
Web Reputation
Sender Reputation
Application
Network Activity
Ports / Protocol
URL
Mail Activity
File Reputation
Domain
Affiliations
IP Address
Web Activity
Email Address
DNS Server
Data Activity
Geo-location
Web
Gateway
Mail
Gateway
Host AV
Host IPS
3rd Party
Feed
2B Botnet C&C
IP Reputation
Queries/mo.
20B Message
Reputation
Queries/mo.
Network
IPS
Firewall
300M IPS
attacks/mo.
300M IPS
attacks/mo.
2.5B Malware
Reputation
.
Queries/mo.
300M IPS
Attacks/mo.
Geo location
feeds
.
6
Security Connected
McAfee Confidential
McAfee Gateway Anti-Malware Engine Scanning
• Unique to McAfee
Web Protection
DISSECT
ANALYZE
• Emulation provides
real-time protection
• Most effective zeroday protection
EMULATE
“MWG has strong malware protection due to its on-box browser code emulation capabilities.”
Gartner, Magic Quadrant for Secure Web Gateways
.
7
McAfee Confidential
Security
Malware detection
100%
99%
95%
91%
99%
99% 99% 97%
94%
McAfee
91%
Blue Coat
85%
Cisco
80%
New
Websense
71% 2013 results
• Web Gateway
increases Zero-Day
protection to 95%
• Other vendors invited
to participate
74%
58%
60%
40%
25%
–16%
No response
20%
0%
Zero Day Protection Rate
PE Malware Detection
Non-PE Malware Detection
• Cloud intelligence
• Signature-based
protection
• PDF exploits
• Ability to open content
and inspect
• Proactive scanning
• Worms, Trojans
• PW stealing programs
• Macros for MS Office
• Malicious scripts
AV-Test.org
Performance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by
the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.
McAfee Confidential
.
8
Proof Point
Competitive POC
BACKGROUND
• Fortune 10 US corporation with world-wide network
• Existing Blue Coat installation
Scanned
30-Day POC Evaluation
Ninety-two million URLs
One sixth of web traffic sent to
Web Gateway after being
scanned by existing solution
346,000 websites and
web objects
Results
280,000 URLs categorized
incorrectly by current proxy
50,000 URLs with
unacceptable reputations
16,000 discrete web objects
containing malware
OUTCOME
•
•
•
•
1,000 desktops saved from infection during POC
Remediation costs: $150–$200 per desktop
During POC: $150,000–$200,000 savings
POC result: Prospect became a customer
.
9
McAfee Confidential
Security
Integrated DLP prevents data leakage
Credit card numbers found
Apply comprehensive DLP rules
Supports preformatted McAfee DLP dictionaries
(HIPAA, PCI, UK-NHS, European IBAN)
.
McAfee Confidential
Security
Encrypt data going to the cloud
Encryption
protects cloudbased files
.
11
McAfee Confidential
McAfee Advanced Threat Defense
Comprehensive approach to malware
Advanced
Threat Defense
Threat
Intelligence
Exchange
FIND
Network
Security Platform
Next Generation
Firewall
FREEZE
FIX
McAfee
Enterprise
Security Manager
(SIEM)
McAfee
Web Gateway
McAfee
Real Time
McAfee
Email Gateway
Endpoint
McAfee Confidential
.
12
Application Management
Application Discovery
• What applications are your
users actually using?
Application Controls
• Can you manage application
entitlements?
Application Access
• Can you deliver user access and
strong authentication?
.
13
McAfee Confidential
Frost & Sullivan:
The Hidden Truth Behind shadow IT
.
McAfee Confidential
Application Discovery
What are your users up to?
What applications
are on your
network?
How much
bandwidth are they
using?
Which are
blocked?
Who are
the top
users?
.
15
McAfee Confidential
Integrated, Actionable Discovery
Content Security Reporter + McAfee ePO = visibility, control, compliance
.
16
McAfee Confidential
Web Application Controls
Enforce acceptable usage policy
Enable/Disable specific
applications
Control entitlements,
access, data sharing
Apply policy based on
application, user,
group, risk, …
.
17
McAfee Confidential
Application Controls
YouTube example
Customize block page
with your logo, colors,
instructions…
Query for YouTube category in real-time
Set policy by: Category, Author, Channel
.
McAfee Confidential
Application Access
Web identity
Single
Sign On
One Time
Password
Laptop
Internal User
Mobile
Web Identity Launch Pad
.
19
McAfee Confidential
Web Gateway Multi-layered Protection
•
•
•
•
• Identify web applications in use
• Controls enforce acceptable usage policy
• SSO and multi-factor authentication for access
Application
Management
• DLP Engine
‒ Full dictionaries
‒ Enforce data leakage policy
• File encryption
‒ Protect data on file-sharing sites
• Identify “phone-home” behavior
• Aggressive scanning of nonhuman initiated requests
Outbound Traffic
Data
Leakage
Botnet
Client
Reputation (GTI)
Geo-location (GTI)
URL categorization & filtering (GTI)
Media & file analysis
Content
Inspection
ePO
SSL
Scanning
Anti-Malware
• Scrutinize HTTPS traffic
• Identify malware hidden in
encrypted web sessions
• Enforce application controls
• Signature-based AV
• Zero-day malware detection
‒ Dissect, emulate target
platform environment
‒ Evaluate code behavior
Inbound Traffic
.
McAfee Confidential
FLEXIBILITY
What is the most effective
deployment scenario for me?
• Should I go on-premises or the
cloud?
How do I manage web access for
remote or mobile users?
• Is there some way to protect
them from malware infections?
.
21
McAfee Confidential
Flexibility
Deploy on-premise, in the cloud, or a hybrid combination
Appliance and
SaaS (Hybrid)
Appliance and
SaaS (Hybrid)
Remote
Users
(SaaS)
VM
SaaS or VM
Performance and Scalability
from Branch Offices to Corporate Headquarters
Common policy, management & reporting
SaaS
Cloud-based
Virtual Appliance
Hardware
Appliances
Blade Server
.
McAfee Confidential
McAfee Client Proxy
Protect mobile & remote users
Corporate Office
On-Network
Web Gateway
?
Off Network
?
Internet
Browser
Client Proxy
Active
McAfee Confidential
McAfee Data Center
SaaS Web Protection
(or Web Gateway in DMZ)
.
23
Features & Benefits
Secure
• Best of breed security services, #1 malware defense
• Protect on-premises and remote/traveling users
Proven Scalability
• Start small - SMB to enterprise
• Add capacity, as needed
Flexible Architecture
• Fit business requirements
• Adapt as business needs change
Cost-effective
• One SKU, one price
• Buy only what you need
Manageable
• Easy policy synchronization
• Consistent, cross-platform reporting
.
24
McAfee Confidential
McAfee Web Protection
Security
• Rules-based policy enforcement
• Global Threat Intelligence
• AV & Gateway Anti-Malware engines
• Built-in Data Loss Prevention
• Cloud storage file encryption
• Advanced Threat Defense integration
Application Management
• Identify and control rogue SaaS
applications
• Single sign-on and multi-factor
authentication
Flexibility
• Mobile & remote user protection
• Hybrid deployment options with policy
synch
• Forward and reverse proxy options
.
25
McAfee Confidential
Next Steps – Prove It to Yourself!
STEP THREE
STEP ONE
Run Web Gateway Proof of
Concept
Communicate Results.
Take Action!
STEP TWO: REVIEW RESULTS
# of Detailed
Web Access
APPLICATION NAME
SUM OF HITS
CATEGORYNAME
BitTorrent Variants
22640
35
Google Analytics
1183
Payment Card
Industry – Credit Card Number
Violations
Hotmail
766
DLP: User-Defined Dictionary
23
Facebook
754
1
59
Other
4093
SOX Compliance – Merger and
Acquisition
TOTAL
29463
TOTAL
MALWARE NAME
SUM OF HITS
McAfeeGW: Heuristic.BehavesLike.JS.Infected.A
38
GoMcAfeeGW: Heuristic.BehavesLike.JS.Unwanted
19
McAfeeGW: Heuristic.BehavesLike.Win32.SuspiciousBAY.G
11
McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.K
7
Other
12
TOTAL
87
.
26
McAfee Confidential
www.McAfee.com/webprotection
.
McAfee Confidential