Genealogy

Evaluating Essential Advanced Security Options for Your Business. Robert Smithers CEO, Miercom

Categories
Published
of 42
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
Evaluating Essential Advanced Security Options for Your Business Robert Smithers CEO, Miercom About Miercom Networking Consulting Firm Publish Media - Test Lab Alliance Vendor Agnostic - No Undue Influence
Transcript
Evaluating Essential Advanced Security Options for Your Business Robert Smithers CEO, Miercom About Miercom Networking Consulting Firm Publish Media - Test Lab Alliance Vendor Agnostic - No Undue Influence Editorial Integrity and Excellence Reports For the Community License Free 30 Years Experience Testing Network Security Adaptive Methodologies and TTPs Agenda SWG, Sandboxing, NGFW technologies Test Results Malicious URLs Malware TCO Analysis EPP Technologies Testing Results Malware TCO Analysis Participating Vendors and Products All vendors have opportunity to represent their products before, during and after any test review No pay to play for Industry Assessment test reviews Miercom is vendor agnostic Vendors responsibility to participate and submit their own product(s) Miercom reserves the right to acquire or obtain access to any unrepresented product Secure Web Gateway Next-Generation Firewall Unified Threat Management Sandbox Threat Emulation Spam Filtering End Point Protection Types of Security Products Tested Secure Web Gateway (SWG) 1 of 2 Edge security platform against Web-borne threats that can invade enterprise network via Internet browsing; enforces organization s policies for Internet usage and regulatory compliance Essential functionality: URL filtering, malicious code detection/filtering and application control Products with real-time, cloud-based content analysis tend to outperform those that look up URLs and/or threat signatures in static database Secure Web Gateway (SWG) 2 of 2 Class of product for organizations of all sizes: SMB and Enterprise SMB: protects against basic threats, easy to implement/manage Enterprise: protection extended to advanced and targeted threats, requires more skill and resources to implement/manage On-premises appliance most popular with software, virtual, cloud (SWG as a Service) and on-premises / cloud hybrid versions also available Next-Generation Firewall (NGFW) 1 of 2 Evolutionary type of network edge security device Possesses combination of functionality of basic firewall and enhancements - Traffic inspection enables detection and blocking of malicious activity - Application awareness enables identification of attacks directed at network as well as enforcement of organization s Internet usage and regulatory compliance policies Next-Generation Firewall (NGFW) 2 of 2 Available for organizations of all sizes Can be deployed as appliance, virtual appliance or softwarebased solution Inline bump in the wire deployment: enabling functionality does result in reduced network performance Next-generation firewall arguably has caused basic firewall to go the way of video cassette recorders and VHS tapes, into obsolescence Unified Threat Management (UTM) 1 of 2 Just as Next-Generation Firewall, an evolutionary class of network edge security platform Combination of firewall and VPN of basic firewall plus Intrusion Prevention System also found in Next-Generation Firewall URL filtering and anti-virus also found in Secure Web Gateway Anti-spam and mail antivirus also found in Spam Filtering products Primarily aimed at small and mid-sized businesses Unified Threat Management (UTM) 2 of 2 Available as appliance, virtual appliance, software and cloud-based Network administrator must find balance between security and network performance Individual packets examined by each security function enabled, adding to latency/detracting from throughput Sandbox 1 of 2 Security technique for protecting enterprise network from malware by running applications and visiting Websites in a controlled environment FireEye leads market with competitors including AhnLab, Blue Coat, Check Point, Damballa, McAfee, Palo Alto Networks and Sourcefire (acquired by Cisco in October 2013) Sandbox appliance or cloud-based service is part of a multi-layered security system Sandbox 2 of 2 Botnets, zero-day attacks and corporate espionage among factors that fueled advent of sandbox; virtualization has facilitated utilization of sandbox Small percentage of malware has written-in capability to try to defeat sandbox Check environment to determine if it is in a sandbox Seek to be allowed to pass by attempting to time out the sandbox, stalling by performing meaningless calculations Spam Filtering 1 of 2 Class of network security device that safeguard against unwanted inbound and outbound spam Inbound: protect networked computers against dangerous forms of spam such as phishing attempts and s containing viruses Outbound: protect against networked computers from being compromised and used as a zombie in a botnet to generate spam Spam Filtering 2 of 2 Spam is no small problem: estimated 50-60% of enterprise Key functionality: protect against inbound, targeted phishing attacks Functionality growing in importance: ability to re-evaluate URL link(s) in at the time of end user click Available as appliance, software, managed service Based on Gartner 2013 Magic Quadrant: Product leaders are Cisco, Proofpoint, Symantec, Microsoft and McAfee High Risk and High Visibility Events Specific High Risk Events Advanced Evasive Threats Advanced Persistent Threats CryptoLocker Outbound Botnet Worm Trojan Advanced Evasive Threats (AETs) AETs disguise APTs Split APT into multiple benign pieces; delivered simultaneously Disguised pieces sent through rarely used protocols Pieces reassembles and attacks with APT NGFW products 99% ineffective in detecting or blocking Advanced Persistent Threats (APTs) Multi-stage cyber-attacks Focused on a specific organization or entity Designed to bypass existing defenses and remain undetected Specifically created to exploit network vulnerabilities Actively steals, destroys or modifies information; disrupts operations CryptoLocker Ransomware trojan Encrypts specific types of files using RSA public-key cryptography Message displays an offer to decrypt the data if payment is made Outbound Botnet Botnet is a network of compromised computers under control of a third party whose purpose is to invade the network Remains inactive until they get orders from their command and control hosts Designed to steal the most valuable information on a network Outbound botnet defense protects corporate data from leaving the network Worms Computer worms are a type of malware that replicates functional copies of themselves to cause damage to data or software Host program or human help is not needed for them to propagate Worm enters a computer through a system vulnerability and uses a file- or information-transport feature to allow it to travel independently Trojans A Trojan is another type of malware that appears as legitimate software Users are tricked into loading and executing it Trojans can achieve a variety of attacks on the host from distractions (pop-up windows) to major damage (deleting files, activating and spreading other malware) on the host Can also create back doors to give malevolent users access to the system Malicious URLs 1 of 2 Malicious Lures Malicious lures are sites that lead to a number of threats types. They are a common tactic of search engine optimization poisoning, where hackers lure recipients who are searching for breaking news, celebrity gossip and other popular topics Phishing Sites that counterfeit legitimate sites to elicit financial or other private information such as login credentials, personal identifiable information, or credit card numbers from users Malicious Embedded iframes Sites infected with malicious iframes that lead to malware, bots, exploits and other threats. They are often found on compromised sites and are used as a common method of malware delivery Evasive Malware Evasive malware is at the core of one of the most critical challenges in modern security. This test focuses on downloading malware such as trojans, worms, spyware and others that utilizes types of detection evasion techniques Malicious URLs 2 of 2 Botnets Bot networks are used to launch attacks, install different types of malware, lick fraud, steal victim information or to generate spam Exploits An exploit can be used to gain control or to deny service to a system. The primary sources of this attack are through a compromised website, iframes, or redirections to a malicious website Spyware The focus of this test is to measure the detection and blocking rate of spyware dropper files, which are used in gathering and transmitting system behavior and/or data without the knowledge of the system user. Malicious Redirection Malicious redirection is sites that contain redirections to threats, such as fake AV, bots, and other types of malware Non-Binary Obfuscated Threats Web-borne threats that utilize various types of obfuscation to hide malicious threats such as iframes, redirects, botnet injections and other threats Malware 1 of 2 Legacy Malware Files Legacy samples included several hundred variants of known malware that have been in circulation for 30 days or more. The malware classifications primarily consist of viruses and worms Advanced Persistent Threats (APT) Advanced Persistent Threats (APTs) are considered back doors into a victim network. APT malware consists of a staged payload that, when activated, allows an attacker to obtain shell access Advanced Evasion Techniques (AET) Advanced Evasion Techniques (AETs) is a type of network attack that combines several different known evasion methods to create new technique that is delivered over several layers of the network simultaneously Malware 2 of 2 RATs RATs, or Remote Access Trojans, are malicious code disguised as something normal or desirable so they often masquerade inside other legitimate software. Malicious Documents An additional sample set of malicious documents used in testing contained a mix of Microsoft Office documents (Microsoft Word, PowerPoint and Excel files) that held known macro viruses, and PDF files containing a variety of viruses, APTs and worms. Zero-Day Zero-Day Threats (Unknown Threats) consisted of malware samples that have been custom crafted, undetected samples acquired from external resources and private honeypots. Security Vendors and Products Product Name Function Software Version Blue Coat ProxySG 900 Secure Web Gateway Cisco IronPort S370 Web Security Appliance Cisco Web Security Virtual Appliance w/ Sourcefire AMP Subscription Fortinet FortiGate 100D Appliance w/forticloud FortiGuard Sandbox Subscription Web Security Appliance Mar 2015 Unified Threat Management 5.2 Fortinet Fortigate 600c Unified Threat Management Intel Security (McAfee) SWG 5500 Secure Web Gateway Vendor A Next Generation Firewall V xx Vendor B Next Generation Threat Protection V xx Vendor C Cloud Platform Mar 2015 Vendor D Next Generation Threat Protection V xx Vendor X Next Generation Threat Protection V xx Vendor Y Next Generation Threat Protection V xx Websense TRITON AP-WEB V10000 Secure Web Gateway 7.8.0 End Point Protection Vendors and Products Product Software Version 360 Internet Ad-Ware Avast AVG Bullguard Comodo Eset Kaspersky Microsoft Security Essentials Panda Apr 2015 Symantec 4.3 Trend Micro 4.3 Test Tools and Scripts Effectiveness Rate (%) Miercom Industry Assessment Active Threat Malicious URLs Results Malicious Lures Phishing Malicious Embedded iframe Evasive Malware 40 Bot Networks Exploits 10 0 Spyware TRITON AP-WEB V1000 SG900 SWG 5500 Vendor C FortiGate 600c IronPort S370 Vendor B Vendor A Malicious Redirection Non-Binary Obfuscated Threats Source: Miercom Web Security Industry Assessment, April 2015 Effectiness Rate (%) Miercom Industry Assessment Security Effectiveness Across All Categories Malicious URLs TRITON AP-WEB V1000 SG900 SWG 5500 Vendor C Vendor B Vendor A Industry Average FortiGate 600c IronPort S370 Source: Miercom Web Security Industry Assessment, April 2015 Miercom Industry Assessment - Malware Results Cloud Service Vendor A Vendor B Secure Web Gateway 5500 FortiGate 100 D Appliance w/ ForitCloud FortiGuard Sandbox Subscription FortiGate 600C Cisco Web Security Virtual Appliance w/ SourceFire AMP Subscription Cisco IronPort S NGTP w/ Emulation Cloud Service NGTP SG900 Vendor C Vendor D AET Zero-Day Malware RATS Malicious Documents Legacy Malicious Files Bots APT Source: Miercom Web Security Industry Assessment, April % 20% 40% 60% 80% 100% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 86.8% Vendor A 95.5% SG % 99.9% 4800 NGTP w/ Emulation Cloud Service Miercom Industry Assessment Security Effectiveness Across All Categories Malware NGTP 82.3% 75.1% Cisco IronPort Cisco Web S370 Security Virtual Appliance w/ SourceFire AMP Subscription 68.9% 56.3% 46.5% FortiGate 600C 79.7% FortiGate 100 D Appliance w/ ForitCloud FortiGuard Sandbox Subscription 84.7% Secure Web Gateway % Vendor C Vendor D Vendor B 97.4% Cloud Service 83.1% Industry Average Source: Miercom Web Security Industry Assessment, April 2015 TCO Valuation Criteria The following were evaluated to create the products Total Cost of Ownership Price of Product/Appliance Support Packages License Fees Overall Efficacy Rate (%) 100 Miercom Industry Assessment Secure Web Gateway Security Efficacy v TCO Malicious URLs and Malware 4800 NGTP FortiGate 100D 90 V Web Security Virtual Appliance NX 1310 ATP:N 70 SG Industry Average Effective Rate SWG 5500 PA-2020 IronPort S370 Cloud Service C 30 70,000 60,000 50,000 40,000 Annual TCO 30,000 Industry Average Cost 20,000 10,000 0 Source: Miercom Web Security Industry Assessment, April 2015 Endpoint Protection Endpoint Protection is a client/server information security methodology for protecting a network through focusing on network devices (endpoints) by monitoring their status, activities, software, authorization and authentication. Security software is installed on any endpoint device, as well as network servers Such software may include antivirus, antispyware, firewall and HIPS Percentage Blocked (%) Miercom Industry Assessment Endpoint Protection Results Legacy BotNet APT Malicious Documents 20 RATS 10 0 Ad-Aware 360 Internet Industry Average Zero Day Source: Miercom Web Security Industry Assessment, April 2015 Effectiveness Rate (%) Miercom Industry Assessment EPP Security Effectiveness Across All Categories Malware Ad-Aware 360 Internet Industry Average Source: Miercom Web Security Industry Assessment, April 2015 Overall Effectiveness (%) Miercom Industry Assessment Secure Web Gateway EPP Efficacy v TCO Malware Industry Average Effective Rate 40 Ad-Aware $600 $500 $400 Industry Average Cost $300 Annual TCO $200 $ Internet $0 Source: Miercom Web Security Industry Assessment, April 2015 Summary of Questions and Criticisms of Testing Some don t want to be featured at all Some needed to be masked completely Links aren t malicious causing false positives Active threats may be older We believe them to be recurring Questions? Thank you! For more information contact Rob Smithers
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks