Visibilidad y control de la seguridad en la nube Septiembre 2018 Maria Garcia Iñañez mginanez@sonicwall.com +34 620 703 537
Estrategia de Sonicwall para el 2018 Management, Core Firewall Automated Reporting and Platforms Breach Prevention 150+ Analytics Virtual, Security, Usability, Enhance and expand the Scalability, Platforms, Multi- Capture service to address Cloud enabled & zero countries Gig latest attacks touch deployment • Septiembre 2018 200+ Wireless & End Point Rich APIs • Maria Garcia Iñañez Mobility Integration patents Secure automation and 3 rd • mginanez@sonicwall.com New APs, 802.11ac Wave2, Automate AV enforcement party ecosystem • +34 620 703 537 Cloud Management, & enhance client security interoperability Security for Wireless
Real-Time Breach Analyzed Credited Detection and Prevention 9.3 billion malware Discovery of unique attack attempts in 2017 variants every day. Technology Streaming Data Classified Malware PDF RANSOMWARE Locky Email BLOCK RANSOMWARE Data File WannaCry Artifact 1 TROJAN Spartan Artifact 2 DEEP LEARNING ALGORITHM Artifact 3 UNKNOWN Machine Learning CLOUD CAPTURE Artifact 4 SANDBOX Hypervisor Endpoint Emulation Virtualization Dedicated Memory To innovation in Established automated breach Bad Good in 1999 BLOCK prevention solutions until SENT VERDICT BLOCK
mmm… PEAK 16 Dell - Internal Use - Confidential 4
Capture Labs (Equipo dedicado de investigación) • Creado en 1999 • Sinergias entre productos Sonicwall: • NGFW • SMA • E-mail Security 5 Dell
Capture Labs PROCESO • Recoger • Clasificar • Firmas • Proteger
SonicWall Capture ATP Status
50+ 1.0M+ < 24 100K+ 100K+ 24x7x36 5 Malware Malicious Hr. Sensors Industry samples events research Monitoring Response to organization collected analyzed zero-day s in which daily daily intelligence vulnerabilitie is shared s 8
Machine learning + Human analysis • Conocer el ADN del código malicioso • Comunidades y otras empresas de investigación de amenazas • Entornos de simulación propietarios • Microsoft Active Protections Program https://technet.microsoft.com/en- us/security/dn467918.aspx PEAK 16 Dell - Internal Use - Confidential 9
Firmas • Una vez realizada la clasificación se procede a crear las firmas • Propagación automática de firmas, tantas veces como sea necesario. • No es necesario reboot y sin impacto en la red
Toda la seguridad disponible • Cloud AV: todas las firmas están disponibles en appliance + Cloud
Capture Labs PROCESO • Recoger • Clasificar • Firmas • Proteger
Real-Time Breach Analyzed Credited Detection and Prevention 9.3 billion malware Discovery of unique attack attempts in 2017 variants every day. Technology Streaming Data Classified Malware PDF RANSOMWARE Locky Email BLOCK RANSOMWARE Data File WannaCry Artifact 1 TROJAN Spartan Artifact 2 DEEP LEARNING ALGORITHM Artifact 3 UNKNOWN Machine Learning CLOUD CAPTURE Artifact 4 SANDBOX Hypervisor Endpoint Emulation Virtualization Dedicated Memory To innovation in Established automated breach Bad Good in 1999 BLOCK prevention solutions until SENT VERDICT BLOCK
RTDMI Real Time Detection Memory Inspection “Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender . “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds . More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”
¿Qué es RTDMI? • Incluido en el servicio SonicWall Capture ATP Sandbox. • RTDMI identifica y bloquea malware que puede no mostrar ningún comportamiento malicioso detectable u oculta su armamento a través del cifrado. Al obligar al malware a revelar su armamento en la memoria, RTDMI detiene de forma proactiva las amenazas de día cero del mercado masivo y el malware desconocido utilizando con precisión técnicas de inspección basadas en la memoria en tiempo real.
RTDMI también analiza los documentos dinámicamente a través de la tecnología patentada de detección de exploits, junto con la inspección estática, para detectar muchas categorías de documentos maliciosos, que incluyen: • Flash de Microsoft Office malicioso • Exploits basados en Dynamic Data Exchange (DDE) y malware dentro de los archivos de Microsoft Office • Archivos de Microsoft Office y PDF con malware • Archivos basados en shellcode y multicapa • Archivos maliciosos basados en macro • Documentos PDF con “ infeciones de JavaScript" • Documentos PDF maliciosos basados en phishing que conducen a sitios web de host de phishing y malware
Real-Time Breach Detection and Prevention Technology CLOUD FW • IPS • ATP • DPI TLS • ANTI - MALWARE • CASB • ANTI - PHISHING • URL FILTERING • WAF SECURITY THREAT PREVENTION MANAGEMENT REPORTING / ANALYTICS
CLOUD FW • IPS • ATP • DPI TLS • ANTI - MALWARE • CASB • ANTI - PHISHING • URL FILTERING • WAF SECURITY THREAT PREVENTION MANAGEMENT REPORTING / ANALYTICS Network Security Platforms WiFi Mobile Endpoints Email Cloud IoT SMB, DC, MSP, Distributed Enterprise, EDU, Fed SMB, MSSP SMB, MSSP
Arquitectura Sonicwall 2018 CAPTURE Cloud (Management, Analytics and Reporting) CAPTURE Client CAPTURE Advanced Threats CAPTURE Application Security NS Public and Private Cloud (NS v ) API Appliances Appliances SonicWave Appliances Appliances Appliances Application (Wireless) Appliance Firewall Virtual Virtual Virtual SaaS SaaS SMA Web NS ES (Linux) NGFW Cloud Security Email Security Secure Remote Access
SonicWall Automated Real-time Threat Detection & Prevention Real Time Deep DPI for Capture Capture NGFW Memory TLS/SSL ATP Sandbox Client In Q1 2018, Inspection SonicWall Rollback to a good state for any remaining zero-day stopped 3.1 malware and mobility billion malware Capture Client 68% of provides rollback RTDMI finds 50% Internet attacks, an for any malware more zero days 2% of malicious Traffic is that makes it than ATP alone files are unknown encrypted through increase of 3,500 zero day 554 new threats 7,739 malware & 151% over 335 encrypted threats found by found by Capture 173 ransomware threats per RTDMI ATP per day customer attacks per Q1 of 2017 customer Shared Ultra-fast, Multi-technology, High security efficacy, High Why we are different intelligence, catches never- block until machine learning performance rollback before-seen verdict, deep algorithms patented RFDPI attacks learning
Capture Security Center
Sonicwall Capture Security Center SonicWall Capture Security Center Firewall Management | Visibility and Control | Reporting and Analytics | Threat Meters Intuitive Unified security Real-time visibility Simplified dashboard with with single pane of and control for fast automated critical security glass experience remediation workflows alerts Advanced Transaction Next-gen analytics customizable Effective policy tracking with with actionable reporting tools management compliance audit information with scheduling ready information options Zero-Touch Capture Capture Threat Analytics Deployment Client Assessment 22
Diferenciadores competitivos Capture Threat Zero-Touch Workflow Analytics Reports Assessment Automation Deployment Operationalizes Demonstrate the Four simple steps Deep learning for Know and remote firewall in value of the to error-free actionable insight 4 easy steps understand security unseen policy and knowledge risks management Cut time, cost and Deep visibility and Reduces incident complexity of firewall Threat information situational response time with Mitigates risk, provisioning while for better-informed awareness of the reduces errors, and real-time, actionable security and security planning threat intelligence network security improves efficiency connectivity occur and policy decisions environment automatically 23
Analytics Deep learning for actionable insight and knowledge 25
26
Zero-Touch Deployment Service Activate Capture Security Center and Register the firewall Registers the new firewall in MySonicWall using it assigned Serial Number and Authentication Code and then activate license for Capture Security Center cloud services . Connect the firewall Connects the firewall to the network using the ethernet cable that came with the unit. Power-up the firewall Power-up the firewall after connecting the power cable and plugging it into a standard wall outlet. Units is automatically assigned a WAN IP using DHCP server. Once Internet connectivity is established, the unit is automatically discovered, authenticated and added to Capture Security Center with all licenses and configurations synchronized with MySonicWall and License Manager. Manage the Firewall The unit is now operational and manageable by the Capture Security Center cloud-based central management console.
Thank You Maria Garcia Iñañez mginanez@sonicwall.com +34 620 703 537
Recommend
More recommend