control de la seguridad en la nube Septiembre 2018 Maria Garcia - - PowerPoint PPT Presentation

control de la seguridad en la nube
SMART_READER_LITE
LIVE PREVIEW

control de la seguridad en la nube Septiembre 2018 Maria Garcia - - PowerPoint PPT Presentation

Jan 31, 2024 347 likes •635 views

Visibilidad y control de la seguridad en la nube Septiembre 2018 Maria Garcia Iaez mginanez@sonicwall.com +34 620 703 537 Estrategia de Sonicwall para el 2018 Management, Core Firewall Automated Reporting and Platforms Breach

slide-1
SLIDE 1

Visibilidad y control de la seguridad en la nube

Septiembre 2018 Maria Garcia Iñañez mginanez@sonicwall.com +34 620 703 537

slide-2
SLIDE 2

Management, Reporting and Analytics

Cloud enabled & zero touch deployment

Estrategia de Sonicwall para el 2018

150+

countries

200+

patents

Rich APIs

Secure automation and 3rd party ecosystem interoperability

Wireless & Mobility

New APs, 802.11ac Wave2, Cloud Management, Security for Wireless

Automated Breach Prevention

Enhance and expand the Capture service to address latest attacks

End Point Integration

Automate AV enforcement & enhance client security

Core Firewall Platforms

Virtual, Security, Usability, Scalability, Platforms, Multi- Gig

  • Septiembre 2018
  • Maria Garcia Iñañez
  • mginanez@sonicwall.com
  • +34 620 703 537
slide-3
SLIDE 3

Real-Time Breach Detection and Prevention Technology

DEEP LEARNING ALGORITHM

Machine Learning

Artifact 1 Artifact 2 Artifact 3 Artifact 4 Data File Email PDF Streaming Data Classified Malware

RANSOMWARE Locky RANSOMWARE WannaCry TROJAN Spartan UNKNOWN

BLOCK

CLOUD CAPTURE SANDBOX Hypervisor

Good Bad

BLOCK until VERDICT

SENT

Emulation Virtualization

BLOCK

Dedicated

To innovation in automated breach prevention solutions

Analyzed

9.3 billion malware attack attempts in 2017

Established in 1999 Credited

Discovery of unique variants every day.

Endpoint Memory

slide-4
SLIDE 4

PEAK16

Dell - Internal Use - Confidential

mmm…

4

slide-5
SLIDE 5

Capture Labs (Equipo dedicado de investigación)

  • Creado en 1999
  • Sinergias entre

productos Sonicwall:

  • NGFW
  • SMA
  • E-mail Security

5

Dell

slide-6
SLIDE 6

Capture Labs

PROCESO

  • Recoger
  • Clasificar
  • Firmas
  • Proteger
slide-7
SLIDE 7

SonicWall Capture ATP Status

slide-8
SLIDE 8

8

1.0M+

Sensors

50+

Industry research

  • rganization

s in which intelligence is shared

24x7x36 5

Monitoring

< 24 Hr.

Response to zero-day vulnerabilitie s

100K+

Malware samples collected daily

100K+

Malicious events analyzed daily

slide-9
SLIDE 9

PEAK16

Dell - Internal Use - Confidential

Machine learning + Human analysis

  • Conocer el ADN del código

malicioso

  • Comunidades y otras empresas

de investigación de amenazas

  • Entornos de simulación

propietarios

  • Microsoft Active Protections

Program

https://technet.microsoft.com/en- us/security/dn467918.aspx

9

slide-10
SLIDE 10

Firmas

  • Una vez realizada la clasificación se

procede a crear las firmas

  • Propagación automática de firmas,

tantas veces como sea necesario.

  • No es necesario reboot y sin impacto en

la red

slide-11
SLIDE 11

Toda la seguridad disponible

  • Cloud AV: todas las firmas están disponibles

en appliance + Cloud

slide-12
SLIDE 12

Capture Labs

PROCESO

  • Recoger
  • Clasificar
  • Firmas
  • Proteger
slide-13
SLIDE 13

Real-Time Breach Detection and Prevention Technology

DEEP LEARNING ALGORITHM

Machine Learning

Artifact 1 Artifact 2 Artifact 3 Artifact 4 Data File Email PDF Streaming Data Classified Malware

RANSOMWARE Locky RANSOMWARE WannaCry TROJAN Spartan UNKNOWN

BLOCK

CLOUD CAPTURE SANDBOX Hypervisor

Good Bad

BLOCK until VERDICT

SENT

Emulation Virtualization

BLOCK

Dedicated

To innovation in automated breach prevention solutions

Analyzed

9.3 billion malware attack attempts in 2017

Established in 1999 Credited

Discovery of unique variants every day.

Endpoint Memory

slide-14
SLIDE 14

RTDMI Real Time Detection Memory Inspection

“Attacks are leveraging sophisticated and proprietary encryption techniques to mask their attacks within memory,” said SonicWall CTO John Gmuender. “For this reason, organizations need to be proactive in identifying and mitigating attacks where weaponry only is exposed for up to 100 nanoseconds. More and more malware, ransomware and other advanced attacks will be delivered via this vector in the coming months and years.”

slide-15
SLIDE 15

¿Qué es RTDMI?

  • Incluido en el servicio SonicWall Capture ATP Sandbox.
  • RTDMI identifica y bloquea malware que puede no mostrar ningún

comportamiento malicioso detectable u oculta su armamento a través del cifrado. Al obligar al malware a revelar su armamento en la memoria, RTDMI detiene de forma proactiva las amenazas de día cero del mercado masivo y el malware desconocido utilizando con precisión técnicas de inspección basadas en la memoria en tiempo real.

slide-16
SLIDE 16

RTDMI también analiza los documentos dinámicamente a través de la tecnología patentada de detección de exploits, junto con la inspección estática, para detectar muchas categorías de documentos maliciosos, que incluyen:

  • Flash de Microsoft Office malicioso
  • Exploits basados ​en Dynamic Data Exchange (DDE) y malware dentro

de los archivos de Microsoft Office

  • Archivos de Microsoft Office y PDF con malware
  • Archivos basados ​en shellcode y multicapa
  • Archivos maliciosos basados ​en macro
  • Documentos PDF con “infeciones de JavaScript"
  • Documentos PDF maliciosos basados ​en phishing que conducen a

sitios web de host de phishing y malware

slide-17
SLIDE 17

Real-Time Breach Detection and Prevention Technology

FW • IPS • ATP • DPI TLS • ANTI-MALWARE • CASB • ANTI-PHISHING • URL FILTERING • WAF THREAT PREVENTION MANAGEMENT REPORTING / ANALYTICS

CLOUD

SECURITY

slide-18
SLIDE 18

CLOUD

SECURITY

Network Security Platforms

SMB, DC, MSP, Distributed Enterprise, EDU, Fed

Cloud IoT Email Mobile Endpoints

SMB, MSSP

WiFi

SMB, MSSP

FW • IPS • ATP • DPI TLS • ANTI-MALWARE • CASB • ANTI-PHISHING • URL FILTERING • WAF

THREAT PREVENTION MANAGEMENT REPORTING / ANALYTICS

slide-19
SLIDE 19

Arquitectura Sonicwall 2018

CAPTURE Cloud (Management, Analytics and Reporting) CAPTURE Client CAPTURE Advanced Threats CAPTURE Application Security NS Public and Private Cloud (NSv)

API

NGFW Cloud Security Email Security Secure Remote Access

NS Appliances Virtual Appliances SonicWave (Wireless) SaaS ES Appliances Virtual Appliances SaaS SMA Appliances Virtual Appliance Web Application Firewall

(Linux)

slide-20
SLIDE 20

NGFW DPI for TLS/SSL Capture ATP Sandbox Real Time Deep Memory Inspection Capture Client

In Q1 2018, SonicWall stopped 3.1 billion malware attacks, an increase of 151% over Q1 of 2017

68% of Internet Traffic is encrypted 2% of malicious files are unknown RTDMI finds 50% more zero days than ATP alone Capture Client provides rollback for any malware that makes it through

Rollback to a good state for any remaining zero-day malware and mobility

SonicWall Automated Real-time Threat Detection & Prevention

Why we are different

High security efficacy, machine learning algorithms High performance patented RFDPI Multi-technology, block until verdict, deep learning Ultra-fast, catches never- before-seen attacks Shared intelligence, rollback 3,500 zero day

threats found by RTDMI

554 new threats

found by Capture ATP per day

335 encrypted

threats per customer

7,739 malware & 173 ransomware

attacks per customer

slide-21
SLIDE 21

Capture Security Center

slide-22
SLIDE 22

Sonicwall Capture Security Center

22

Unified security with single pane of glass experience

SonicWall Capture Security Center

Firewall Management| Visibility and Control | Reporting and Analytics | Threat Meters Real-time visibility and control for fast remediation Intuitive dashboard with critical security alerts Simplified automated workflows Next-gen analytics with actionable information Effective policy management Advanced customizable reporting tools with scheduling

  • ptions

Transaction tracking with compliance audit ready information

Zero-Touch Deployment Analytics Capture Client Capture Threat Assessment

slide-23
SLIDE 23

Diferenciadores competitivos

23

Workflow Automation Four simple steps to error-free policy management

Mitigates risk, reduces errors, and improves efficiency

Analytics Deep learning for actionable insight and knowledge

Reduces incident response time with real-time, actionable threat intelligence

Reports Demonstrate the value of the unseen

Deep visibility and situational awareness of the network security environment

Zero-Touch Deployment Operationalizes remote firewall in 4 easy steps

Cut time, cost and complexity of firewall provisioning while security and connectivity occur automatically

Capture Threat Assessment Know and understand security risks

Threat information for better-informed security planning and policy decisions

slide-24
SLIDE 24

Analytics

Deep learning for actionable insight and knowledge

25

slide-25
SLIDE 25

26

slide-26
SLIDE 26

Registers the new firewall in MySonicWall using it assigned Serial Number and Authentication Code and then activate license for Capture Security Center cloud services .

Activate Capture Security Center and Register the firewall

Connects the firewall to the network using the ethernet cable that came with the unit.

Connect the firewall

Power-up the firewall after connecting the power cable and plugging it into a standard wall outlet. Units is automatically assigned a WAN IP using DHCP server. Once Internet connectivity is established, the unit is automatically discovered, authenticated and added to Capture Security Center with all licenses and configurations synchronized with MySonicWall and License Manager.

Power-up the firewall

The unit is now operational and manageable by the Capture Security Center cloud-based central management console.

Manage the Firewall

Zero-Touch Deployment Service

slide-27
SLIDE 27

Thank You

Maria Garcia Iñañez mginanez@sonicwall.com +34 620 703 537