Dell Security Overview Eddie Chan Security Solution Consultant - - PowerPoint PPT Presentation

Dell Security Overview

Eddie Chan Security Solution Consultant Dell Security Solutions Dell | Hong Kong & Taiwan

Security Products

Agenda

• Session One
• 2016 Threat Report Update
• Session Two
• SonicWALL CAPTURE Advanced Threat Protection Service
• Session Three
• Privileged Management - Safeguard
• Access Management - Defender

Internal Use Only – Dell Confidential

Global Response Intelligent Defense (GRID) Network

• Threat research team
• Proprietary malware analysis

automation

• World-wide monitoring
• Shared cross-vector threat-

related information (i.e. 1M Sensors, Honeypots, Sandboxing)

• Real-time counter-threat

intelligence

• Active participant in leading

research organizations

• Industry leading responsiveness

Internal Use Only – Dell Confidential

8.19 billion |

Malware attacks blocked by Dell firewalls in 2015

Dell - Internal Use - Confidential

6

The top malware delivery methods

Website downloads Text messages (SMS) Email/Phishing Portable devices (USB)

Internal Use Only – Dell Confidential

What did we find last year?

Dell - Restricted - Confidential

Exploit kits evolved with greater speed, heightened stealth and novel shape-shifting abilities

1

• Use of anti-forensic

mechanisms to evade security systems

• Upgrades in evasion

techniques, such as URL pattern changes

• Changes to landing page

redirection techniques (i.e. Steganography)

• Modifications in landing page

entrapment techniques

Flow chart Spartan infection chain

Dell - Internal Use - Confidential

11

黑客鎖電腦檔案 索金鑰費 中小企下載圖片中招 付款失敗資料救不回

Angler exploit kit pushed new variant of ransomeare

Ransomware effect for differences business area

Dell - Restricted - Confidential

HTTPS hits as percentage of total hits

SSL/TLS encrypted traffic rises sharply, leading to more under-the-radar hacks

2

61% 39%

By Jeremy Kirk, IDG News Service, Jul 27, 2015

You can’t protect what you can’t see — attacks unseen by most firewalls “…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…” “…redirection code planted in the malicious advertisements uses SSL/TLS (Secure Sockets Layer/Transport Layer,…”

Dell - Restricted - Confidential

Malware for the Android ecosystem continued to rise and evolve

Notable trends in Android attacks

• New variant that added a randomly

generated PIN to the typical ransomware lock screen

• Dropping malicious code as part of a

library file, rather than a classes file

• Financial sector continued to be a

prime target for Android malware

3

Dell - Restricted - Confidential

Popular malware families continued to morph from season to season and differed across geographic regions

4

Most popular malware by country in November 2015

Dell - Internal Use - Confidential

19

Top 10 malware families

Predictions for 2016

• Battle between HTTPS encryption and

threat scanning will continue to rage, as companies fear performance trade-offs

• Flash zero-days will drop gradually

because major browser vendors have stopped supporting Flash plugins

• Malicious threats will target Android Pay

through the vulnerabilities of Near Field Communication (NFC)

Final Takeaways

Internal Use Only – Dell Confidential

Recommendations

IAM VPN AV

App Control

2FA

IPS

Patch Manag ement

Encry ption

PAM

DPI CFC SIEM Educa tion Sand box

AV

monit

• r

logs DLP

Identity Network Endpoint Data

Forensics Behavioral analysis

Before During After Defend Detect Discover

Combine technologies from each tower that cross the time boundaries

Layered Security - most effective better together strategy

Obey the 3 D’s Defend:: Before an attack fortify your position to

give yourself the best chance of preventing a breach.

Detect:: During an attack ensure your tools see the

threat and act quickly to prevent it

Discover:: After penetration ensure visibility un-

masks the threat quickly to minimize loss.

Introducing Dell SonicWALL CAPTURE Advanced Threat Protection Service

February 2016

Challenge: Explosion of evasive, zero-day threats*

• Designed to evade 1st generation sandbox analysis and detection
• Target not just windows environments but also mobile and connected

devices

• Hide in encrypted and unencrypted traffic
• Hide in more file types, of any file size

* Source: Dell Security 2016 Threat Report

SuperMassive 9200-9600

Introducing Dell SonicWALL Capture

Advanced Threat Protection Service

Cloud service detects and blocks zero-day threats at the gateway

• Multi-engine sandbox detects more

threats than single sandbox technology

• Broad file type analysis and
• perating system support and no

file-size limitation

• Blocks until verdict at the gateway
• Rapid deployment of remediation

signatures

• Reporting and alerts

TZ SOHO – TZ600 NSA 2600 – 6600

Internal Use Only – Dell Confidential

Increase security effectiveness against zero-day threats

• Multi-engine advanced threat analysis detects

more threats, can’t be evaded

• Virtualized sandbox
• Full system emulation
• Hypervisor level analysis
• Broad file type and OS environment analysis,

no file size limitation

• PE, MS Office, PDF, archives, JAR, APK
• Windows, Android and Mac OS
• Automated and manual file submission

26

Internal Use Only – Dell Confidential

VMRAY with Dell SonicWALL

Internal Use Only – Dell Confidential

lastline with Dell SonicWALL

Internal Use Only – Dell Confidential

lastline in NSS LABs report in 2015

Internal Use Only – Dell Confidential

Monitoring and reporting

• At-a-glance dashboard
• Scanned file history
• Detailed file analysis report

30

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Internal Use Only – Dell Confidential

Manually upload file for advance inspection

Internal Use Only – Dell Confidential

CAPTURE Screen Demo

April 2016

Introduce for Safeguard & Defender

April 2016

39

Dell Software

Privilege Management Challenges

• Difficult to manage
• Huge security and compliance risk

Fact: 69% of confirmed security incidents were perpetuated by insiders, and increased more than 300% between 2011 and 2012 Fact: More than half were former employees who regained access via backdoors or corporate accounts that were never disabled

40

Dell Software

Why are they difficult to manage?

Applications Admins Helpdesk Developers Vendors Applications Devices Mainframes Databases Servers

41

Dell Software

Huge security and compliance risk?

• IT Admin - Deleted 15 virtualized machines that ran 88 servers
• IT Admin – Stole patient records and test results
• IT Director – Continued use for a month and altered CEO presentation
• Systems Admin – Took down 2000 servers

Very Powerful No individual accountability

42

Dell Software

Solve the challenges

Task 1 Task 2 Task 3 User A User B User C

Granular delegation & command control Monitoring & logging Secure & efficient management

43

Dell Software

Secure and efficient management

Privilege Safe

?

Request Authorization Issuance Change Devices Servers Applications Databases Mainframes

44

Dell Software

Privileged password safe

Privileged Password Manager

• Secures accounts in a password safe

–AES 256 Encrypted

• Request and approval workflow

–Dual or more release controls

• Removes embedded passwords in applications

and scripts

• Automated password changes

–“Last use” –Time-based

• Full audit trail

45

Dell Software

Session Management

(IN THE ROADMAP)

Pre-set time limits Full DVR-like recording Allow only certain commands

46

Dell Software

Who to talk to and what to listen for

Manual process, application access, assigning accountability, access reporting

IT Manager

Potential breach, audit reports, compliance

Security officer

Manual process, too much responsibility

Administrator

Dell Defender

48

Problem: static passwords are inefficient, unsecure and expensive

• Average user has over 40

professional/personal accounts

– Users use the same password for multiple accounts – Complex passwords are written down – Passwords are only changed when required

• Large organizations spend on average

$850,000 per year resetting passwords

• Increasing remote workforce makes it more

important to prove identity of users accessing the network

49

Answer: two-factor authentication

• Changes with every use
• Can’t be written down
• Nothing to forget

2FA

50

A two-factor authentication solution should be:

• Secure
• Flexible
• Scalable
• Easy to use
• Affordable

51

Defender Architecture and Scalability

• Architecture

– Leverages existing investment in Active Directory

– Identity, roles, and rules stored in and retrieved from AD – Management through ADUC

– Standards Based

– RADIUS – OATH – LDAP – PAM

• Scalability

– Scales with Active Directory – Automated replication and backup of Defender data – Multiple points of authentication for load balancing and redundancy

52

Defender Administration Tool

• Integrates fully with Active Directory
• MMC snap-ins
• Tools and Wizards
• Stores Defender information in AD
• license
• token
• Security Server configuration
• Adds Defender credentials to each

user’s record

53

Defender Web-Based Management Portal

• Dashboard
• Configuration
• Activity
• Self-Service Settings
• Helpdesk
• Management

54

Helpdesk

55

Defender Tokens

• Wide range of tokens
• Hardware tokens are good for their entire battery life
• Software tokens never expire – contrast with some other token

vendors

• Each user can have more than one token
• Multiple tokens per device
• Tokens can be allocated to more than one user
• Helpdesk tokens
• Universal Software token license

56

Defender hardware tokens

Go-7 Go-6 YubiKey

57

Defender software tokens

Android BlackBerry iOS Windows Phone GrIDsure SMS Java Windows E-mail

58

Defender Hardware Token Self Registration

59

Defender Hardware Token Self Registration

60

Defender Applications

• Defender agents available for many applications at no extra charge
• CITRIX, Terminal Services, Windows Desktop, Unix Desktop, IIS ISAPI Filters, VPN Clients

(with SSO), Dell Software (CAM, ARS, TPAM, D1IM, Sonic Wall…), OWA, Custom (via Client SDK--C#, C++, Java)

• Verified to work with Aventail, Juniper, Symantec, MSFT IAG and more…
• Defender Windows Desktop Login
• Replace Windows password with token
• Policies determine token or password users
• Offline login mode
• Automatic password change
• Integration with Password Manager, Cloud Access Manager, TPAM

61

Qualifying Questions

• Why are you considering a 2FA solution in the first place?
• What applications do you require 2FA protection on (VPN, desktop, Unix, etc.)?
• What regulatory requirements (if any) are driving this initiative (HIPAA, PCI, etc)?
• How many users do you anticipate supporting with the 2FA solution?
• What is your deadline for that support?
• What is your expected annual growth for the 2FA solution?
• What types of tokens are you considering and why?
• Is an existing 2FA solution already deployed?
• Why are you looking at alternatives to the existing 2FA solution?
• What is your current price, and lifespan for the tokens?

Internal Use Only – Dell Confidential

KB Article Best Practice Defender with NGFW

• IDC (April 2014)

http://support- public.cfm.software.dell.com/31228_best_practice_defender_with_ngfw_ver1.2.pdf

• Also works with SMA, both the SMB and the Enterprise Models

Dell - Restricted - Confidential

Thank You!