Big Data is Old School – Endpoint Intelligence is the New Information Security

58 %
42 %
Information about Big Data is Old School – Endpoint Intelligence is the New Information...
Technology

Published on February 28, 2014

Author: UnisysCorp

Source: slideshare.net

Description

To learn more about Unisys Stealth visit: http://www.unisys.com/stealth

Explore Unisys CISO Dave Frymier's recent presentation from the RSA Conference in San Fransisco.

It’s time to let go of intelligence inside the network. Shifting to endpoint intelligence is not only more effective, it’s less costly. This shift can also help organizations immediately identify if information has been compromised.

Big Data InfoSec Should Be Dead David Frymier Vice President and CISO, Unisys

Two Big Drivers IT Environment Consumerization of IT • New devices are everywhere; employees will use them – Consumer devices are not generally MS domain aware • Not just about devices—new services on the Internet tunnel port 80 – gotomyPC, logmein – Dropbox • Organizational perimeter crumbling © 2014 Unisys Corporation. All rights reserved. 2

Advanced Persistent Threat • Enters through spam e-mail, bad websites • “Beacons” back to command and control servers – Reports in – Obtains instructions/more malware • Evades anti-malware software • Low and slow • Looks laterally and vertically in network for high value targets • Can be found through beaconing activity Corporate Jewels Enterprise Administration (Active Directory) Departmental infrastructure Random spam Spear phishing Bad web site Botnet C&C © 2014 Unisys Corporation. All rights reserved. 3

Security Monitoring Model – SIEM Current countermeasures Portal Network Security Services Asset Inventory and Vulnerability Scanning Portal Security Incident Management Dashboard & Reports Assets and Vulnerabilities Intrusion Detection & Prevention Network Firewall & VPN Web Content Security Vulnerability Mgmt. Threat & Vulnerablity Alerting Endpoint Security Unisys or Customer Ticketing System Event Correlation Engine Incidents Portal Threat Pattern Database Event Database Response and Remediation Portal Normalization of Element-specific log file data Secure Remote Access Web Application Security Portal Reporting Security Event Monitoring Email Scanning Portal Threat and Vulnerability Alerting Application Security Services Scanner Portal Elementspecific Agents Elementspecific Agents Elementspecific Agents Security Infrastructure; Network Devices; OS, Application and Data Logs Unisys Monitored or Managed Security Elements Customer Managed Security Elements © 2014 Unisys Corporation. All rights reserved. 4

SIEM • It’s mostly after-the-fact • Protects everything the same way • Getting more and more expensive—like big data – Software costs – Storage of all the log and traffic data/meta data – Processing – Network resources to move data from endpoint to SIEM For advanced adversaries, the traditional approach just isn’t working. The New York Times article retrieved from www.nytimes.com © 2014 Unisys Corporation. All rights reserved. 5

How is this possible? • The real world follows the laws of physics— the cyber world follows manmade rules that govern the transfer of data • We forget how young the Internet is; it grew like a weed—without much change in the underlying protocols • Standardization cuts both ways • There are fundamental design flaws – Anonymity and spoofing • Software has bugs This is not going to be fixed quickly. © 2014 Unisys Corporation. All rights reserved. 6

SNOWDEN Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Edward Snowden Interview with Guardian readers, June 2013 © 2014 Unisys Corporation. All rights reserved. 7

What is Unisys Stealth™? • Software, running on Windows and Linux computers • FIPS 140-2 AES-256 certified cryptography module • Provides compartmentalized security by implementing virtual communities of interest (COI) for predetermined endpoint users • Authenticates and authorizes users based on identity, not network topology • Because it executes between the network and link protocol layers, it has no effect on applications or existing networks • Makes systems undiscoverable by attackers • Supports “clear COI” to allow for incremental integration into existing environments 7. Application 6. Presentation 5. Session 4. Transport 3. Network Stealth Shim 2. Link 1. Physical NIC © 2014 Unisys Corporation. All rights reserved. 8

Stealth Application compartmentalization for a Web Application • Because Stealth is software, it can be deployed with: – no network changes (no cabling, no VLAN or LAN changes, no firewall rules) – no application changes— either code or configuration • … and if you chose to install just the data center components, it can be done with: – no end-user impact— or even awareness © 2014 Unisys Corporation. All rights reserved. 9

Thank You David Frymier, Vice President and CISO, Unisys Corporation Questions? Contact: stealth@unisys.com

Add a comment

Related presentations

Related pages

Big Data is Old School – Endpoint Intelligence is the ...

Big Data is Old School – Endpoint Intelligence is the New Information Security (Unisys) Tuesday, February 25, 2014 | 4:00 PM – 4:15 PM | South ...
Read more

Security Intelligence - Analysis & Insight on Information ...

It's an one-source location for information security professionals. ... Network & Endpoint; Security Intelligence; Industries. ... Data Security: Securing ...
Read more

Artificial Intelligence, Real Security Problems? Meet ...

... but do security teams have reason to fear this new ... Network & Endpoint; Security Intelligence; ... it’s a big step forward in unlocking ...
Read more

Endpoint Intelligence: Hiding in Plain Sight: Spotting ...

Endpoint Intelligence ... finding that hackers are using old-school exploit techniques in new ways and in ... information security teams hope to ...
Read more

Data Privacy and Security: Bridging the Gap - ThreatMetrix

Facilitating shared intelligence in an increasingly strict data privacy landscape. Happy Data Privacy Day! Coordinated by the National Cyber Security ...
Read more

Big Data Management & Analytics - 2015 Trends & Research

Big data is causing enterprises to find new ways to ... from your big data analytics. Gartner will ... Big Data; Cloud Computing; Information Security;
Read more

With Hadoop, Big Data Analytics Challenges Old-School ...

Endpoint Security. Mobile Security ... It's not that old-school business intelligence software ... data integration, relational data warehousing, and old ...
Read more

Data Security & Data Security Management - Trend Micro USA

Data Protection; Healthcare Information ... Security Intelligence: ... key service simplify data management and data security. Endpoint ...
Read more