IT SECURE
NETWORK SECURITY GUIDE 2013 The move to soft token from hard token
Cloud agility without compromise
12 necessities of secure WLAN
Gain visibility into your IT infrastructure
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time
contents 04 F5: Mitigate attacks from the network layer to the application layer 06 F5: Cloud agility without compromise 08 Fortinet: 12 necessities of secure WLAN 10 Fortinet: All thoughts lead to FortiMail 12 HID GLobal: Versatile Authentication Appliance 14 Infoblox: Driving network automation 16 Lumension: Keeping guard 18 Oracle: Industry’s most advanced technology to safeguard data at the source — the databas 20 Sourcefire: Extending network security: Defending weakness and strengthening defenses 19 TIBCO: Gain visibility into your IT infrastructure 22 Vasco: The move to soft token from hard token
3
4
Cloud agility without compromise As far as most IT leaders are concerned, line-ofbusiness leaders armed with a vague awareness of cloud computing typically know just enough to be dangerous. Business pros have realised that cloud computing resources like Amazon’s AWS or Microsoft’s Azure may be the answer to the critical load problems that plague many applications. Say you have a business app that must run extensive models once a month to forecast demand of a specific service for the coming month. For 29 days, the application needs just a couple of servers, but on day 30, it may need ten times normal resources. Scaling within your own data centre only gets you so far. Scaling out to the public cloud - which can provide nearly infinite resources on-demand - is the ideal solution. What could be more obvious and elegant? More Web app horsepower during the holiday season? Off to the cloud!
Energy supply modelling apps a challenge for your servers? Ideal for the cloud! That looks like real business agility, and the ability to pay as you go is something that makes CFOs happy too. The only missing component in this fairytale is that the technology to execute on this panacea has been missing. Consistency is needed. A set of services that work for applications in a private cloud, a public cloud and, when necessary, for applications that haven’t been “cloudified” at all. Business-critical application services such as security, authentication and acceleration must be provided alongside the ability to scale applications up and down as business needs dictate. F5 knows how to scale apps on-
Many believe new concepts like softwaredefined networking (SDN) provide the means for scaling the underlying networking infrastructure so applications can meet any need.
Nicolas Benisti, Manager, Marketing Southern EMEA, F5
demand, both in the enterprise data center and in the public cloud. While the company’s roots are in ensuring superior user experience by managing complex enterprise applications, it has also been at the forefront of helping organisations like UAE University. With the help of F5, UAEU provides rapid and secure access to apps for staff and students. Many believe new concepts like software-defined networking (SDN) provide the means for scaling the underlying networking infrastructure so applications can meet any need. But SDN alone does nothing for the other higher-level services that applications need. This is where F5’s in-depth expertise with applications running across the data centre and the cloud is critical. Its single platform runs wherever applications run, consistently providing the high-level services developers expect. IT pros may view tech-savvy business execs as dangerously aspirational, but at least when it comes to improving business agility and scale through the use of cloud resources, those aspirations are now much more realistic.
5
Mitigate attacks from the network layer to the application layer F5’s BIG-IP technology is a flexible, high-performing security solution that provides global access to your applications and networks.
6
Application delivery controllers (ADCs) have one primary function: making applications perform faster. Users want access to their data and business apps anytime, anywhere, on any device. Many customers, too, want to interact with companies 24/7 by consuming rich media or using e-commerce from their websites. To meet this need, most IT departments have poured a lot of effort into making apps available via the Web. But as you know, response time is critical. If performance lags on a Web-enabled application, users quickly get frustrated. A recent study from the Aberdeen Group showed that customer satisfaction and conversions both start to slide measurably after only a one-second delay in response time from a web application. Frustrated users can mean lost revenues, wasted resources, and a tarnished image for your enterprise and your IT team. All your efforts to deliver applications outside the firewall can be diminished by performance slowdowns that take away from the user experience. Enterprises facing high network traffic traditionally relied on load-balancers. Over the years, load balancers used a number of different technologies: round-robin DNS, proprietary application-based and OSbased measures, and network appliances. Each approach worked well, for a time. But each has been overwhelmed by increasing network traffic and a growing need for ever-better scalability, availability, and security. By now, load balancers are simply too limited and old-fashioned to support the intense networking demands of today. Solution F5 can secure access to applications and data from anywhere while protecting the applications wherever they reside. F5 delivers an intelligent services platform that integrates application delivery, monitoring, and context-based policy enforcement. You get a highly scalable, extensible, and simplified approach to maximizing security.
BIG-IP Access Policy Manager (APM) is a flexible, high-performance security solution that provides global access to your applications and networks. • Provides one-access solution for Remote Access (SSL VPN), Web Access Management (Proxy to HTTP apps) and Application Access Control (Proxy to NonHTTP apps). • Simplifies Single Sign-On with F5 BIGIP APM and Active Directory, RADIUS, Oracle Access Manager and many more. • Provides secure remote access to corporate resources — such as Microsoft Exchange, SharePoint, and VDI.
• Can cope with increasingly complex Internet threats, unlike conventional firewalls. • Designed to guard your data center on the most widely deployed protocols— including HTTP/S, SMTP, DNS, and FTP. • The first firewall that can inspect traffic while monitoring the health of the data center it protects. Conclusion Since ADCs are proven to speed up the delivery of Web-enabled applications, and deliver a better user experience, they are a new generation in technology that’s
Users want access to their data and business apps anytime, anywhere, on any device. Many customers, too, want to interact with companies 24/7 by consuming rich media or using e-commerce from their websites.
BIG-IP Application Security Manager (ASM) protects applications with a certified Web application firewall and comprehensive, policy-based Web application security. • Protects applications and data from new threats that pose increasing risks to your business. • Provides ICSA-certified Web Application Firewall and policy-based Web app security to address emerging threats at the application level. • Lowers maintenance and management costs while increasing the confidentiality, availability, and integrity of your applications, network, and processes. BIG-IP Advanced Firewall Manager (AFM) provides a high-performance, stateful, full-proxy network firewall.
clearly here to stay. The fastest and most cost-effective way for your enterprise to gain the benefit of this technology is to choose a knowledgeable hosting provider that already understands and uses it every day and is standing ready to match your business needs with the perfectly-sized system. The biggest differentiators when it comes to F5’s competitive position are: • TCL-based scripting language allows F5 administrators to create custom features to tailor the solution according to client requirements. • F5 is good at creating applicationspecific features to help accelerate deployment. • Version 11 release of F5’s operation system TMOS has been a huge leap forward as it is a modularized version of the OS.
7
12 necessities of secure WLAN The Fortinet secure wireless LAN solution delivers the integrated, consolidated security every organization needs to fortify their wireless network security. FortiGate, FortiWiFi and FortiAP security platforms add layers of security to wireless traffic without affecting performance or increasing costs. 1) Keeping Wireless networks compliant with PCI-DSS Fortinet’s consolidated approach to security controls through Universal Threat Management (UTM) and Intrusion Prevention Systems (IPS) in every WLAN controller allows for the consolidation of policies on both wired and wireless networks. Fortinet WLAN solutions are business grade wireless platforms that provide automatic PCI DSS compliance so that retailers can focus on business at hand. 2) Wireless client load balancing for high-density deployments Wireless load balancing allows a wireless network to distribute wireless traffic more efficiently among access points and available frequency bands. FortiGate wireless controllers support access point hand-off and frequency handoff. Access point hand-off distributes traffic among
available access points so that the load is shared equally. Frequency hand-off evenly distributes traffic between the 2.4GHz and 5GHz bands to prevent one from being saturated while the other is under used. 3) Monitoring neighbors and rogues The FortiOS on-wire detection technique correlates wireless MAC addresses on other APs with those on your wired networks to differentiate neighbors from rogues. FortiOS can generate alert messages to inform system administrators when a rogue AP is identified. 4) Wireless IDS Wireless IDS (WIDS) monitors wireless traffic for a wide range of security threats by detecting and reporting on possible intrusion attempts. FortiOS WIDS can detect ASLEAP attacks, unauthorized
The potential for greater productivity and cost savings almost guarantees that the movement towards allowing employees to BYOD is not going away anytime soon.
8
wireless devices, rogue and interfering APs, many forms of flooding, adhoc networks, spoofed de-authentication, and more. Optimum thresholds and intervals can be set for many of these attacks. The default WIDS profile can be used or multiple WIDS profiles can be created for different protection requirements 5) IEEE 802.11e and Application-based QoS In addition to full support for IEEE 802.11e, FortiOS supports applicationbased Quality of Service control. Business-critical applications can be given preferential treatment over nonessential applications. Fortinet’s unique approach to Quality of Service by supporting both 802.11e and layer 7 application prioritization and traffic shaping provides significant value to enterprise users. 6) Wi-Fi guest-access management Guest access provisioning allows easy addition of temporary guest accounts to give guest Wi-Fi users temporary access to a Wi-Fi network. Guest account information can be distributed to guest users by printing account information or by sending it in emails or SMS messages. In addition, FortiOS offers a Captive Portal mode that applies the complete set of user authentication options available for
authenticating wireless users. FortiOS user authentication features include RADIUS, LDAP, TACAS+ remote authentication, single sign on (SSO) authentication, and two-factor authentication using FortiToken, certificates, SMS, or email. 7) Fast roaming and support for voice mobility When latency-sensitive traffic like voice and video migrate from one thin AP to another, authentication be detrimental to their quality of service. Fortinet has addressed this problem by incorporating fast roaming using standards-based authentication caching technology based on Pairwise Master Key (PMK) caching and pre authentication. The wireless controller further reduce roaming times by sending gratuitous ARP packets to by quickly stabilizing the MAC address tables in the LAN switches. These capabilities ensure that wireless clients that support pre authentication can continue to wirelessly communication without connection delays or disruptions 8) Intra-SSID Privacy When multiple users share the same SSID such as the Guest SSID in a hotspot, communication privacy must be assured. By enabling traffic segmentation within a
single SSID, the FortiOS provides intra-SSID privacy setting and thus prevents potential man in the middle attacks from other client machines sharing the same network 9) Simple and flexible Wi-Fi planning tools To determine optimal deployment scenarios Fortinet’s FortiPlanner Wi-Fi planning tool can be used to map the buildings and outdoor locations that you want to add Wi-Fi access to. Then using FortiPlanner you can map out optimal locations for access points and adjust transmitter power settings to provide optimal Wi-Fi coverage 10) Wireless bridging and mesh Two LAN segments are connected together over a wireless link (the backhaul SSID). On the leaf AP, the Ethernet connection can be used to provide a wired network. Both Wi-Fi and wired users on the leaf AP are connected to the LAN segment to which the root AP is connected FortiAP units can be connected to the WiFi controller by Ethernet or by Wi-Fi. In the latter case, you configure a special backhaul network; the mesh that carries traffic and control signals between FortiAP units and the Wi-Fi controller. Regular Wi-Fi clients cannot connect to the mesh network; only to nonmesh SSIDs. This network is useful when running Ethernet cables is not practical.
Remote AP A FortiAP unit can provide Wi-Fi access to a LAN, even when the wireless controller is located remotely. Telecommuting, where the FortiAP unit has the Wi-Fi controller IP address pre-configured and broadcasts the office SSID in the user’s home or hotel room. In this case, data is sent in the wireless tunnel across the Internet to the office and you should enable encryption using DTLS. Say ‘yes’ to client-less BYOD The potential for greater productivity and cost savings almost guarantees that the movement towards allowing employees to BYOD is not going away anytime soon. In order to secure their data and devices, organizations will need to look towards network-based solutions and not just wireless and agent-based solutions that claim to solve the BYOD challenge, as these address only part of the problem. Fortinet’s holistic, network-based approach to BYOD provides organization a cost-effective, unified solution. The Fortinet approach is straightforward and eliminates the many headaches associated with client management and interoperability of a variety of devices from different vendors. In other words, Fortinet gives organizations the power to safely and securely BYOD.
9
All thoughts lead to FortiMail FortiMail delivers highly effective bi-directional antispam and antimalware capabilities to shield organizations and end-users from unwanted and malicious messages. In June this year, FortiMail earned a Virus Bulletin VBSpam+ Certification based on high spam catch rate and zero false positives. FortiMail also features solid email security and data leakage policy templates onboard and ready to go right out of the box. FortiMail appliance comes preloaded with regulatory compliance templates for PCI DSS, HIPAA, GLB, and SOX to ensure
10
sensitive data is handled properly if it needs to leave the organization. If data does need to leave securely, this solution provides flexible encryption options Email archiving rounds out a robust feature set which, like other products in FortiMail family, is available via flat devicebased licensing that ensures organizations can grow their secure messaging deployments without incurring costly user-
based licensing fees. FortiMail includes anti-virus, antispam, onboard identity-based encryption, and content filtering and data leakage prevention through the use of many predefined policies. This product has enterprise-grade features in a package that is designed for smaller deployment environments, such as branch offices or small businesses. FortiMail’s inbound
filtering engine, blocks spam and malware before it can clog your network and affect users. Its outbound inspection technology prevents outbound spam or malware (including mobile traffic) from causing other anti-spam gateways to blacklist your users.
Top 10 outstanding email security features and benefits 1) High performance email security Coupled with FortiGuard Lab’s industry leading real-time antispam, antivirus, antispyware, & antimalware protection, FortiMail provides you with extremely fast and accurate messaging security that will not become a network bottleneck. FortiMail’s integrated multi-threat detection engine consistently achieves over 98% accuracy on spam detection. 2) Enterprise-class spam detection FortiMail provides a bi-directional, robust, highly accurate antispam and antimalware solution, including specific threat mitigation for advanced phishing attacks, directory harvesting attacks, malware and other threats. Its complete scanning of the email header and email body (including embedded URI’s and meta information) ensures extremely accurate spam detection. FortiMail facilitate content level detection such as image analysis, PDF analysis, attachment analysis etc. 3) Unmatched deployment flexibility: Transparent, Gateway and Server mode FortiMail features flexible deployment options (# Transparent, # Gateway and # Server) that enable the system to adapt to organizational needs and budget while minimizing infrastructure modifications and service disruptions. In server modeFortiMail device acts as a stand-alone messaging server with full SMTP email server functionality, including flexible support for secure POP3, IMAP and WebMail access. FortiMail scans email for viruses and spam before delivery. As in Server mode, external MTAs connect to FortiMail, allowing it to function as a protected serve
4) Identity-based encryption delivered in both push and pull modes FortiMail provides Identity-Based Encryption (IBE) in addition to S/MIME and TLS, as an email encryption option to enforce policy-based encryption for securing both B2B and B2C communications. IBE uses public key cryptography in which the public key is generated using the unique information about the identity of a user. You can enable automatic encryption of messages based on the attributes you choose, such as subject content, message body, or recipient domain. In addition, FortiMail is one of the very few products on market that offer IBE in both push and pull delivery 5) Content-aware data loss prevention One of the major outbound threats to organizations is the loss of confidential or regulated data, especially via outgoing email. FortiMail includes customizable, predefined dictionaries that detect the accidental or intentional loss of data, aiding in PCI/DSS and HIPAA compliance. You can choose to block, reroute, encrypt and/or archive messages containing data matching a range of regular expression patterns, including credit card numbers and more 6) On-box or remote policy-based message archiving FortiMail offers user configurable and granular policy controls including archiving options based on key words, specific domains, users, and even dictionary contents. The archived messages are fully indexed and retrievable from FortiMail’s management interface 7) No per-user or per-mailbox pricing Complete multi-layered antivirus, antispam, antispyware and antiphishing protection for an unlimited number of users. Greatly reduces TCO 8) Groupware functionality Calendaring and address book capabilities have been added, which enable FortiMail appliances to be deployed a fully functional mail servers with built-in security 9) End user quarantine flexibility FortiMail units support centralized quarantine by network attached storage (NAS) server using the network file system
(NFS) protocol and/or a FortiMail configured as the Centralized Quarantine Server. FortiMail has a unique and straightforward way in a multi-appliance environment to provide a single end user access point for all quarantined mail. 10) High availability (HA) and load balancing FortiMail supports a high availability configuration that offers full synchronization of configuration and mail data between two FortiMail systems to ensure maximum availability of email services. It also allows high-volume organizations (e.g., Service Providers, higher education, etc.) to cluster FortiMail boxes behind a load balancer. Customers can run multiple mail servers for a single domain, increasing performance/ reducing load of individual FortiMail boxes as they remove spam/viruses in highvolume environments.
Additional FortiMail differentiators • Filtering performance: More horsepower is available to cascade and execute a high number of innovative antispam techniques such as UR filtering and suspiciou newsletter detection, which results in consistent Virus Bulletin VBSpam award certification. • Depth and breadth of features: FortiMail concentrates a number of mail services on a single platform, including encryption, quarantine, archiving, AV/AS/content filtering, in/ out email rate control, management and reporting. • Service continuity: FortiMail’s unique active-passive and active-active clustering options provide seamless failover and business continuity. Not only is configuration synchronized, but mail data can be replicated as well. In addition, FortiMail offers unmatched queuing capacity. In the case of mail server downtime FortiMail can hold a large number of emails to cover multiple days/weeks of unavailability.
11
Versatile Authentication Appliance While it’s a necessity to provide employees, contractors, partners, and customers with anytime, anywhere access to appropriate resources, it’s also imperative that enterprises are able to maintain the trust of those transactions, and the security of those resources. It’s a constant challenge to provide all of an enterprise’s different users access to resources without opening those resources up to the increasingly sophisticated and frequent threats — including advanced persistent threats (APTs) — targeting the organization. Authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity, so they can gain appropriate, secure access to corporate resources. However, not all authentication solutions are alike. To be effective, the
solution must be versatile enough to support a layered approach capable of best meeting each organization’s unique needs. It should be able to support multi-factor authentication for all of an enterprise’s different users, and all of their different devices, including personal phones, tablets, (BYOD), etc., so they can be granted to ensure secure access to an organization’s resources, including internal applications, VPNs, Terminal and services, as well as resources residing in public and private clouds.
The ActivID Authentication Appliance makes it possible for enterprises to provide secure, appropriate access to the applications and data your users require.
12
Enterprises need a solution that offers you the flexibility to balance convenience with your security and cost requirements – this is what HID Global’s ActivID Authentication Appliance offers. HID Global’s ActivID Authentication Appliance enables enterprises to verify the identities of employees and protect data with risk-free, and cost-appropriate solutions, which provide unique twofactor methods and out of band capabilities that go beyond simple passwords. With HID Global, you can easily balance security and user convenience, and deploy a solution that cost-effectively protects employee access to all enterprise resources, from anywhere, using any device. ActivID Authentication Appliance delivers: Layered authentication in a single solution The authentication solution can adapt to meet an enterprise’s specific security needs, with the ability to: • Support 15 different authentication
• Pre-configured reporting and auditing capabilities that integrate with third-party tools that simplify ongoing management. • High fault tolerance and high availability reinforce the confidence that the solution will always be available when they need it. • Simplified migration from competitive authentication solutions and an simplified upgrade path for existing ActivID appliance customers ensures current investments can be leveraged.
methods (from mobile one-time passwords (OTPs) to hardware tokens) to deliver the most cost-effective, riskappropriate solution. Deploy the level of security required by different users, using different devices to access different resources, including internal applications, VPNs, terminal services, and private and public clouds. • Turn on threat detection to provide transparent, non-intrusive device identification and malware detection. Gain an additional layer of protection to secure transactions and communications from data breaches and fraud. • Manage multiple groups and departments in the enterprise differently. The solution supports multi-tenancy to enable enterprises to easily manage the access of different groups, with completely segregated data to eliminate risks. With ActivID Authentication Appliance, enterprises can quickly and easily deploy the authentication they need. The solution also delivers: • Support for existing external solutions, including most common VPN solutions and firewalls – Fortinet, Cisco, Citrix, etc. – to ensure the solution is ready to be deployed and can co-exist in any environment.
The ActivID Authentication Appliance difference The ActivID Authentication Appliance makes it possible for enterprises to provide secure, appropriate access to the applications and data your users require. The solution enables enterprises to deploy risk-appropriate security for cloud and mobile users. With the most complete solution on the market, HID Global gives you the ability to choose the authentication method you need for different user groups and applications to ensure
Authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity, so they can gain appropriate, secure access to corporate resources.
Versatile approach The most comprehensive support for authentication methods means the solution can evolve to support an enterprise’s ever-changing needs. Enterprises can: • Activate or re-synchronize tokens, and conduct other help desk functions for faster deployments and a lower total cost of ownership (TCO) through a selfservice portal. • Provide different users with different authentication methods to ensure they have the most convenient, appropriate experience using any device (both managed and unmanaged devices, such as personal smartphones and tablets) they want. • Easily scale from hundreds to millions of users to meet the needs of the business as it grows. With HID Global’s solution, enterprises have the ability to address the varying requirements of a wide range of users, including both employees and customers.
enterprises can effectively balance the security, convenience and cost requirements of their business. You can quickly add additional layers of security as they are needed, and extend the platform to support secure access to internal and cloud applications for a wide variety of users, from employees to customers. Reduce costs and achieve operational efficiencies With a single appliance, enterprises have the flexibility to easily support a variety of authentication methods, enable authentication to both internal and cloud applications, and take advantage of the extensibility of the platform to meet future needs. You can also leverage the investment and use the same platform to authenticate customers, as well as employees, partners and vendors. There is no need to purchase or manage multiple, separate solutions for different authentication requirements.
13
Driving network automation With the incessant growth in the Middle East, new network challenges are to be faced. People from every corner of the globe are attracted to the flourishing cities of Kuwait, Riyadh, Beirut, Dubai, Abu Dhabi and Muscat. The eyes of the world are turning towards the Middle East and we need to get ready to occupy our new position in a new world full of opportunities. Technology is the driver of this transformation, and it will be the distinguishing factor between those who
14
will step aside and those who will be leading the future. To survive in our changing world it is paramount to know which key factors are going to shape networks in the next years. Six new trends are significantly reshaping networks at enterprises and IT organizations in the Middle East: data center consolidation, the explosion of mobile devices, migration to IPv6, software
defined networks (SDNs), heightened threat landscapes, and new compute paradigms such as virtualization and cloud. Infoblox delivers the control needed to deal with the risks and expenses tied to these challenging trends through availability, security and automation. Infoblox delivers a ‘Control Plane’ that sits between, and integrates with, the network infrastructure device layer and the
applications, virtual machines and endpoints. Infoblox delivers the discovery, compliance, and real-time configuration and change management needed for all your network infrastructure devices, as well as the essential network control functions like DNS, DHCP and IP address management (IPAM). New solutions needed now At many organizations, the IT team is still cobbling together a plethora of tools to control the network, such as Microsoft and BIND for DNS/DHCP, error-prone spreadsheets for managing the IP space, and multiple tools and custom scripts for managing the physical components of the network. This barely functional and less-thanoptimal approach increases complexity, cost and risk, and results in a network that is less agile, less flexible, and more dangerous than what’s needed in today’s dynamic world. Automating the Control Plane The power of Infoblox is providing a comprehensive Control Plane that automates repetitive but critical network tasks, gains real-time visibility into network assets, and keeps up with your business needs. By focusing on availability, security and automation across all critical network components, Infoblox is the only company that can deliver an integrated solution for centralized control. Lacking the benefits of an Infoblox network control solution, most IT teams have to deploy multiple vendors and tools, train the staff on the different interfaces, and build complex scripts in an attempt to correlate the data. Still, all that time, effort and cost do not get those IT teams anywhere close to what Infoblox offers; namely, the most reliable network control solution available
today. Over 6,100 customers across the world depend on solutions from Infoblox to control their networks. Availability: Always optimized performance In today’s world of high-demand requirements, nothing is more important to an enterprise than network availability. When connections cannot be made, business grinds to a halt. Infoblox has been the market leader for over a decade in ensuring the availability of key services for networks, including DNS and DHCP. Security: Ensured protection against risk In today’s climate, security has become more critical than ever because unintended consequences from a security breach can cripple a network. Infoblox helps protect networks from both external security threats and internal human mistakes by ensuring a secure and reliable infrastructure across multiple fronts continuously. Automation: Puts you, not chance, in control While most networks have grown more
Infoblox helps protect networks from both external security threats and internal human mistakes by ensuring a secure and reliable infrastructure across multiple fronts continuously.
complex, larger and more dynamic, IT resources have not kept pace, and IT staff is increasingly stretched ever more thinly by the day. Infoblox’s integrated solution for centralized control helps organizations maximize existing resources and staff through network automation. Why control your network with Infoblox? Infoblox can mean the difference between “controlling your network” and “your network controlling you”. Instead of laboring under the shortcomings of legacy approaches, patching multiple basic tools on the fly, hiring additional staff to cope with increasing workloads, and trusting with crossed fingers that nothing will go wrong, Infoblox customers leverage the industry-leading integrated platform to ensure their networks are always available, secure and automated. Why not let Infoblox put the same network control in your hands? Infoblox product warranty and services The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifications. Optional service products are also available that extend the hardware and software warranty. These products are recommended to ensure the appliance is kept updated with the latest software enhancements, and to ensure the security and availability of the system. Professional services and training courses are also available from Infoblox.
15
Keeping guard Pragmatic cyber defense against today’s advanced targeted attacks.
Challenges Targeted threats (also known as advanced persistent threats, or APTs) are one of the biggest threats to any company. These sophisticated, malicious hackers use focused resources to gain access to a company’s valuable assets, or to disrupt business. It used to be that only large, Fortune 500-sized businesses had to be worried about targeted threats. But today, the same risks apply to small and medium sized companies alike. The risk is further
16
multiplied for companies with important partners, business associates and valuable intellectual property. Targeted threats are definitively different than the common, run-of-the-mill cyber-criminal, which are often just looking for quick financial gain. Targeted threats share the following characteristics: Professionally organized and focused Targeted threats are often organized like regular companies, with project teams,
leaders, skill-specific employees, and all the typical departments and organizations any company would have. Attacks are usually client-side focused While Internet-facing servers may be the way they initially gained access, server attacks are less common. More common are socially-engineered end-users who are tricked into providing logon credentials, executing a Trojan horse program, or autoexecuting malware.
They have long-term objectives Normal cyber-criminals break in, get access to the information desired for quick financial gain, and leave as quickly as possible. Targeted threat attacks, on the other hand, take their time. After gaining the initial access, they can spend days, weeks, and even years, looking for and evaluating items of value within a company. Complete compromise Targeted threats usually have time to completely map the IT resources of a company, often understanding the resources and databases better than the victim company itself. Centralized command and control When targeted threats break in they usually have an exploitation system that comes back to a single command-andcontrol (C&C) system. The C&C allows them to direct and redirect malware activities on the compromised network, hack additional computers, and transfer needed information and digital objects. Global attackers Most targeted threat victims are compromised by attackers outside their country. This significantly complicates law enforcement and legal activities. In many cases the legal authorities you would contact to help prosecute targeted threats don’t have the legal jurisdiction to pursue the attackers, even if you had enough evidence. They don’t run The lack of likely criminal prosecution means that these attackers rarely run when discovered. Attackers performing targeted threats usually don’t have this worry. It’s all upside for the targeted threat attacker. Targeted threat exploitation pathway • Gain initial access to one or more end-point computers. This can be done by using targeted spear-phishing or through a wider broadcast approach. • Privilege escalation of a user’s normal security context to something more powerful, like root or local admin control. • Grab more credentials, which can be found in memory (from previous elevated logons), or stored in local databases.
• Lateral traversal, discovery and research: Certain high-value computer assets, big databases and domain controllers are common targets. Other members of the targeted threat team are invited to participate, according to the skills needed to take advantage of the victim. • Execute more maliciousness by placing more back doors, compromising more databases, and grabbing more credentials, modifying groups and group memberships, and placing monitoring bots. It is so completely and utterly owned that even when the victim discovers the compromise, it will be a very long and expensive road to recovery.
methodology, which includes the initial compromise, elevation of privileges, credential theft, lateral traversal, and onto complete network compromise. But targeted threats are not impossible to defeat. This threat risk can be reduced and managed without impacting daily business productivity, often by simply doing a better job at implementing the basics of what you should have doing all along. Other programs, such as Application Control/Whitelisting and Device Control, must be seriously considered for deployment, and, along with a focus and commitment to better patch management, monitoring, and security configuration control, will go a long way in reducing the threat of targeted attacks.
Normal cyber-criminals break in, get access to the information desired for quick financial gain, and leave as quickly as possible. Targeted threat attacks, on the other hand, take their time. Solution with the targeted threat defense framework Computer security defenses must take into account the overall sophistication of targeted threats. You can’t simply depend upon a firewall or an anti-malware program for complete protection (although certainly those defenses are still needed). Companies interested in defending against targeted threats need their own defensive framework. Know your adversary, reduce exploitable surface area, always be thinking defense-in-depth, and know detection and response capabilities. Summary Many companies, large and small, live under the constant risk of targeted threats. Many experts believe that most companies are already compromised. Targeted threats have many motivations, including the theft of intellectual property, financial gain and financial damage. But regardless of the motivation, they use a common attack
Did you Know? • Sixty-six percent of victims don’t discover that they are compromised for months or more. • Zero day attacks are not used in most attacks. • The largest nation-state group is Chinese. • In 2012, 17 percent of all breaches reported to them were nation-state sponsored. • According to several sources, unpatched software (currently lead by Oracle Java and Adobe products) account for the largest percentage of compromised computers. • 70 percent of breaches were not discovered by the victim.
17
Single Sign On Anywhere with Oracle Provide users fast access to systems and applications while increasing security and providing operational efficiencies
With all the pressure on today’s IT not only to perform but to expand capability while containing costs, organizations are increasingly turning to third-party resources such as Cloud computing, SaaS and hosted technology services. Businesses will want access to these services to be as seamless as access to existing internal resources—but there are implications to this trend that the enterprise should be aware of in order to achieve this expansion safely. When access to external resources is in control of a third party, organizations may not be aware of the implications for their own sensitive information. Single sign-on is often adopted as a solution for making access to a wide range of disparate resources as seamless as possible, but not all Single Sign-On (SSO) solutions are created equal, and not all may give the enterprise the level of control it needs over issues such as changes in employee roles or termination Enterprises today are adopting Cloud-based and hosted solutions for a number of business priorities. Traditionally, fields such as Customer Relationship Management (CRM) dominated this approach, but today organizations are turning to hosted solutions and Software-as-a-Service (SaaS) for everything from personal productivity applications to business intelligence. The advantages of the hosted approach are many. In exchange for an ongoing fee, hosted services relieve organizations of much of the burden of on-premise business systems management, including implementation, deployment and maintenance. They help shift IT expenses from the capital to the operational side of the balance sheet, freeing organizations to invest in capabilities more central to strategic priorities. Already, hosted SaaS alternatives have demonstrated aspects of the success that many expect from the promise of Cloud computing—arguably the “ultimate” hosted experience.
18
Ideally, enterprises would like the experience of SaaS and hosted technologies to be seamlessly identical to—or better than— internal resources. In particular, they would prefer for access to be secure, but transparent. They want users to be authenticated whenever they access any resource, but for third-party solutions, they would prefer not to have any additional “bumps” in the user experience, such as those encountered when hosted applications ask for a separate username and password. This means an approach to single sign-on that extends from within the enterprise to thirdparty resources. The transparence of the approach has high appeal, but in order to make the right choice, businesses must understand the impact of third-party SaaS and Cloud computing alternatives on secure access management, and how these issues should influence their choice of an SSO solution. Hosted services connect with large numbers of customers. This means that the provider may be highly motivated to enforce a consistent policy across all customers, which may be difficult to adapt to individual needs. Organizations that have developed their own policy regarding the sharing of access credentials may find this problematic. They may be required to adapt their policy to that of the provider, rather than the other way around. This could create problems if, for example, the provider shares user information with partners or other resources. Without visibility into such a situation, would the customer know if their employees’ credentials had been shared? Another complication of introducing hosted offerings and SaaS into the enterprise is that access to important third-party resources may be vulnerable to risks beyond enterprise control. Personnel may access sensitive SaaS-based resources such as customer records from a home computer that may be infected with malware such as spyware or key loggers.
Organizations may have little or no control over endpoint security measures outside the business that would reduce exposure to these risks. User account lifecycle management poses another concern. When users of resources within the enterprise move, change roles or leave the company, the business often manages these changes internally—but are these changes also made in SaaS or third-party resources? If an employee is terminated for cause, how confident is the business that such an individual is unable to access SaaS-based customer account information from their home computer? These are some of the risks that can be prevented by single sign-on tools that can be extended to SaaS, Cloud, or other third-party resources. Single sign-on technologies can help close these gaps while delivering a seamless experience that enables personnel to access third-party resources just as if they were any other enterprise resource to which the user has access at initial logon. Solution: The Oracle Enterprise Single Sign-On Suite Plus provides users fast access to systems and applications to get business done while increasing security and providing operational efficiencies. The Oracle Enterprise Single Sign-On Suite Plus specifically: • Provides users fast access by automating sign on and sign off to their systems and applications • Strengthens application security by securely managing application passwords • Provides a practical means to deploy strong authentication enterprise-wide quickly and inexpensively • Improves compliance posture by providing automated reporting on who has access to what applications and how often they use them
Gain visibility into your IT infrastructure TIBCO LogLogic log management solution collects terabyte of data in real time and quickly see opportunities and problems
Challenges If you’re responsible for a corporate network then you’ll be no stranger to logs: records of events that occur on your network, generated by anti-virus and other security software; devices like firewalls, intrusion detection systems (IDS), routers and other networking equipment; server and workstation operating systems; and applications running on your network. In a large network, the number of logs generated every second can run in to the hundreds of thousands, which raises the question of how logs can be managed. Ultimately, it comes down to finding a way to wade through a continuous stream of logs generated by different systems and spot the ones that are important, using limited log management resources. This is made more difficult by a number of factors, including: Large numbers of log sources; Inconsistent log content generated by different devices; Different log formats; • Inconsistent time stamps on logs; • Huge volumes of log data; and • The need to maintain the confidentiality and integrity of logs.
Although companies require log management for security purposes; to spot suspicious events such as repeated failed login attempts or port scans it is equally in demand for compliance regulations. Today’s growth is mainly related to regulatory compliance, with secondary requirements for effective threat monitoring, according to Kelly Kavanaugh, an analyst at Gartner. Choosing the right SIEM solution is critical to businesses. Solution IT big data might be the largest dataset you deal with. It’s millions or billions of daily logs, log files, and structured and unstructured data from a wide variety of sources. TIBCO LogLogic technologies deals with the volume, velocity, and variety of IT big data and analyzes it to gain insight and detect potential problems. You can: Collect all your IT data at some of the fastest rates in the industry from all devices – not just security devices, but the devices, systems, and applications that enable the business to function. Store terabytes of IT data easily and inexpensively, leveraging extreme
In a large network, the number of logs generated every second can run in to the hundreds of thousands, which raises the question of how logs can be managed.
scalability and granular data retention management. Quickly and easily search, report, and alert on vast amounts of archived and realtime Big Data. Highlights Real-time Protection • Correlate external and internal patterns for threats • Identify even subtle and welldisguised attacks • Practically eliminate false alarms Single “pane of glass” management console • Compliance reporting and forensics — PCI, FSA, COBIT/SOX, ISO, etc. • Includes basic log management for historical context Easiest to deploy, customize and maintain • Out of the box security policies • Automated device identification • Trouble ticket integration Classification/Taxonomy • English language syntax • Vendor-neutral classification system Correlation • Out of the box rules • Uses advanced sliding time windows Asset Database • Automatic criticality based on the device • Assets mapped to compliance regulations Flexible Device Support • Fast support of legacy or homegrown solutions • Deploy in hours or days instead of months and years.
19
Extending network security: Defending weakness and strengthening defenses If you knew you were going to be compromised, would you do security differently?
THE CHALLENGE Here’s the harsh reality: despite best efforts, attackers often know more about the networks they attack than the network owners and they’re using that to their advantage. They constantly evaluate the security controls in place and change their tactics to stay a step ahead of the defences. SCENARIO The networks and their components constantly evolve and spawn new attack vectors including: mobile devices, web-enabled and mobile applications, hypervisors, social media, web browsers, home computers. To truly protect these extended networks,
20
we have to accept the nature of modern networked environments and start defending them by thinking like an attacker. So what are the next steps? How do you protect the extended network? THE SOLUTION Simply put, organisations need to change their security approach to be threat-centric; to address the extended network and the full attack continuum – before, during and after an attack. Organisations need to plan for their defences to be evaded, and ensure they can understand the scope and context of an infection, contain the damage quickly and eliminate the threat, root causes and malware gateways. WHY SOURCEFIRE Trusted for more than a decade, Sourcefire epitomizes security innovation, intelligence and agile endto-end protection. Our intelligent cybersecurity solutions are based on our vision of Agile Security—as security challenges evolve so must our approach to protection. We’ve helped hundreds of midto large-size organizations and government agencies in over 180 countries achieve the highest levels of security effectiveness while lowering their total cost of ownership. But don’t just take our word for it; here’s proof from the industry: • Leader in the Gartner Magic
Quadrant for Network IPS appliances • Top “recommend” rating for fastest and most accurate IPS detection from NSS Labs • Advanced Malware Protection strongly recommended by Enterprise Strategy Group • ICSA Labs Certified • More than 40 patents awarded and pending We support our innovative solutions with world-class research from our Cloud Technology Group that focuses on next-generation cloud security technologies and the Sourcefire VRT® (Vulnerability Research Team), leading security experts who proactively discover, assess and respond to the latest threats and vulnerabilities. We embrace open source technology as a means to fuel collaboration and innovation in the security industry. We manage some of the world’s most respected open source security initiatives including Snort, the single most widely deployed intrusion detection and prevention technology on the planet, as well as ClamAV™ and Razorback™. Deeply committed to the success of our customers we have a strong partner network with over 600 active partners around the world, including channel partners, technology partners and MSSPs. We also provide customers with multiple training options and worldclass service and support to maximize security effectiveness while reducing costs.
Addressing the Full Attack Continuum : BEFORE – DURING - AFTER Before – Context-aware attackers require Context-Aware Security. Organisations need to develop visibility that includes the entirety of the network, endpoints, virtual environments and mobile devices. During – Relentless attacks demand Continuous Security. A context-aware security infrastructure evolves security from an exercise at a point in time to one of continual analysis and decision-making. After – Address the full attack continuum with Retrospective Security. Retrospective Security allows an organisation to travel back in time, determining the scope of the attack, and enabling automatic remediation.
Sourcefire Agile Security® SEE. Clarity and vision, reflecting the reality of your environment, as it exists right now. LEARN. Applying intelligence to raw data to improve understanding and decisionmaking. ADAPT. Automatic evolution and modification of defences in response to change. ACT. Decisive, flexible, and automated responses to events
How Attackers Think Attackers employ a methodical approach that can be demonstrated as an “attack chain” – the chain of events that leads up to and through the phases of an attack: Survey. Attackers first enter your infrastructure and deploy surveillance malware to look at the full picture of your environment – network, endpoint, mobile and virtual. Write. Knowing what they’re up against attackers then create targeted, context-aware malware. Examples include malware that detects a sandbox and acts differently than on a user system. Execute. We are not talking about the old days where attackers were after publicity. Attackers navigate through the extended network, evading detection and moving laterally until reaching the target. Accomplish the mission. Sometimes the goal is to gather data; in other cases it is simply to destroy. Once the mission is complete they will remove evidence but maintain a beachhead for future attacks.
21
The move to soft token from hard token How to successfully implement a secure mobile strategy.
22
Do benefits outweigh concerns? The accessibility of mobile applications and mobile working yields many benefits: it can be time-saving, cost reducing and the added bonus of flexibility can enhance overall productivity and customer loyalty. While embracing the flexibility of mobile working, it is essential not to be heedless of the dangers that may come with it. Concerns about data integrity, the privacy and accessibility of sensitive data, and data protection requirements are the most significant obstacles for financial and business organizations to embrace the mobility trend. Potential threats for mobile applications, such as m-banking and m-commerce, or even remote access to a corporate network, are similar to those of
traditional applications — only the platform and technology have changed. As the business world will continue to change under the influence of continuous technological developments, working practices will change as well. And with the increasing trend of BYOD (bring your own device) on the work floor, security remains all-important. Security is as strong as the weakest link Protecting access to online applications, such as m-commerce or m-banking services, or access to corporate networks, might be a good solution. However, any security system is only as effective as its weakest link. Consumers and employees often use the same passwords for a multitude of professional and personal applications. By reusing the same password over and over again — although unwillingly and perhaps unknowingly — they put every application containing confidential information at risk. Furthermore, mobile devices are often not password-enabled, and lack the ability to authenticate users and control access to data stored on the devices. Added security layer with two-factor authentication Deploying an adequate security environment for every mobile device used
by customers, consumers or employees is a daunting task. Furthermore, end users don’t want to be burdened with laborious procedures in order to retrieve information or complete an online transaction. Two-factor authentication offers an answer to these challenges. It provides a higher level of security than traditional passwords, and ensures that only authorized people gain access to sensitive information. The mobile device is then used as a second factor, and can be used as an authentication device to generate a strong onetime password. These passwords, with a limited validity, can be generated on the device itself or can be sent via text message to the user’s mobile phone. Several mobile authentication solutions to suit your needs VASCO has several solutions in its product portfolio that were developed with the mobile user in mind. DIGIPASS is VASCO’s renowned technology that replaces weak static passwords with dynamic passwords that have a limited validity. Fraudsters can thus not reuse an end user’s password at a later time. Additionally, VASCO’s mobile solutions also provide e-signature capability to sign online transactions in all security. This e-signature will be calculated using transaction data, time and the secret stored on the mobile device. If intercepted or altered, the electronic signature will expire and the transaction will not be completed. VASCO’s authentication solutions can be integrated into any existing infrastructure offering multi-platform support. You can also deploy multiple devices to secure your application enabling you to differentiate accordingly. Key benefits of mobile authentication • Enhanced security • Increased flexibility • Excellent user convenience • Intuitive use • Easily upgradeable • Limited impact on end-user’s experience • Competitor differentiation thanks to authentication • Increased customer trust • No need to deploy hardware or
software devices • Low TCO How to secure your assets Two-factor authentication ensures that only authorized people get access to your sensitive information, your corporate network or your online application. VASCO’s mobile solutions and services • DIGIPASS for Mobile • Virtual DIGIPASS • DIGIPASS Nano • DIGIPASS powered by Intel ITP • DIGIPASS SDK Mobile security for everyone VASCO’s mobile software solutions are suited for any organization that wants to provide secure remote access to its corporate network or applications. Regardless of size, VASCO offers solutions that fit your needs. Whether it is to secure your mobile banking, your e-commerce, your gaming applications, or your confidential business data, all software solutions can be deployed to fit your needs. We have proven expertise and experience with approximately 10,000 customers worldwide, including almost 1,700 financial institutions.
23
Scalable protection for apps. Secure access to apps
Our Challenges, Your Progress Value Added Distributor | Authorized Training Centre | Professional Services
8
marketing@secureway.ae www.secureway.ae
8 years of successful Middle East Distribution