the Presentation

Report
McAfee Threat Intelligence Exchange
George Younan | Enterprise Solutions Architect
The Resulting Impact
World’s Biggest Data Breaches
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
Apple
AvMed,
Inc.
AT&T
AOL
Cardsystems
Solutions Inc 24,000,000
Dai Nippon
Printing
8,637,405
12,367,232
Blue Cross
Blue Shield
of Tennessee
Heartland
GS Caltex
Citigroup
Health
Net
T-Mobile
Deutsche
Telecom
94,000,000
Jefferson
County
Norwegian
Tax
Authorities
Emergency
Healthcare
Physicians,
Ltd.
130,000,000
Lincoln
Medical
& Mental
Health
Center
New York
City Health
& Hospitals
Corp.
25,000,000
Accidentally Published
Hacked
US Dept
of Defense
University
of Utah
Hospitals
& Clinics
University
of Miami
Inside Job
US Military
Morgan
Stanley
Smith
Barney
California
Dept. of Child
Support Services
76,000,000
Triple-S
Salud,
Inc.
US
National
Guard
Lost/Stolen Computer
Yale
University
Spartanburg
Regional
Healthcare
System
US Law
Enforcement
152,000,000
LexisNexis
Mac
Rumors.com
20,000,000
Neiman
Marcus
Living
Social
50,000,000
Ubisoft
State of
Texas
Sutter
Medical
Foundation
Korea
Credit
Bureau
Medicaid
Military
singles.com
Sony Online
Entertainment
Stratfor
Advocate
Medical
Group
Adobe
50,000,000
Linkedin KT Facebook
6,000,000
eHarmony
Last.fm Corp
NHS
77,000,000
24,000,000
Formspring
Health
Net
IBM
8,300,00
South Shore
Hospital,
Massachusetts
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
McAfee Confidential
Memorial
Healthcare
System
Sony PSN
Starbucks
26,500,000
Nemours
Foundation
JP
Morgan
Chase
32,000,000
Stanford
University
UK Revenue
& Customs
Eisenhower
Medical
Center
AOL
Evernote
RockYou!
17,000,000
US Dept of
Vet Affairs
14,000,000
Educational
Credit
Management
Corp
11,100,000
TK/TJ Maxx
Blizzard
Colorado
Government
Chile
Ministry of
Education
Gap
Inc.
92,000,000
Apple
18,000,000
BNY Mellon
Shareowner
Services
40,000,000.
AOL
Action.co.kr
TerraCom
&YourTel
South
Africa
police
Central
Hudson
Gas &
Electric
Crescent
Health Inc.,
Walgreens
Florida
Nintendo Courts
Ebay
Drupal
Twitter
Ubuntu
“unknown”
145,000,000
Target
Yahoo 110,000,000
US
Army
Tricare Yahoo
Lost/Stolen Media
22,000,000
Scribd
NASDAQ
SnapChat
Washington
State
court
system
Poor Security
Unknown
Virus
.
3
3
The Need for Adaptive Threat Prevention
The current model is broken
Solution:
Problem Threat Intelligence Exchange
• Products work
act intogether
isolation
• Intelligence
shared
Integrations is
are
slow and brittle
• Responses
immediate
Intelligence are
is not
shared
• Environment
responds
Too much white
noise as a whole
• Can
immunize
Responses
arethe
notenvironment
automated immediately
• Can
action
withoutitsvendor
involvement
Eachtake
product
requires
own update
• Vendor or 3rd party dependency
.
McAfee Confidential
4
McAfee Threat Intelligence Exchange
Bringing adaptive threat prevention to your environment
Ultrafast, bi-directional messaging fabric that connects individual security
products so they operate as one entity. Network, Gateway, endpoint and
cloud countermeasures are connected through this fabric.
Dedicated server acts as a repository for all of your threat intelligence. This
includes the latest threat information from:
- McAfee Security Connected components such as ATD, MWG, NSP, etc.
- McAfee Global Threat Intelligence and 3rd party sources (e.g. VirusTotal)
- System level and enterprise level intelligence
A new plugin to you’re your McAfee Agent. It examines files on execution and
makes intelligent decisions to protect your entire environment. These
decisions are driven by a behavioral rules engine that understands your
environment and leverages your threat intelligence.
.
McAfee Confidential
5
Data Exchange Layer
.
McAfee Confidential
13
BPM
Asset
Identity
Data Exchange Layer
An innovative, real-time, bi-directional
communications fabric providing with
product integration simplicity.
Security components operate as one to
immediately share relevant data between
endpoint, gateway, and other security
products enabling security intelligence
and adaptive security.
Risk
Threat
Activity
Location
Data
THE SECURITY CONNECTED FRAMEWORK
ADAPTIVE SECURITY ARCHITECTURE
.
McAfee Confidential
14
Threat Intelligence Exchange
Workflow
McAfee
Global Threat
Intelligence
McAfee
TIE Server
McAfee
ATD
3rd Party
Feeds
YES
NO
Data Exchange Layer
 File age hidden
 Signed with a revoked
certificate
McAfee
ePO
McAfee Confidential
McAfee
VSE Threat
Intelligence
Module
McAfee
VSE Threat
Intelligence
Module
 Created by an untrusted
process
.
18
Threat Intelligence Exchange
Workflow
Gateways block access based on endpoint convictions
McAfee
NGFW
McAfee
Global Threat
Intelligence
McAfee
TIE Server
McAfee
NSP
McAfee
McAfee
Web Gateway Email Gateway
McAfee
ATD
Proactively and
efficiently protect
your organization as
soon as a threat is
revealed
3rd Party
Feeds
McAfee
ePO
McAfee Confidential
McAfee
ESM
Security
components
operate as one to
immediately share
relevant data
between endpoint,
gateway, and
other security
products
Data Exchange Layer
McAfee
VSE Threat
Intelligence
Module
McAfee
VSE Threat
Intelligence
Module
.
19
Threat Intelligence Exchange
Workflow
McAfee
NGFW
McAfee
Global Threat
Intelligence
McAfee
TIE Server
McAfee
NSP
McAfee
McAfee
Web Gateway Email Gateway
McAfee
ATD
3rd Party
Feeds
YES
NO
Data Exchange Layer
Endpoints are protected
based on gateway
convictions
McAfee
ePO
McAfee Confidential
McAfee
ESM
McAfee
VSE Threat
Intelligence
Module
McAfee
VSE Threat
Intelligence
Module
.
20
TIE Summary
You control what is good and bad in
your environment
You have Full visibility into every
file executing in your environment
VirusTotal Integration for quick
analysis
No more waiting for extra.dat files for
malware that may be targeting your
environment.
Identify patient zero in the case of
a malware attack.
.
McAfee Confidential
21
2

similar documents