SlideShare une entreprise Scribd logo

White Paper: Defense In Breadth

Courtland Smith
Courtland Smith

Why protecting against 95% of Internet threats 50% of the time doesn\’t cut it.

1  sur  6
Télécharger pour lire hors ligne
Defense-in-Breadth Whitepaper Evolving IT Security Strategies in a World of Growing Breadth. Because achieving 99% defense-in-depth for only 50% of the attack surface isn’t enough.
The Expanding Attack Surface IT team’s goals have been focused on 100% protection, but the reality is always less than 100%. Both depth of the enforcement technologies and breadth of the attack surface determine a security solution’s efficacy. THREATS, VECTORS, NETWORKS AND DEVICES MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS Growing Threat and Vector Breadth. Inbound attacks may occur primarily over popular email- or Web-based communication channels. But most outbound data leaks occur silently over often ubiquitous, non-protected protocols and systems, such as tunneling via P2P (peer-to-peer) or DNS (domain name system) communications. The data leak recipient is often not a centralized hacker-controlled server that can be easily blacklisted, but one of thousands of distributed infected devices that unknowingly participate in the botnet (see our botnet whitepaper for more details). These botnet hosts change by the minute for the ultimate game of whack-a-mole. Hackers sell do-it-yourself malware kits or rent out control of established botnets to less tech-savvy, but more fiscally- or politically-motivated criminals. The impact of today’s threats has escalated from IT remediation time to more costly legal audit fees. Growing Device and Network Breadth. Organizations have increasingly nomadic workforces, and BYOD initiatives are not restricted to only mobile devices (e.g. tablets, phones). Roaming laptops (e.g. PCs, Macs) are accessing the Internet from outside the enterprise network perimeter ~50% of the time. Mobile devices are accessing the Internet via 3G/4G wireless connections that bypass the network perimeter ~90% of the time. Re-Gain Visibility and Control. Everywhere. Page 2
In these situations, the Wi-Fi networks used to connect to the Internet have unknown security and hence cannot be trusted. A user’s home router may still have the default login set with remote access enabled. A hotel’s payment proxy server may not have the latest vulnerability patches installed. There are many bad hosts distributing malware on the Internet. If these roaming laptops or mobile devices become infected, there’s often no defense to stop them from re-entering the enterprise network perimeter. Hence exposing internal network systems to now botnet-controlled devices. Advancing Threats Hackers and criminals attack, then security vendors and IT teams defend. This arms race is persistent and always advancing the current threatscape and enforcement technologies. ATTACK SURFACE APP CONTROL, AV, DLP (1-5%) ENFORCEMENT TECHNOLOGIES In the past, IT teams sought to improve their “defense-in-depth” strategy by layering defenses. First installing client-based software on endpoints. Then installing on-premises hardware on networks. First using routing rules via firewalls and filtering rules via Web or email gateways. Then content matching via Web or email proxies. And more advanced Web or email proxy functions (e.g. app controls, AV, DLP). Despite vendors’ various marketing claims of achieving 100% prevention, such defenses are always reactionary. It’s the nature of an arms race. Many unbiased third parties in the security community cite that signature and heuristic matching techniques used by enforcement technologies such as anti- virus (AV) have dropped below 50% efficacy. This shifts importance back to first- line of defense enforcement technologies, such as routing and filtering. Re-Gain Visibility and Control. Everywhere. Page 3
Existing Products Lack Network and Device Breadth. The type and ownership of IT-approved devices is expanding rapidly. The IT team now wants to protect user-owned roaming computers running either Windows or Mac operating systems, and user-owned mobile devices running fundamentally new types of operating systems (e.g. iOS). Yet, IT still must protect any IT-owned devices connected to the enterprise network. • How many different products must be provisioned, deployed, setup and maintained to create the solution? • How much extra effort is required to manage and report on all networks and devices? Also, various mobile device manufacturers or wireless carriers restrict how apps and network settings can be used. This makes provisioning and setup difficult on any device. • Will substituting the native Web browser app with a third-party app break other apps’ Web links? Existing Products Lack Threat and Vector Protection. On-Net, Internet-Wide Security The most common solutions already in-use rely on Web-based proxies. They offer a higher level of depth than breadth, because they are very dependent on the app, protocol or port used to communicate over the Internet. They may offer lots of controls for Web data and apps, but no controls over P2P, DNS or other non-Web traffic, which are commonly used by infected devices participating in a botnet. A Secure Cloud Gateway fills in the expanding gaps unaddressed by Web-proxies (see our enterprise buyer guide for more details). • Where are users and devices are connecting via non-Web apps, protocols or ports? Off-Net, Internet-Wide Security For organizations embracing BYOD initiatives, the most common solution is Mobile Device Management (MDM). These solutions do enforce some mobile device-centric security policies (e.g. password enforcement, data wipes, app restrictions). But they do not provide Internet-wide protection, visibility and control for how the device’s data, apps and users communicate over the Internet. Also, many MDM solutions do not cover roaming, off-net laptops. MDM is a complement to Secure Cloud Gateways, but not an end-to-end solution (see our mobility buyer guide for more details). • Do users choose the same login credentials for both personal (e.g. Gmail, Facebook) and corporate (e.g. SalesForce, Dropbox) accounts? • Are users protected from logging into a phishing site using these account credentials via their mobile device? Does it provide visibility and control over this? Re-Gain Visibility and Control. Everywhere. Page 4
DEFENSE-IN-BREADTH (~50%) MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS APP CONTROL, AV, DLP (1-5%) DEFENSE-IN-DEPTH (95-99%) Re-Gain Protection, Visibility and Control Everywhere Learn about how Umbrella’s Secure Cloud Gateway fits within your evolving IT security strategy (see our everywhere solution overview). DEFENSE-IN-BREADTH (95-99%) MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS APP CONTROL, AV, DLP (1-5%) DEFENSE-IN-DEPTH (90-95%) Re-Gain Visibility and Control. Everywhere. Page 5
Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367 Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. Umbrella-Defense-in-Depth-v0.1

Recommandé

Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security BoxSophos
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaperhanniw79
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleDavid Fuchs
 
Preparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionPreparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionSophos
 

Recommandé

Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceCourtland Smith
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
UTM - The Complete Security Box
UTM - The Complete Security BoxUTM - The Complete Security Box
UTM - The Complete Security BoxSophos
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaperhanniw79
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleDavid Fuchs
 
Preparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionPreparing Your School for BYOD with Sophos UTM Wireless Protection
Preparing Your School for BYOD with Sophos UTM Wireless ProtectionSophos
 
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Information security
Information securityInformation security
Information securityAppin Faridabad
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your FirewallSophos
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your SchoolSophos
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeSplunk
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Exposing the Money Behind Malware
Exposing the Money Behind MalwareExposing the Money Behind Malware
Exposing the Money Behind MalwareSophos
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsLumension
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye PortfolioPrime Infoserv
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 
Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformCourtland Smith
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewCourtland Smith
 

Contenu connexe

Tendances

Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your FirewallSophos
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your SchoolSophos
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeSplunk
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Exposing the Money Behind Malware
Exposing the Money Behind MalwareExposing the Money Behind Malware
Exposing the Money Behind MalwareSophos
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint SettingsSophos
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point FinalBen Rothke
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsLumension
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 

Tendances (20)

Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized Security
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Information security
Information securityInformation security
Information security
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your Firewall
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your School
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Exposing the Money Behind Malware
Exposing the Money Behind MalwareExposing the Money Behind Malware
Exposing the Money Behind Malware
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Info Sec2007 End Point Final
Info Sec2007 End Point FinalInfo Sec2007 End Point Final
Info Sec2007 End Point Final
 
Paul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware TrendsPaul Henry’s 2011 Malware Trends
Paul Henry’s 2011 Malware Trends
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 

En vedette

Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformCourtland Smith
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewCourtland Smith
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 

En vedette (6)

Tech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery PlatformTech Doc: Umbrella Delivery Platform
Tech Doc: Umbrella Delivery Platform
 
Datasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution OverviewDatasheet: Umbrella Everywhere Solution Overview
Datasheet: Umbrella Everywhere Solution Overview
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 

Similaire à White Paper: Defense In Breadth

MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!Dell EMC World
 
What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory CR Group
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportDell EMC World
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Securityarms8586
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersCloudflare
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Level 3 Security solutions
Level 3 Security solutionsLevel 3 Security solutions
Level 3 Security solutionsAlan Rudd
 
La sécurité de l'emploi : protégez votre SI
La sécurité de l'emploi : protégez votre SILa sécurité de l'emploi : protégez votre SI
La sécurité de l'emploi : protégez votre SIMicrosoft Ideas
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Sophos
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 

Similaire à White Paper: Defense In Breadth (20)

MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
 
What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory What Is Cyber Security? | Cyberroot Risk Advisory
What Is Cyber Security? | Cyberroot Risk Advisory
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus security
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
Partner Welcome Kit
Partner Welcome KitPartner Welcome Kit
Partner Welcome Kit
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Level 3 Security solutions
Level 3 Security solutionsLevel 3 Security solutions
Level 3 Security solutions
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
La sécurité de l'emploi : protégez votre SI
La sécurité de l'emploi : protégez votre SILa sécurité de l'emploi : protégez votre SI
La sécurité de l'emploi : protégez votre SI
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?Is Your Network Ready for BYOD?
Is Your Network Ready for BYOD?
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 

White Paper: Defense In Breadth

  • 1. Defense-in-Breadth Whitepaper Evolving IT Security Strategies in a World of Growing Breadth. Because achieving 99% defense-in-depth for only 50% of the attack surface isn’t enough.
  • 2. The Expanding Attack Surface IT team’s goals have been focused on 100% protection, but the reality is always less than 100%. Both depth of the enforcement technologies and breadth of the attack surface determine a security solution’s efficacy. THREATS, VECTORS, NETWORKS AND DEVICES MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS Growing Threat and Vector Breadth. Inbound attacks may occur primarily over popular email- or Web-based communication channels. But most outbound data leaks occur silently over often ubiquitous, non-protected protocols and systems, such as tunneling via P2P (peer-to-peer) or DNS (domain name system) communications. The data leak recipient is often not a centralized hacker-controlled server that can be easily blacklisted, but one of thousands of distributed infected devices that unknowingly participate in the botnet (see our botnet whitepaper for more details). These botnet hosts change by the minute for the ultimate game of whack-a-mole. Hackers sell do-it-yourself malware kits or rent out control of established botnets to less tech-savvy, but more fiscally- or politically-motivated criminals. The impact of today’s threats has escalated from IT remediation time to more costly legal audit fees. Growing Device and Network Breadth. Organizations have increasingly nomadic workforces, and BYOD initiatives are not restricted to only mobile devices (e.g. tablets, phones). Roaming laptops (e.g. PCs, Macs) are accessing the Internet from outside the enterprise network perimeter ~50% of the time. Mobile devices are accessing the Internet via 3G/4G wireless connections that bypass the network perimeter ~90% of the time. Re-Gain Visibility and Control. Everywhere. Page 2
  • 3. In these situations, the Wi-Fi networks used to connect to the Internet have unknown security and hence cannot be trusted. A user’s home router may still have the default login set with remote access enabled. A hotel’s payment proxy server may not have the latest vulnerability patches installed. There are many bad hosts distributing malware on the Internet. If these roaming laptops or mobile devices become infected, there’s often no defense to stop them from re-entering the enterprise network perimeter. Hence exposing internal network systems to now botnet-controlled devices. Advancing Threats Hackers and criminals attack, then security vendors and IT teams defend. This arms race is persistent and always advancing the current threatscape and enforcement technologies. ATTACK SURFACE APP CONTROL, AV, DLP (1-5%) ENFORCEMENT TECHNOLOGIES In the past, IT teams sought to improve their “defense-in-depth” strategy by layering defenses. First installing client-based software on endpoints. Then installing on-premises hardware on networks. First using routing rules via firewalls and filtering rules via Web or email gateways. Then content matching via Web or email proxies. And more advanced Web or email proxy functions (e.g. app controls, AV, DLP). Despite vendors’ various marketing claims of achieving 100% prevention, such defenses are always reactionary. It’s the nature of an arms race. Many unbiased third parties in the security community cite that signature and heuristic matching techniques used by enforcement technologies such as anti- virus (AV) have dropped below 50% efficacy. This shifts importance back to first- line of defense enforcement technologies, such as routing and filtering. Re-Gain Visibility and Control. Everywhere. Page 3
  • 4. Existing Products Lack Network and Device Breadth. The type and ownership of IT-approved devices is expanding rapidly. The IT team now wants to protect user-owned roaming computers running either Windows or Mac operating systems, and user-owned mobile devices running fundamentally new types of operating systems (e.g. iOS). Yet, IT still must protect any IT-owned devices connected to the enterprise network. • How many different products must be provisioned, deployed, setup and maintained to create the solution? • How much extra effort is required to manage and report on all networks and devices? Also, various mobile device manufacturers or wireless carriers restrict how apps and network settings can be used. This makes provisioning and setup difficult on any device. • Will substituting the native Web browser app with a third-party app break other apps’ Web links? Existing Products Lack Threat and Vector Protection. On-Net, Internet-Wide Security The most common solutions already in-use rely on Web-based proxies. They offer a higher level of depth than breadth, because they are very dependent on the app, protocol or port used to communicate over the Internet. They may offer lots of controls for Web data and apps, but no controls over P2P, DNS or other non-Web traffic, which are commonly used by infected devices participating in a botnet. A Secure Cloud Gateway fills in the expanding gaps unaddressed by Web-proxies (see our enterprise buyer guide for more details). • Where are users and devices are connecting via non-Web apps, protocols or ports? Off-Net, Internet-Wide Security For organizations embracing BYOD initiatives, the most common solution is Mobile Device Management (MDM). These solutions do enforce some mobile device-centric security policies (e.g. password enforcement, data wipes, app restrictions). But they do not provide Internet-wide protection, visibility and control for how the device’s data, apps and users communicate over the Internet. Also, many MDM solutions do not cover roaming, off-net laptops. MDM is a complement to Secure Cloud Gateways, but not an end-to-end solution (see our mobility buyer guide for more details). • Do users choose the same login credentials for both personal (e.g. Gmail, Facebook) and corporate (e.g. SalesForce, Dropbox) accounts? • Are users protected from logging into a phishing site using these account credentials via their mobile device? Does it provide visibility and control over this? Re-Gain Visibility and Control. Everywhere. Page 4
  • 5. DEFENSE-IN-BREADTH (~50%) MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS APP CONTROL, AV, DLP (1-5%) DEFENSE-IN-DEPTH (95-99%) Re-Gain Protection, Visibility and Control Everywhere Learn about how Umbrella’s Secure Cloud Gateway fits within your evolving IT security strategy (see our everywhere solution overview). DEFENSE-IN-BREADTH (95-99%) MOBILE MOBILE ROAMING STATIONARY STATIONARY PHONES TABLETS LAPTOPS COMPUTERS SERVERS APP CONTROL, AV, DLP (1-5%) DEFENSE-IN-DEPTH (90-95%) Re-Gain Visibility and Control. Everywhere. Page 5
  • 6. Umbrella is brought to you by OpenDNS. Trusted by millions around the world. The easiest way to prevent malware and phishing attacks, contain botnets, and make your Internet faster and more reliable. OpenDNS, Inc. • www.umbrella.com • 1.877.811.2367 Copyright © 2012 OpenDNS, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of OpenDNS, Inc. Information contained in this document is believed to be accurate and reliable, however, OpenDNS, Inc. assumes no responsibility for its use. Umbrella-Defense-in-Depth-v0.1