The document discusses Blue Coat's approach to modern advanced threat protection. It begins by outlining the evolving threat landscape and why traditional security solutions are no longer sufficient. It then describes Blue Coat's solution which uses security visibility, big data analytics, threat intelligence and integration to provide improved detection, response and prevention against advanced threats. Several use cases are presented that demonstrate how Blue Coat's solution helped organizations enhance security monitoring, reduce breach impact and streamline incident response.
12. POST-PREVENTION SECURITY GAP
Threat Actors
Nation States
Cybercriminals
Hactivists
Insider-Threats
HostAV
NGFW
IDS/IPS
Signature-based Security Picket Fence
DLP
SIEM
EmailGateway
WebApplicationFirewall
WebGateway
Traditional
Threats
Known Threats
Known Malware
Known Files
Known IPs/URLs
Advanced
Threats
Novel Malware
Zero-Day Threats
Targeted Attacks
Modern TTPs
Modern, Post-
Prevention
Security
• Context
• Content
• Visibility
• Detection
• Intelligence
13. THE WINDOW OF OPPORTUNITY
Hours
60%
Days
13%
weeks
2%Seconds
11%
Minutes
13%
84%
Initial Attack to
Compromise
Months
62%
Weeks
12%
78%
Initial Compromise to
Discovery
Days
11%
Hours
9%
Years
4%
16. DREADED QUESTIONS FROM CISO
Who did this to us?
How did they do it?
What systems and data were affected?
Can we be sure it is over?
Can it happen again?
17. PROTECTING AGAINST ADVANCED
THREATS WITH CRIME
‘CRIME’
METHODOLOGY
• Faster time-to-action
• Faster time-to-
react/respond
• Greater ability to
reduce/minimize/elim
inate impact!
ERADICATION CONTEXT
MITIGATION
ROOT CAUSE
IMPACT
18. Percentage of Enterprise IT
Security Budgets Allocated to
Rapid Response Approaches
by 2020. — Gartner 2013
SECURITY SHIFTS TO SWIFT RESPONSE
19. ADVANCED THREAT PROTECTION USE CASES
Who? When? What?Where? How?
Target(s)?
Who
Else?
Is It Over? What Else? How Long?
Continuous
Monitoring
Situational
Awareness
Incident
Response
Data Loss
Monitoring
& Analysis
Policy
Compliance
Cyber
Threat
Protection
21. SITUATION
BIG DATA SECURITY IS HERE – Volume, velocity and variety0 01 100
0 01 00011
11 01 101101
101 00101101 1 001 1
0 01 0001101 10
0 01 0
0 01
00
WHAT KEPT US SECURE – Has stopped working
GOOD OR BAD SECURITY – Is irrelevant with an attacker’s resources & motivation
MODERN ADVANCED THREAT PROTECTION – Is the new imperative
30. Real-time & Retrospective Analysis & Resolution
Simple, Flexible & Extensible
BLUE COAT ADVANCED THREAT PROTECTION
THE SECURITY CAMERA FOR YOUR NETWORK
Turing Complexity into Context
Full Visibility: Before, During & After the Attack
Big Data Security Analytics: Collect, Analyze & Store
Threat Intelligence: Web, File, Email & Malware Reputation
31. Advanced Threat Protection
Improving Real-World Use Cases
INTEGRATED
ECOSYSTEM
Situational Awareness
Incident
Response
Policy & ITGRC
Data Loss
Monitoring &
Analysis
Advanced
Malware
Detection
Continuous
Monitoring
ANALYTICS AND
INTELLIGENCE
• Collect &
Warehouse
• Investigate
• Alert & Report
ENRICHMENT
• Technology
Partners
• File Analysis & IP
Reputation
• Malware
Sandboxing
FLEXIBLE FORM
FACTORS
• Hardware
• Software
• Virtual Machines
Web Control
and Security
Enforcement
32. Three new ThreatBLADES for unbeatable
Advanced Threat Protection…
BLUE COAT THREATBLADES
33. WEB, MAIL & FILE THREAT IDENTIFICATION
If no clear verdict on content, suspicious files are delivered to a hybrid sandbox for analysis
Malware
Analysis
Appliance
WebThreat BLADE
inspects all HTTP or HTTPS
traffic and identifies malicious
communications and files
FileThreat BLADE
inspects all FTP and SMB
traffic for malicious
communications and files
MailThreat BLADE
inspects all SMTP, POP3 and
IMAP traffic for malicious
communications and files
38. OVERSTOCK.COM
…using root cause
analysis from Solera
Networks, we were able
to pinpoint how the exploit
occurred, understand the
full scope of the problem,
and completely prevent
that exploit from ever
happening again....
– Overstock.com
“
”
• Identify attacks that passed preventative controls
• Remediate all infected systems quickly
• Ensure that preventative controls are working
REQUIREMENTS
• Deployed various Solera Security Analytics form factors
• Built an IR process around Solera Security Analytics
• Integrated Solera with log management and IPS
SOLUTION
• Identified nefarious activity sourced from inside and outside
the network
• Pinpointed “all” compromised systems through root cause analysis
• Conducted assurance testing on preventative controls by replaying
malicious packets on a shadow network
VALUE
39. US COAST GUARD
• Enhance threat detection
• Reduce threat acquisition window
• Improve team effectiveness
REQUIREMENTS
• Integrated with existing McAfee NSM (IPS) solution
• Employed 100% data capture
• Built custom reports for rapid analysis
SOLUTION
• Reduced threat identification time by 60%
• Reduced threat remediation time by 75%
• Allowed for more unified threat management across disparate,
internal teams through the use of reporting
VALUE
40. JEFFERIES GLOBAL INVESTMENT BANKING
• Streamline monitoring of a dozen international locations
• Provide workflow that supports multiple analysts
• Integrate with FireEye and Blue Coat ProxySG,
WebPulse & SSL Visibility
REQUIREMENTS
• Consolidated incident detection and response
• Supported several months of packet and metadata retention
• Improved ROI & ROSI through integration
SOLUTION
• Improved incident responder workflow with reduced response times
• Leveraged fewer FTEs for tactical analysis: strategically
repurpose other FTEs
• Achieved holistic visibility across network traffic, users and data
(files, IM, voice, etc.)
VALUE
41. US AIR FORCE
• Monitor all major Internet gateways
• Support over 50 concurrent analysts with disparate privileges/visibility
• Use APIs to integrate with COTS, GOTS, and open source security
solutions
REQUIREMENTS
• Provided tiered, centralized management
• Supported lossless capture on multiple 10 gigabit networks
• Integrated with 3rd party solutions such as ArcSight
SOLUTION
• Deployed with 100% situational awareness with a small (green) footprint
• Utilized RBAC via LDAP for granular access control
• Passed multiple, stringent military testing and certification criteria
• Replaced incumbent solution based on scalability, capability
and footprint
VALUE