Security Products - PowerPoint PPT Presentation

About This Presentation
Title:

Security Products

Description:

McAfee VirusScan - Desktop & Server ... Porting and testing for VirusScan engine OEM customers. BU Research. Government Research ... – PowerPoint PPT presentation

Number of Views:103
Avg rating:3.0/5.0
Slides: 47
Provided by: Jack8
Category:

less

Transcript and Presenter's Notes

Title: Security Products


1
Security Products Research for Campus Networks
  • Erik G. Mettala, Ph.D.
  • Vice President, Network Associates Laboratories

2
Summary
  • Problems with malicious activity are increasing
  • Products are available to solve some of the
    problems
  • Research must be focused to keep up with and
    eventually get ahead of problems
  • Partnership among government, industry, and
    academia is the solution

3
Network Incidents are Increasing
Source CMU Computer Emergency Response Team
4
Application Vulnerabilities are Increasing
Source CMU Computer Emergency Response Team
5
  • Machines Infected per Hour at Peak

e
c
t
e
d
Code Red
Nimda
Goner
Slammer
2,777
6,250
12,500
100,000
Malicious Agent
Source McAfee AVERT
6
The Speed Of Attack AcceleratesSlammer Goes
Global In 3 Minutes
7
Companies Are Becoming More Porous, Susceptible
to War Driving
  • Web services applications under development by
    98 of large enterprises
  • 70 of WiFi networks are not secure
  • 50M telecommuters
  • 500 million Smart Phones by 2006

8
Network Associates Strategy
9
Product Extensions and New Markets
10
The Network Associates Security Portfolio
Network Associates Complete Threat Protection
System Protection Solutions
Network Protection Solutions
  • Anti Virus - McAfee AntiVirus 1 in corporate
    usage, now with online solutions for employee and
    partner usage
  • Enterprise Spam McAfee SpamKiller Exchange
    gateway products
  • Host Intrusion Prevention McAfee Entercept
    stopped Slammer in production networks
  • Policy Enforcement ePO 1 hour global react
    time. Rogue machine under development.
  • Network Intrusion Prevention McAfee
    IntruShield blocks at gigabit speeds
  • Security Forensics InfiniStream Security
    Forensics high speed collection analysis
  • Network Instrumentation - Sniffer Network
    Protection Architecture
  • Network and Application Management - nPO Solution

11
Protection Against New Known Attacks
Policy Enforcement Remediation
Forensic Analysis
12
System Protection Solutions
SpamKiller Enterprise
13
McAfee VirusScan - Desktop Server
  • Windows NT4.0/XP/2000, Windows Server
    NT4.0/2000/2003 plus Cellera Citrix
  • On-Access, On-demand, Scheduled, Memory, Email
    Scanning
  • Centralized Management and Graphical Reporting
  • ePolicy Orchestrator including 3.0 support
  • Sophisticated Automatic Updating
  • AutoUpdate via http, ftp, UNC share, local or
    mapped drives
  • Incremental DATs, full DATs, engine updates,
    Extra.DATs, service packs, or hot-fixes
  • Resumable updating
  • Extensive Language Support
  • 13 Languages
  • Microsoft Multilingual User interface (MUI)
    support

14
McAfee SpamKiller
  • Rules-Based Scanning and Scoring, 650 Rules
  • 5 protection levels
  • Integrity analysis - Examines the header, layout
    and organization of each email message, to
    identify the common characteristics of spam
  • Heuristic Detection - Many rules are automated
    based on known spam characteristics
  • Content Filtering - Detects keywords and phrases
  • Black and White Lists - A Whitelist defines
    acceptable senders of email A Blacklist defines
    unwanted and unacceptable senders of email
  • Self Tuning - Adjusts the spam score for senders
    who have been previously accepted senders of
    legitimate email

15
Entercept Host Intrusion Protection
  • Host-based intrusion protection software that
    implements
  • Signature-based detection
  • Anomaly-based detection
  • Behavior-based detection

16
Entercept Host Intrusion Protection
17
ePolicy Orchestrator
  • Centralized control visibility of malicious
    code defenses
  • Deploy maintain updated protection
  • Update 50,000 devices in less than one hour
  • Distribute weekly/emergency DATS, engines, SPs,
    Hot fixes, Extra.Dats, patches
  • Identify and protect new devices and machines
  • Configure enforce policies centrally
  • Lock down automate your policy
  • Customize policy to combat new threats
  • Coordinate defenses for blended threats
  • Monitor activity with total visibility
  • Am I protected? Am I infected?
  • View key one page executive summaries
  • Track an outbreak to its source
  • Initiate and report on viral vulnerability scans

18
McAfee Security AVERT- Anti-Virus Emergency
Response Team
  • Leading AV research team w/ 50 years combined
    experience
  • Global presence
  • 365 days/year, 7 days/week, 24 hours/day!
  • Advanced virus analysis and research
  • Leading-edge anti-virus services
  • Driving scan engine development

19
Network Protection Solutions
Sniffer Wireless
20
IntruVert Network Intrusion Prevention
Industrys first real-time network intrusion
prevention against known, unknown and DoS attacks
21
IntruVert Network Intrusion Prevention
22
IntruShield Next Generation IDS
  • Accurate detection and real-time prevention
  • Unprecedented Intrusion Intelligence
  • Comprehensive integrated protection
  • Advanced signature, Anomaly, DoS detection
  • Scalability and deployment flexibility
  • In-line, Tap, SPAN, Port clustering, High
    Availability
  • Delivers Security Return on Investment (ROI)

23
InfiniStream Security Forensics
  • Network traffic forensic software based on Traxis
    stream-to-disk technology
  • Continuously capture and store network traffic
  • Stores up to 2.5 days of traffic at gigabit
    speeds in 2.7 TeraBytes of storage
  • Reconstruct, replay, and investigate specific
    events, such as security breaches and network
    slowdowns
  • Allows in-depth understanding of the root cause
    of costly problems to prevent them from happening
    again

24
Sniffer Technologies
  • Network Instrumentation - Sniffer Network
    Protection Architecture
  • Expert Analysis in the Field - Sniffer Portable
  • Protocol Analysis in a Single Network Appliance -
    Sniffer Distributed
  • Manage wireless LAN 802.11b environments -
    Sniffer Wireless
  • Analyze Voice/Data convergence - Sniffer Voice
    Over IP
  • Small Business Network Analysis - Sniffer
    Investigator
  • Network and Application Management - nPO
    Solution

25
The Intrusion Protection Challenge
  • Intrusion Protection technologies are nascent in
    nature
  • Intrusion protection is addressing a
    fundamentally hard, if not intractable problem
  • Regardless of the difficulty, the need remains
    high
  • Requires substantial RD partnership among
    government, industry, and academia

26
Network Associates Laboratories
  • Vision
  • To be internationally recognized as the leading
    authority in intrusion protection research
  • Mission
  • To conduct fundamental and applied research and
    to develop prototype applications that provide
    highly accurate, highly automated approaches to
    computer and network security and response

27
Network Associates Labs Organization and Projects
HIP
NIP
SPM
TAVA
HPAF
WIP
MCD
Host Intrusion Protection
Network Intrusion Protection
Security Policy Mgmt
Threats, Attacks, Vulnerabilities Architectures
High Performance Assurance Forensics
Wireless Intrusion Protection
Malicious Code Defense
Trusted BSD SELinux Wrappers SHIM
IDIP/CITRA ANIDR NetBouncer FloodWatch CORBA Java
RMI ITDOS
RBAC TBAC TMAC CBAC ABAC
Metrics
GINSU Sniffer IXP
DoS DDoS Worms Anti-Spam
802.11b
Windows Palm OS WinCE
IDMANET
Spice IDioM
Semantic Processor
Windows Palm OS WinCE
HESSI TWNA Sequoia 3RG
De-Worm SPMA SADD
28
Mapping Labs RGs to BU Strategy
HIP
NIP
WIP
MCD
SPM
HPAF
TAVA
29
Host Intrusion Protection
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • E-Business Server
  • Host-based security and intrusion prevention from
    the operating system out
  • Automatic and highly accurate intrusion
  • Identification, detection, impact, response,
    forensics, remediation and incident management
  • Open source secure operating systems and boot
    loaders
  • Trusted BSD (5.0)
  • Security Enhanced Linux
  • Generic software wrappers
  • Secure Windows systems
  • X-Windows
  • MS Windows
  • Secure Middleware programs
  • FTP, SMTP, HTTP, CORBA
  • Groupshield
  • WebShield
  • SpamKiller
  • Medium Enterprises (251-2000)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • E-Business Server
  • Groupshield
  • WebShield
  • SpamKiller
  • Small Business (lt 251)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • Consumers
  • McAfee VirusScan
  • McAfee SpamKiller
  • McAfee Personal Firewall

30
Host Intrusion Protection
BU Research
Government Research
  • Operating Systems
  • e500 Linux platform security evaluation
  • Sniffer re-hosting
  • Operating Systems
  • Trusted BSD Framework
  • Security Enhanced Linux
  • Intrusion Protection
  • Guaranteed Internet stack utilization (GINSU)
  • Generic software wrappers
  • System health and intrusion monitoring (SHIM)
  • Intrusion Protection
  • Response and Remediation
  • Security Engineering
  • Porting and testing for VirusScan engine OEM
    customers
  • Security Engineering
  • Commercial OS audit facilities

31
Network Intrusion Protection
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • Sniffer nPO
  • Sniffer Distributed
  • Sniffer Portable
  • Infinistream Forensics
  • Preventing intrusions from entering and
    traversing wired and wireless networks
  • Analyzing, interpreting, filtering, and shaping
    network traffic, and
  • Rapidly coordinating other defensive actions on
    hosts, gateways, network monitors, management
    components, and specialized security devices
  • Components and protocols focused on network
    devices and protocols
  • Coordinated intrusion traceback and response
    architectures and protocols for large enterprises
  • QoS and intrusion detection/correlation in wired
    and wireless networks, e.g., MANETs
  • Mobile-code-based network security components
  • DDoS and worm defense
  • Protocol interpretation and filtering in
    monitoring devices and security gateways such as
    firewalls, routers, switches, and guards
  • NetShield
  • e500/e1000
  • IntruShield Network IDS
  • Medium Enterprises (250-2000)
  • Sniffer nPO
  • Sniffer Distributed
  • Sniffer Portable
  • Sniffer Wireless
  • NetShield
  • e250
  • IntruShield Network IDS
  • Small Business (lt 250)
  • Sniffer Portable
  • Sniffer Wireless
  • IntruShield Network IDS
  • Consumers
  • McAfee Personal Firewall

32
Network Intrusion Protection
BU Research
Government Research
  • Coordinated Analysis
  • End-Host Corroboration IRD
  • Coordinated Action
  • Intrusion Detection Interface Protocol(IDIP),
    CITRA/IDIP
  • Adaptive Network Intrusion Detection Response
    (AN-IDR)
  • Intrusion Detection in Mobile Ad Hoc Nets (ID
    MANET)
  • Dynamic Quarantine (DQ)
  • Network Traffic
  • Custom ICA proxy for Gauntlet firewall
  • SSL Transparency IRD
  • Web Services Security Study IRD
  • .NET Monitoring and Filtering IRD
  • Network Traffic
  • NetBouncer
  • DDOS Tolerant Networks (FloodWatch)
  • Security and QoS in MANETs (SEQUOIA)
  • IIOP Interpreter
  • Security Engineering
  • Intrusion Blocker for Cable/DSL Routers
  • Sniffer SRM Security Study
  • ePO vs. SEMS Analysis IRD
  • Security Engineering
  • DDoS Testbed Study
  • OASIS Dem / Val

33
Wireless Intrusion Protection
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • Sniffer Mobile
  • Sniffer Wireless
  • Infinistream Forensics
  • Research, analyze, study, and develop solutions
    for security issues in emerging wireless
    protocols
  • 802.11 Security
  • Apply cryptographic technologies to security
    issues in wireless protocols
  • Techniques for the physical and link levels
  • Ad-hoc wireless security
  • Low energy cryptographic techniques
  • Low bandwidth cryptographic protocols
  • Efficient key management
  • VirusScan for PDAs
  • VirusScan Mobile
  • ePO for Wireless
  • Medium Enterprises (250-2000)
  • Sniffer Mobile
  • Sniffer Wireless
  • Infinistream Forensics
  • VirusScan for PDAs
  • VirusScan Mobile
  • ePO for Wireless
  • Small Business (lt 250)
  • Sniffer Mobile
  • Sniffer Wireless
  • Infinistream Forensics
  • VirusScan for PDAs
  • VirusScan Mobile
  • ePO for Wireless
  • Consumers
  • McAfee VirusScan for PDAs

34
Wireless Intrusion Protection
BU Research
Government Research
  • Wireless Security
  • 2.5G / 3G Wireless Security Study IRD
  • Wireless Security
  • 802.11 security
  • Wireless Mobile Ad-Hoc Networks (MANETs)
  • Identity-based Group Key Management
  • Message Authentication Streams
  • Joint Iterative Decoding and Authentication
  • MANET Routing Protocol Security
  • Intrusion Detection for MANETs
  • Wireless Security Engineering
  • Secure Access Point (SAP)

35
Malicious Code Defense
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • McAfee SpamKiller
  • Stop malicious code from damaging computers and
    networks, and maintain system availability while
    under attack
  • Research strategy
  • Know the attackers methods
  • Recognize attacks when they occur
  • Prevent or limit the damage from the attacks
  • Operate through the attacks
  • Put the research to use
  • Research areas
  • Malware technology and trends
  • Formal models of malicious code
  • Next-generation malicious code detection
  • Zero-day worm detection and containment
  • Comprehensive malware scanning
  • Intrusion tolerance and self-regeneration
  • SPAM detection and blocking
  • Source attribution
  • Medium Enterprises (250-2000)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • McAfee SpamKiller
  • Small Business (lt 250)
  • McAfee VirusScan
  • ePolicy Orchestrator
  • Entercept IDS
  • McAfee SpamKiller
  • Consumers
  • McAfee AntiVirus
  • McAfee Personal Firewall
  • McAfee SpamKiller

36
Malicious Code Defense
BU Research
Government Research
  • Malicious Code Detection Response
  • Jigsaw-based Correlation IRD
  • Malicious Code Detection Response
  • Mission-Aware Rapid Quarantine for Enterprise
    Environments (MARQUEE)
  • Malware technology and trends
  • Formal models of malicious code
  • Malicious Code Engineering
  • Secure Protected Development Repository (SPDR)
  • State-of-the-Art in Decompilation and Disassembly
    (SADD)
  • Anti-Spam
  • Steganographic Analysis of Metamorphic Virii
  • Advanced Anti-spam Detection Techniques
  • Detecting Washing Stego Images

37
Security Policy Management
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • McAfee ePolicy Orchestrator (ePO)
  • Sniffer nPO Manager
  • Sniffer nPO Visualizer
  • IntruVert Security Manager (ISM)
  • Efficient manageable security policy solutions
  • Investigate, implement and validate mechanisms
    that support distributed security policy
  • Authoring,
  • Distribution,
  • Enforcement, and
  • Management
  • Component mechanisms supporting security policy
    and management systems
  • Access Control Techniques and Mechanisms
  • Policy Definition Languages
  • Medium Enterprises (250-2000)
  • McAfee ePolicy Orchestrator (ePO)
  • Sniffer nPO Manager
  • Sniffer nPO Visualizer
  • IntruVert Security Manager (ISM)
  • Small Business (lt 250)
  • McAfee ePolicy Orchestrator (ePO)
  • Sniffer nPO Manager
  • Sniffer nPO Visualizer
  • IntruVert Security Manager (ISM)
  • Consumers
  • McAfee VirusScan
  • McAfee Personal Firewall
  • McAfee SpamKiller

38
Security Policy Management
BU Research
Government Research
  • Security Policy Management
  • Policy Conflict Compromise IRD
  • Policy Expansion Propagation IRD
  • Security Policy Management
  • Security policy configuration and enforcement
    across different platforms and mechanisms
  • High-level security policy definition and
    specification
  • Access Controls
  • Attribute-based Access Control (ABAC)
  • Role-based Access Control (RBAC)
  • Team-based Access Control (TBAC)
  • Coalition-based Access Control (CBAC)

39
High-Performance Assurance Forensics
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • Sniffer Distributed
  • Sniffer Portable
  • Infinistream
  • Cyprus 6040
  • High-performance appliances
  • System architecture design and implementation
    trade-offs
  • Packet classification, content inspection, and
    semantic processing
  • Techniques for improving the speed and accuracy
    of Anti-Virus, Anti-Worm, Anti-Spam, IDS/IPS,
    Sniffer, and network capacity planning and
    management
  • Network processors, high-bandwidth wireless
    networks, and storage area nets
  • Forensic analysis and situation assessment
  • Data mining, data collection, reduction, and
    normalization
  • Machine learning algorithms and applications
  • Visualization techniques
  • Techniques to improve the speed, accuracy and
    understanding of data aggregation, information
    processing and decision-making, and presentation
  • Domain-specific application analysis and
    information gathering
  • Medium Enterprises (250-2000)
  • Sniffer Distributed
  • Sniffer Portable
  • Infinistream
  • Small Business (lt 250)
  • Sniffer Distributed
  • Sniffer Portable
  • Infinistream
  • Consumers

40
High-Performance Assurance Forensics
BU Research
Government Research
  • High-performance Appliances
  • Sniffer IXP
  • Stream-to-disk (STD) study IRD
  • High-performance Appliances
  • NetBouncer
  • Active Network Intrusion Detection and Response
    (AN-IDR)
  • FloodWatch
  • Security Evaluation
  • Sniffer 6040 Security Evaluation
  • Sniffer Infinistream Security Evaluation

41
Threats, Attacks, Vulnerabilities and
Architectures
Current Products
Current Research
  • Large Enterprises (gt 2000)
  • McAfee VirusScan, ThreatScan, ePolicy
    Orchestrator, SpamKiller
  • Entercept IDS
  • Intruvert IntruShield
  • Identification and characterization through
    models, taxonomies, patterns, and
    representational tools
  • Threats to our security systems including
    hackers, spies, terrorists, vandals, military
    forces, etc.
  • Attack mechanisms by which threats target our
    systems, networks, and information infrastructure
    including study of preconditions and dependencies
  • System, network, and application vulnerabilities
    by which security objectives are compromised --
    their origin, properties, manifestation in
    software and hardware, and remediation
  • Architectural strategies and solutions to counter
    potential security threats
  • Both novel and those resulting from the
    integration of current technologies
  • Metrics, measurement techniques, and
    probabilistic techniques by which the
    effectiveness of specific security solutions and
    the composition of security solutions may be
    characterized and differentiated
  • Medium Enterprises (250-2000)
  • McAfee VirusScan, ThreatScan, ePolicy
    Orchestrator, SpamKiller
  • Entercept IDS
  • Intruvert IntruShield
  • Small Business (lt 250)
  • McAfee VirusScan, ThreatScan, ePolicy
    Orchestrator, SpamKiller
  • Entercept IDS
  • Intruvert IntruShield
  • Consumers
  • McAfee VirusScan, ThreatScan, SpamKiller

42
Threats, Attacks, Vulnerabilities and
Architectures
BU Research
Government Research
  • Security Metrics Seedlings
  • Metrics for Key Management Systems
  • Measuring Assurance in Cyberspace
  • Unifying Threat, Attack, Vulnerability
    Taxonomies
  • Future Threats
  • AVERT
  • Network Associates Labs
  • Entercept
  • InruVert
  • Other
  • Security Patterns
  • Virus Threats
  • AVERT

43
Our Customers and Partners
Our customers and partners include Government
agencies, leading technology corporations, and
leading universities
44
Emerging Technology Partnership
  • Network Associates Laboratories is seeking
    partners with whom to deploy emerging intrusion
    protection technologies in operational
    environments to support assessment
  • We actively seek teaming relationships with
    leading-edge, university-based information
    security researchers

45
Summary
  • Problems with malicious activity are increasing
  • Products are available to solve some of the
    problems
  • Research must be focused to keep up with and
    eventually get ahead of problems
  • Partnership among government, industry, and
    academia is the solution

46
Questions?
Write a Comment
User Comments (0)
About PowerShow.com