SlideShare a Scribd company logo

Extending Your Network Cloud Security to AWS

Fidelis Cybersecurity, profile picture
Fidelis Cybersecurity

Fidelis Cybersecurity and Netgate TNSR aim to enhance network security in AWS environments with open-source networking solutions, effectively automating threat detection and response strategies. The TNSR platform facilitates high-speed traffic monitoring and integrates seamlessly with Fidelis sensors to provide comprehensive visibility and protection against data loss and theft. Recommended next steps include exploring proof of concept options for full platform deployments or individual products tailored to user needs.

Technology
Related topics:
Cloud Security InsightsNetwork Security Information Security Amazon Web Services
1 of 24
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Fidelis Network and Netgate TNSR Extending Your Network Security toAWS
© Fidelis Cybersecurity Agenda Introductions Cloud Migration AWS Cloud Port Mirroring Netgate TNSR Fidelis Elevate Threat Detection/Hunting Q&A David Weber Director Product Management Netgate Tom Clare Product/Technical Marketing Fidelis Cybersecurity 2
© Fidelis Cybersecurity Netgate® • The open-source secure networking company • We productize open-source networking and security software for enterprise and service provider use • Host of the pfSense® project • Over 1 million+ installs worldwide • Developer of TNSR™ • An open-source packet processing software platform • Firewall, routing, VPN, and other secure networking needs • Unparalleled performance, mgmt orchestration & services flexibility • Bare metal, VM, & Cloud Native capable 3 Your Network Transformed Scale up and out with freedom from expensive, proprietary vendor lock-in.
© Fidelis Cybersecurity Automate Threat Detection, Hunting & Response with The Fidelis Elevate™ Platform 4 Accuracy. Clarity. Certainty. • Gain threat visibility into networks, endpoints, cloud and enterprise IoT • See north-south traffic, lateral movement, and traffic going in and out of your network • Automate detection and response to reduce exposure and risk to data • Immediately respond to endpoint threats • Prevent data leakage and exfiltration • Reduce dwell time with an active post- breach defense
© Fidelis Cybersecurity Cloud Migration On-Premises Co-Location Hosting IaaS PaaS SaaS Data Data Data Data Data Data Applications Applications Applications Applications Applications Applications Databases Databases Databases Databases Databases Databases Operating System Operating System Operating System Operating System Operating System Operating System Virtualization Virtualization Virtualization Virtualization Virtualization Virtualization Physical Servers Physical Servers Physical Servers Physical Servers Physical Servers Physical Servers Network & Storage Network & Storage Network & Storage Network & Storage Network & Storage Network & Storage Data Center Data Center Data Center Data Center Data Center Data Center STRATEGY → Off-Site Rehost Refactor Rebuild Replace 5 “On average, 40-60% of applications migrated to cloud by 2021” – Gartner CATALYST 2018
© Fidelis Cybersecurity AWS IaaS 6 Amazon Elastic Compute (EC2) • Virtual Computing On-Demand • Server Instances (Machine Images) • Pre-Defined Templates • Elastic Block Store (EBS) Virtual Private Cloud (VPC) • Virtual Network per AWS Account • Logically Isolated within AWS Cloud • Supports Public/Private Subnets • Security Groups and Network ACLs
© Fidelis Cybersecurity Security Responsibility 7 AWS Shared Responsibility Model
© Fidelis Cybersecurity8
© Fidelis Cybersecurity TNSR Platform Architecture Open Source Value and Freedom Flexible Deployment Models
© Fidelis Cybersecurity TNSR Management Orchestration Automation. Freedom. Scale. Cost Collapse. Configuration Management and Orchestration Tools Secure Networking Data Plane
© Fidelis Cybersecurity GRE Tunnel Netgate TNSR and Fidelis Network Customer VPC Fidelis VPC N-S N-S E-W E-W App Server Web Server Fidelis CommandPost Fidelis Network Sensor
© Fidelis Cybersecurity Fidelis Multiple Sensors SMTPSMTP Email (SMTP) Fidelis Collector Fidelis DirectFidelis CommandPost Fidelis Internal On-Premises or Cloud Fidelis Mail DMZ ICAP Web (HTTP, FTP) Fidelis Web Fidelis Insight Enterprise File Shares, SharePoint Servers, Databases, etc. High-Value Assets Big Data Analytics Perimeter Firewall / IPS Email Servers (Exchange) Email Gateways HTTP / FTP Proxies 12 Fidelis Sandbox Fidelis Endpoint (object requests Into Collector)
© Fidelis Cybersecurity Fidelis Collector • Metadata storage and security analytics component • Metadata – information about other information • Retrospective and historical analysis (up to 360 days) • ~90% of data, ~20% of storage expense, on-premise or Fidelis Cloud • Metadata characteristics: - All ports & protocols, including unknown protocol session data - Non-selective session recording, no sampling or dropped data - Network metadata (about 2% of session size) - Structured metadata, over 300 attributes indexed and easily searchable - Enhanced metadata (e.g. alerts, threat intel, geo-location, policy tagging, ID2IP) 13
© Fidelis Cybersecurity Types of Metadata • Investigation and Response Alert pivots and hunting by switching between content and context of sessions • Automatic Retrospective Application of Threat Intelligence • Cross Session Correlation, plus Security Analytics • Network Visibility & Profiles See patterns not seen in firewall logs or SIEM dashboards • Anomaly Detection Frequent and rare instances of attributes, plus cross session, multi-faceted and behavioral analysis 14 Plus custom tags!
© Fidelis Cybersecurity Metadata Query Examples Have I seen this document of interest on the network before? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. Who else has sent or received this document of interest? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. What other data has this user sent? Query: Map out all data from this user, what was sent and where it went. Where has the phrase “Treadstone” been seen on the network within the last month? Tag sessions containing phrase or keywords of interest. Query: Search for tagged sessions. What documents contain specific header/footer text? Query: List all network sessions in the last 30 days that contained a document with a header/footer that contains specific text. Alerts from automatic analytics based on events, event rates, event sequences, and frequency. Analytic view of frequent/rare values across 100s of metadata attributes. 15
© Fidelis Cybersecurity Metadata Comparison NetFlow Data SIEM / Log Collectors Fidelis Metadata Full Packet Capture (PCAPs) Data • Source/Destination • Transport Protocol • Type of Service • Session Duration • Unstructured Log Data • Normalize & Correlate • NGFW, IDPS, VPN, AV/EP, DLP • Apps, Databases & Web Servers • Email / Web Gateways & CASBs • Network Infrastructure • Inventory & Vulnerabilities • Indexed, Ready To Use • Network, Endpoint, Cloud • Web/Email Sensors • Transport & Protocols • Applications & Files • Web Apps & Social Media • Email, IRC, Telnet, TOR, etc. • Encrypted Web Access • Certificates • Documents & Archives • Embedded Objects • Executable Files • Others (Flash, Java, XML) • Custom Defined Tags • Raw Packet Data • Network DVR Capture • Endpoint DVR Capture • Encoded, Unassembled • Forensic Evidence Pros / Cons • Misses Context • Not Enough Data • Resource Intensive/$$$ • Compliance/Audit Driven • Challenge to Define Rules • Few Rules – Miss Alerts • Many Rules – High FPs • Detect Known w/Threat Intel. • UEBA Requires More Data • SOC, Timeline, Investigations • Rarely Detects Advanced Threats • ~90% of Data, 20% of Cost • Focus on Threat Detection • Data Loss / Data Theft • Cross Session Analysis • Apply Threat Intelligence • Large Data Volumes • Expensive to Store • Unable to Query • Cannot Apply Threat Intel. • Timely to Decode/Assemble • Forensic Skills Required
© Fidelis Cybersecurity Fidelis Network Visibility & Detection 17 Traffic Analysis Expose misuse of assets Proxy and security circumvention Discover encryption misuse All ports, all protocols Content Analysis Deep Session Inspection® Deep Packet Inspection Deep Content Inspection Data Leakage/DLP Zip, RAR, JAR, Archive file extraction Malware Detection Advanced Multi-tiered Malware Detection Heuristic Analysis Sandbox Execution Analysis Machine Learning Based Detection C2 Detection Threat Detection Custom Protocol Detection De-Obfuscation Internal Threats Detection Behavioral Analytics Historical Analytics Threat Hunting Reputation Feed Matching STIX/TAXII YARA, Suricata Support Open Policy Interface Historical Analysis 1 0 1 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 0 1 1 1 1 1 0 1 Sensors Cloud, Gateway, Internal. Email, Web Metadata 300+ Attributes & Custom Tags Multi-Defenses Real-time & Retrospective Analysis Threat Intelligence Fidelis, 3rd Party, Internal Automation Detection, Investigation, Response
© Fidelis Cybersecurity18 See patterns in network activity Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats …!!!?!??! BEST CASE Hours or Days Review alert and determine what info is needed to validate it. If compromised, figure out if you should clean it or re-image it. Wonder to yourself if that’s the only compromised endpoint. Then move on. Manually update your firewall and breach detection rules. Get info back from IT. It’s wrong (or not enough). Open a ticket with IT to ask someone to go get the information. Review information and determine if the endpoint is compromised. ADay in the Life of a Security Team – Without Fidelis
© Fidelis Cybersecurity19 Fidelis automates response playbooks. TYPICAL CASE MINUTES (vs. Hours or Days) Fidelis detects, validates and creates a real alert. You decide on remediation activity and initiate it. Fidelis automatically prevents the threat going forward. Fidelis finds everywhere else the same thing that occurred now and in the past. Fidelis automatically gathers all relevant info for investigation. AUTOMATED AUTOMATED ADay in the Life of a Security Team – With Fidelis See beaconing and block it Monitor for and prevent exfiltration of data See patterns in network activity Identify and stop malicious network behavior See lateral movement See all endpoint activity and respond to threats Perform real-time and historical analysis
© Fidelis Cybersecurity20 ▪ See across all traffic, all ports, all protocols, lateral movement and all endpoint activity ▪ Discover and classify all network assets, including enterprise IoT ▪ Decode and analyze embedded sessions with patented Deep Session Inspection® ▪ Inspect all content flowing over the network – from both threat and data loss perspective Deep Visibility ▪ Automate response - isolate the endpoint, rollback to previous snapshot, CVE scanning, jumpstart playbooks, and more ▪ Confirm and stop data theft by content inspection of all outgoing network activity Faster Response ▪ Capture and store all metadata for real-time and retrospective analysis ▪ Accurate and fast detection driven by curated threat intelligence, integrated sandboxing, machine learning algorithms to extract IoCs, and AV ▪ Automatically validate, consolidate, and correlate network alerts against every endpoint Accurate Detection Gain Full Visibility, Detect and Respond to Threats Faster with Fidelis Elevate
© Fidelis Cybersecurity 24x7 Managed Detection and Response (MDR) Let Us Be Your Threat Hunting and Data Leakage Mitigation Team 21 Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards
© Fidelis Cybersecurity Summary TNSR serves as a cloud gateway with built-in traffic monitoring Delivers high-speed traffic directly to Fidelis Network sensors running in AWS No agents required No modifications to user-defined routes required Delivery over GRE (ERSPAN) or VXLAN 23 Advanced visibility, threat detection, and data loss/theft detection Now capable of securing applications and data hosted within AWS Deep visibility Accurate detection Fast response by
© Fidelis Cybersecurity Next Steps: Proof of Concept 24 Find the Blind Spots in Your Security Stack ▪ Highly recommended next step ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ Cloud with Netgate TNSR ▪ On-premise with sensors ▪ We work with you to define success criteria and timeline https://www.fidelissecurity.com/products/network/demo
Thank You!

More Related Content

PDF
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
PDF
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
PDF
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
PDF
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
PDF
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
PDF
Extend Network Visibility and Secure Applications and Data in Azure
Fidelis Cybersecurity
 
PDF
The State of Threat Detection 2019
Fidelis Cybersecurity
 
PDF
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Fidelis Cybersecurity
 
The State of Threat Detection 2019
Fidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 

What's hot (20)

PPTX
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Fidelis Cybersecurity
 
PDF
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
PDF
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
PDF
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
PPTX
kill-chain-presentation-v3
Shawn Croswell
 
PPTX
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
PPTX
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
PDF
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
POTX
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
PPTX
Disección de amenazas en entornos de nube
Cristian Garcia G.
 
PPTX
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
PDF
Moving Beyond Zero Trust
scoopnewsgroup
 
PDF
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
PDF
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Shah Sheikh
 
PDF
ATP Technology Pillars
Priyanka Aash
 
PDF
Cyber Kill Chain Deck for General Audience
Tom K
 
PPTX
Ransomware Has Evolved And So Should Your Company
Veriato
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
kill-chain-presentation-v3
Shawn Croswell
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
Disección de amenazas en entornos de nube
Cristian Garcia G.
 
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
Moving Beyond Zero Trust
scoopnewsgroup
 
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Shah Sheikh
 
ATP Technology Pillars
Priyanka Aash
 
Cyber Kill Chain Deck for General Audience
Tom K
 
Ransomware Has Evolved And So Should Your Company
Veriato
 
Ad

Similar to Extending Your Network Cloud Security to AWS (20)

PDF
Fidelis Cybersecurity Overview
David Legh-Page AME,SCE
 
PPTX
The Internal Signs of Compromise
FireEye, Inc.
 
PPTX
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Positive Hack Days
 
PPTX
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
PPTX
Security and-visibility
edwardstudyemai
 
PPT
FireEye Report.ppt
DubemJavapi
 
PDF
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
PDF
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
PPTX
Detection Rules Coverage
Sunny Neo
 
PDF
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
James Perry, Jr.
 
PDF
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
NetworkCollaborators
 
PPTX
FortinetFortinetFortinetFortinetFortinetFortinetFortinetFortinetFortinet
BayuAlam2
 
PPTX
Novetta Cyber Analytics
Novetta
 
PPTX
SAM05_Barber PW (7-9-15)
Norm Barber
 
PPT
Verisign iDefense Security Intelligence Services
TechBiz Forense Digital
 
PPT
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
PPT
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
PDF
Unified Protection for Multi-Cloud Infrastructure
MarketingArrowECS_CZ
 
PDF
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
pladott1
 
PDF
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Fidelis Cybersecurity Overview
David Legh-Page AME,SCE
 
The Internal Signs of Compromise
FireEye, Inc.
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Positive Hack Days
 
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Security and-visibility
edwardstudyemai
 
FireEye Report.ppt
DubemJavapi
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
Detection Rules Coverage
Sunny Neo
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
James Perry, Jr.
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
NetworkCollaborators
 
FortinetFortinetFortinetFortinetFortinetFortinetFortinetFortinetFortinet
BayuAlam2
 
Novetta Cyber Analytics
Novetta
 
SAM05_Barber PW (7-9-15)
Norm Barber
 
Verisign iDefense Security Intelligence Services
TechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
Unified Protection for Multi-Cloud Infrastructure
MarketingArrowECS_CZ
 
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
pladott1
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Ad

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 

Extending Your Network Cloud Security to AWS

  • 1. Fidelis Network and Netgate TNSR Extending Your Network Security toAWS
  • 2. © Fidelis Cybersecurity Agenda Introductions Cloud Migration AWS Cloud Port Mirroring Netgate TNSR Fidelis Elevate Threat Detection/Hunting Q&A David Weber Director Product Management Netgate Tom Clare Product/Technical Marketing Fidelis Cybersecurity 2
  • 3. © Fidelis Cybersecurity Netgate® • The open-source secure networking company • We productize open-source networking and security software for enterprise and service provider use • Host of the pfSense® project • Over 1 million+ installs worldwide • Developer of TNSR™ • An open-source packet processing software platform • Firewall, routing, VPN, and other secure networking needs • Unparalleled performance, mgmt orchestration & services flexibility • Bare metal, VM, & Cloud Native capable 3 Your Network Transformed Scale up and out with freedom from expensive, proprietary vendor lock-in.
  • 4. © Fidelis Cybersecurity Automate Threat Detection, Hunting & Response with The Fidelis Elevate™ Platform 4 Accuracy. Clarity. Certainty. • Gain threat visibility into networks, endpoints, cloud and enterprise IoT • See north-south traffic, lateral movement, and traffic going in and out of your network • Automate detection and response to reduce exposure and risk to data • Immediately respond to endpoint threats • Prevent data leakage and exfiltration • Reduce dwell time with an active post- breach defense
  • 5. © Fidelis Cybersecurity Cloud Migration On-Premises Co-Location Hosting IaaS PaaS SaaS Data Data Data Data Data Data Applications Applications Applications Applications Applications Applications Databases Databases Databases Databases Databases Databases Operating System Operating System Operating System Operating System Operating System Operating System Virtualization Virtualization Virtualization Virtualization Virtualization Virtualization Physical Servers Physical Servers Physical Servers Physical Servers Physical Servers Physical Servers Network & Storage Network & Storage Network & Storage Network & Storage Network & Storage Network & Storage Data Center Data Center Data Center Data Center Data Center Data Center STRATEGY → Off-Site Rehost Refactor Rebuild Replace 5 “On average, 40-60% of applications migrated to cloud by 2021” – Gartner CATALYST 2018
  • 6. © Fidelis Cybersecurity AWS IaaS 6 Amazon Elastic Compute (EC2) • Virtual Computing On-Demand • Server Instances (Machine Images) • Pre-Defined Templates • Elastic Block Store (EBS) Virtual Private Cloud (VPC) • Virtual Network per AWS Account • Logically Isolated within AWS Cloud • Supports Public/Private Subnets • Security Groups and Network ACLs
  • 7. © Fidelis Cybersecurity Security Responsibility 7 AWS Shared Responsibility Model
  • 9. © Fidelis Cybersecurity TNSR Platform Architecture Open Source Value and Freedom Flexible Deployment Models
  • 10. © Fidelis Cybersecurity TNSR Management Orchestration Automation. Freedom. Scale. Cost Collapse. Configuration Management and Orchestration Tools Secure Networking Data Plane
  • 11. © Fidelis Cybersecurity GRE Tunnel Netgate TNSR and Fidelis Network Customer VPC Fidelis VPC N-S N-S E-W E-W App Server Web Server Fidelis CommandPost Fidelis Network Sensor
  • 12. © Fidelis Cybersecurity Fidelis Multiple Sensors SMTPSMTP Email (SMTP) Fidelis Collector Fidelis DirectFidelis CommandPost Fidelis Internal On-Premises or Cloud Fidelis Mail DMZ ICAP Web (HTTP, FTP) Fidelis Web Fidelis Insight Enterprise File Shares, SharePoint Servers, Databases, etc. High-Value Assets Big Data Analytics Perimeter Firewall / IPS Email Servers (Exchange) Email Gateways HTTP / FTP Proxies 12 Fidelis Sandbox Fidelis Endpoint (object requests Into Collector)
  • 13. © Fidelis Cybersecurity Fidelis Collector • Metadata storage and security analytics component • Metadata – information about other information • Retrospective and historical analysis (up to 360 days) • ~90% of data, ~20% of storage expense, on-premise or Fidelis Cloud • Metadata characteristics: - All ports & protocols, including unknown protocol session data - Non-selective session recording, no sampling or dropped data - Network metadata (about 2% of session size) - Structured metadata, over 300 attributes indexed and easily searchable - Enhanced metadata (e.g. alerts, threat intel, geo-location, policy tagging, ID2IP) 13
  • 14. © Fidelis Cybersecurity Types of Metadata • Investigation and Response Alert pivots and hunting by switching between content and context of sessions • Automatic Retrospective Application of Threat Intelligence • Cross Session Correlation, plus Security Analytics • Network Visibility & Profiles See patterns not seen in firewall logs or SIEM dashboards • Anomaly Detection Frequent and rare instances of attributes, plus cross session, multi-faceted and behavioral analysis 14 Plus custom tags!
  • 15. © Fidelis Cybersecurity Metadata Query Examples Have I seen this document of interest on the network before? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. Who else has sent or received this document of interest? Query: Search all network sessions for the past three months for my document of interest based on hash, title, author, create date or other attributes. What other data has this user sent? Query: Map out all data from this user, what was sent and where it went. Where has the phrase “Treadstone” been seen on the network within the last month? Tag sessions containing phrase or keywords of interest. Query: Search for tagged sessions. What documents contain specific header/footer text? Query: List all network sessions in the last 30 days that contained a document with a header/footer that contains specific text. Alerts from automatic analytics based on events, event rates, event sequences, and frequency. Analytic view of frequent/rare values across 100s of metadata attributes. 15
  • 16. © Fidelis Cybersecurity Metadata Comparison NetFlow Data SIEM / Log Collectors Fidelis Metadata Full Packet Capture (PCAPs) Data • Source/Destination • Transport Protocol • Type of Service • Session Duration • Unstructured Log Data • Normalize & Correlate • NGFW, IDPS, VPN, AV/EP, DLP • Apps, Databases & Web Servers • Email / Web Gateways & CASBs • Network Infrastructure • Inventory & Vulnerabilities • Indexed, Ready To Use • Network, Endpoint, Cloud • Web/Email Sensors • Transport & Protocols • Applications & Files • Web Apps & Social Media • Email, IRC, Telnet, TOR, etc. • Encrypted Web Access • Certificates • Documents & Archives • Embedded Objects • Executable Files • Others (Flash, Java, XML) • Custom Defined Tags • Raw Packet Data • Network DVR Capture • Endpoint DVR Capture • Encoded, Unassembled • Forensic Evidence Pros / Cons • Misses Context • Not Enough Data • Resource Intensive/$$$ • Compliance/Audit Driven • Challenge to Define Rules • Few Rules – Miss Alerts • Many Rules – High FPs • Detect Known w/Threat Intel. • UEBA Requires More Data • SOC, Timeline, Investigations • Rarely Detects Advanced Threats • ~90% of Data, 20% of Cost • Focus on Threat Detection • Data Loss / Data Theft • Cross Session Analysis • Apply Threat Intelligence • Large Data Volumes • Expensive to Store • Unable to Query • Cannot Apply Threat Intel. • Timely to Decode/Assemble • Forensic Skills Required
  • 17. © Fidelis Cybersecurity Fidelis Network Visibility & Detection 17 Traffic Analysis Expose misuse of assets Proxy and security circumvention Discover encryption misuse All ports, all protocols Content Analysis Deep Session Inspection® Deep Packet Inspection Deep Content Inspection Data Leakage/DLP Zip, RAR, JAR, Archive file extraction Malware Detection Advanced Multi-tiered Malware Detection Heuristic Analysis Sandbox Execution Analysis Machine Learning Based Detection C2 Detection Threat Detection Custom Protocol Detection De-Obfuscation Internal Threats Detection Behavioral Analytics Historical Analytics Threat Hunting Reputation Feed Matching STIX/TAXII YARA, Suricata Support Open Policy Interface Historical Analysis 1 0 1 1 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 0 1 1 1 1 1 0 1 Sensors Cloud, Gateway, Internal. Email, Web Metadata 300+ Attributes & Custom Tags Multi-Defenses Real-time & Retrospective Analysis Threat Intelligence Fidelis, 3rd Party, Internal Automation Detection, Investigation, Response
  • 18. © Fidelis Cybersecurity18 See patterns in network activity Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats …!!!?!??! BEST CASE Hours or Days Review alert and determine what info is needed to validate it. If compromised, figure out if you should clean it or re-image it. Wonder to yourself if that’s the only compromised endpoint. Then move on. Manually update your firewall and breach detection rules. Get info back from IT. It’s wrong (or not enough). Open a ticket with IT to ask someone to go get the information. Review information and determine if the endpoint is compromised. ADay in the Life of a Security Team – Without Fidelis
  • 19. © Fidelis Cybersecurity19 Fidelis automates response playbooks. TYPICAL CASE MINUTES (vs. Hours or Days) Fidelis detects, validates and creates a real alert. You decide on remediation activity and initiate it. Fidelis automatically prevents the threat going forward. Fidelis finds everywhere else the same thing that occurred now and in the past. Fidelis automatically gathers all relevant info for investigation. AUTOMATED AUTOMATED ADay in the Life of a Security Team – With Fidelis See beaconing and block it Monitor for and prevent exfiltration of data See patterns in network activity Identify and stop malicious network behavior See lateral movement See all endpoint activity and respond to threats Perform real-time and historical analysis
  • 20. © Fidelis Cybersecurity20 ▪ See across all traffic, all ports, all protocols, lateral movement and all endpoint activity ▪ Discover and classify all network assets, including enterprise IoT ▪ Decode and analyze embedded sessions with patented Deep Session Inspection® ▪ Inspect all content flowing over the network – from both threat and data loss perspective Deep Visibility ▪ Automate response - isolate the endpoint, rollback to previous snapshot, CVE scanning, jumpstart playbooks, and more ▪ Confirm and stop data theft by content inspection of all outgoing network activity Faster Response ▪ Capture and store all metadata for real-time and retrospective analysis ▪ Accurate and fast detection driven by curated threat intelligence, integrated sandboxing, machine learning algorithms to extract IoCs, and AV ▪ Automatically validate, consolidate, and correlate network alerts against every endpoint Accurate Detection Gain Full Visibility, Detect and Respond to Threats Faster with Fidelis Elevate
  • 21. © Fidelis Cybersecurity 24x7 Managed Detection and Response (MDR) Let Us Be Your Threat Hunting and Data Leakage Mitigation Team 21 Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards
  • 22. © Fidelis Cybersecurity Summary TNSR serves as a cloud gateway with built-in traffic monitoring Delivers high-speed traffic directly to Fidelis Network sensors running in AWS No agents required No modifications to user-defined routes required Delivery over GRE (ERSPAN) or VXLAN 23 Advanced visibility, threat detection, and data loss/theft detection Now capable of securing applications and data hosted within AWS Deep visibility Accurate detection Fast response by
  • 23. © Fidelis Cybersecurity Next Steps: Proof of Concept 24 Find the Blind Spots in Your Security Stack ▪ Highly recommended next step ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ Cloud with Netgate TNSR ▪ On-premise with sensors ▪ We work with you to define success criteria and timeline https://www.fidelissecurity.com/products/network/demo