WATCHGUARD ENDPOINT SECURITY - Ivan De Tomasi Country Manager Italy & Malta - Passport by Exclusive
←
→
Trascrizione del contenuto della pagina
Se il tuo browser non visualizza correttamente la pagina, ti preghiamo di leggere il contenuto della pagina quaggiù
WATCHGUARD ENDPOINT SECURITY
Ivan De Tomasi
Country Manager Italy & Malta
ivan.detomasi@watchguard.com
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
I POSTI DI LAVORO ED IL MODO DI
LAVORARE SONO ORMAI CAMBIATI
Home office Car Coffee shop or library
On-site, using guest network Hotel or restaurant Customer sites
Sempre più spesso svolgiamo il nostro lavoro da ovunque ci troviamo: un posto di
vacanza, il nostro domicilio, un bar, ecc ....
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
SITUAZIONI CRITICHE DI ATTUALITA’, PURTROPPO Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
NUOVI
SIAMO SCENARI
SEMPRE LAVORATIVI CONNESSI
E COSTANTEMENTE
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
UNA STORIA IN LINEA First cloud based scanning
CON WATCHGUARD Released the first 100%cloud
based malware analysis tool. 100%Security Cloud
First vendor to move the entire
security portfolio in Cloud.
EPP + EDR released
Market Guide for EDR
First vendor to release a
full integrated single agent Panda Security was included
EPP and EDR solution in the Gartner Market Guide
for EDR
Inspirata dai cambiamenti tecnologici
Completamente focalizzata sul segmento
B2B
First EPP + EDR over MSS
Panda Security released the
Threat Hunting Service
completely embedded in
EDR
Customer Choice 2019
Panda Security was named
Customer Choice 2019 by
Gartner Peer Insight for EDR
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
6
PRODOTTI E MODULI
• Inventory and PII file classification
• Real time PII monitoring
Data Control • PII / non-PII search
DC • Delete PII in files
• Managed Full Disk Encryption via BitLocker
Disk Encryption • Centralized management and recovery encryption keys
• Centralized encryption policies
ENC • Encryption dashboards, widgets and reporting
• Patch management for Windows and 3rd party applications
Patch Management • End-of-Life application management
• Patch rollback and Windows Update service management (disable function)
PM • Arbitrary patching on specific software, patch or vendor: real time or scheduled patching tasks
• Real time preconfigured & customizable dashboards, reports and alerts
• Dashboards, widgets, and predefined queries for security KPIs
Advanced Reporting Tool • KPIs for vulnerable applications, access data and files, shadow files
ART • Raw data from: endpoint operations, network connections, data access, processes, etc.
• Real time data insights with custom actions
• Protection against sophisticated targeted attacks in the pre-execution and execution phases
• Detection of unknown exploits based on the behavior of compromised processes in memory
• Virtual patching for unsupported systems: behavior and context-based detection of IoAs in the execution phase
Adaptive Defense 360 • Machine Learning and Deep Learning on static, dynamic and contextual attributes
AD360 • 100% Classification Service and Threat Hunting & Investigation Service
• Unknown threats prevention and integration with SIEM platforms (optional)
• Containment from the console: isolate devices in a controlled way
• Web browsing category-based monitoring and filtering
Endpoint Protection Plus • Microsoft Exchange (on premise) email protection against phishing, malware and advanced threats
EPP • Microsoft Exchange (on premise) anti-spam protection
• Protection against malicious apps (malware, phishing, trojans, scripts and malicious macros in MS Office documents, etc.)
• Detection of Indicators of Attack (IoAs) in the pre-execution phase, Host Firewall (managed and personal) and Device Control
Endpoint Protection • HIPS, anti-tamper protection, automated disinfection and remediation with centralized quarantine
• Real time deployment of configuration policies and tasks, discovery of unmanaged devices, hardware and software inventory
EP • Mobile security and management (Android)
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
7
PRODOTTI E MODULI
DC
ENC
DC DC
PM
ENC ENC
ART
PM PM
ENC ART ART
ENC
ENC PM FUSION 360
(AD360 + SYSTEMS
AD
MANAGEMENT)
ART
PM
PM AD360
FUSION
X
(EPP + SYSTEMS
EPP MANAGEMENT) EPP
EP EP
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
PIATTAFORMA AETHER
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
PIATTAFORMA AETHER
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
10
La Matrice di prodotto
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved11
La Matrice di prodotto
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedARCHITETTURA CLOUD Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
ARCHITETTURA CLOUD Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
ARCHITETTURA CLOUD Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved
ADAPTIVE DEFENSE 360
UN NUOVO MODELLO DI SICUREZZA
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedSICUREZZA RIDEFINITA
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedADAPTIVE DEFENSE 360 (AD 360)
Panda Adaptive Defense 360 soluzione di sicurezza degli
end-point cloud-based che che automatizza le attività di
prevenzione, rilevazione e gestione di sicurezza,
riducendo drasticamente la superficie di attacco agli endpoint.
Combina una serie completa di funzionalità EPP ed EDR in un
unico e snello agent. In aggiunta a ciò, due più che unici
Managed Services-as-Features, incluse nella soluzione:
100% Attestation Service
Threat Hunting and Investigation Service
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedIL MODELLO CORRENTE
... si basa sul rilevamento isolato di processi dannosi
noti, il che che significa:
• Tutte le attività sospette necessitano un controllo
più approfondito e vengono gestite case-by-case
Items sospetti necessitano di • I processi sconosciuti vengono autorizzati
questo e’ principalmente il motive per il quale gli
essere ispezionati più a fondo. hackers possono attaccare I Sistemi cosi
Gli unknowns vengono facilmente con una percentuale media di successo
molto elevata
autorizzati allá loro esecuzione
Suspicious More effort
More risk
Malware
unknown
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedL’APPROCCIO ADAPTIVE DEFENSE
Basato sulla classificazione di tutti i processi attivi
nella tua rete
• Ogni attivita’ legata a dei programmi viene
monitorata ed analizzata in tempo reale
• Ogni comportamento viene verificato dal servizio
gestito. L’amministratore non necesita di
Servizio gestito con visibilita’ aggiungere alcun tipo di ulteriore controllo
real-time ed analisi forense Livello Massimo di protezione, meno sforzi e
nessun rischio
All processes are
classified
Suspicious Managed Service
Zero Risk
Malware
Unknown
100% Attestation
Goodware Service
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedCOSA CI DIFFERENZIA
Adaptive Defense 360 si differenzia rispetto ad altrre soluzioni per le sue
capacita’ EDR totalmente automatizzate, grazie ai due Managed
Services-as-Features:
Servizio di attestazione al 100%
Servizio di Threat Hunting and Investigation
Panda Security 2019. Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedCOS’E’ IL SERVIZIO DI ATTESTAZIONE AL 100% ?
Risultato : I Malware vengono bloccati nella loro esecuzione. Gli Endpoints non vengono quindi danneggiati
All binaries are classified (MW/GW) The Service is part
of the solution:
Cloud-based Collective Intelligence No added
Live repository of MW&GW or hidden
costs
Behavioral, Static and Context Cloud-based ML
determines all binaries nature in real-time No
For each binary: 10,000 attributes delegation
100% classification of the all binaries
No
That is why endpoints are not infected by malware overwhelming
alerts
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedCLOUD-BASED MACHINE LEARNING
ML è un mezzo per raggiungere un fine: classificare il 100% dei processi e farlo su larga scala
• Il nostro cloud-based ML, il RANKER, e’ un insieme di
modelli. Ognuno progettato per prevedere la
classificazione di ogni processo con algoritmi di diversa
natura che lavorano con un set di flag.
• Il verdetto finale è una ponderazione dei risultati parziali.
• Questo insieme di modelli massimizza l'accuratezza e la
sicurezza dei risultati ML, dove 0 falsi positivi e la
massima fiducia sono prerequisiti mandatori
• The Models implementa una vasta gamma di algoritmi dai
più semplici, come algoritmi di somiglianza e alberi
decisionali a quelli più complessi, come reti neurali,
modello di apprendimento profondo.
• Migliaia di flag sono usati come input dai modelli che
variano da quelli statici, a quelli comportamentali, fino
a quelli contenutistici
Panda Security 2019. Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedSERVIZIO DI ATTESTAZIONE AL 100%
Sequenze di Tecnologie per classificare il 100% dei processi, ammettendo solo quelli certificati
Cloud Platform
Customers Technology Step 1 Step 2 Step 3 Step 4
Black Listing White Listing ML Classification Manual Classification
Detects
Based on
Local
Technologies: Results
Signatures,
Heuristics
Behavior
analysis, Anti-
exploit…
Events Storage
Events Stream
Historic Timeline
1As of 2019
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedSERVIZIO DI ATTESTAZIONE AL 100%
Tecnologie in sequenza per classificare il 100% dei processi, ammettendo solo quelli certificati
Cloud Platform
Customers Technology Step 1 Step 2 Step 3 Step 4
Black Listing White Listing ML Classification Manual Classification
Detects Known Malware Known Goodware
Collective Intelligence
Collective Intelligence
Based on 3.2 Billion 1 Known
2.3 Billion 1 Known MW
GW
Local
Technologies:
Signatures, Results 73,31% Automatic classification
Heuristics
Behavior
analysis, Anti-
exploit…
Cloud-based lookup
Events Storage
Historic Timeline
Events Stream
1As of 2019
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedSERVIZIO DI ATTESTAZIONE AL 100%
Tecnologie in sequenza per classificare il 100% dei processi, ammettendo solo quelli certificati
Cloud Platform
Customers Technology Step 1 Step 2 Step 3 Step 4
Black Listing White Listing ML Classification Manual Classification
Detects Known Malware Known Goodware Unknown Processes
c
Collective Intelligence
Collective Intelligence AD: Cloud-Based
Based on 3.2 Billion 1 Known
2.3 Billion 1 Known MW Machine Learning
GW
Local
Technologies: 99.98% Automatic
Signatures, Results 73,31% Automatic classification
Heuristics
classification
Behavior
analysis, Anti-
exploit…
Cloud-based lookup
Events Storage
Historic Timeline
Events Stream
1As of 2019
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedSERVIZIO DI ATTESTAZIONE AL 100%
Tecnologie in sequenza per classificare il 100% dei processi, ammettendo solo quelli certificati
Cloud Platform
Customers Technology Step 1 Step 2 Step 3 Step 4
Black Listing White Listing ML Classification Manual Classification
Detects Known Malware Known Goodware Unknown Processes New Attack Patterns
c
Collective Intelligence
Collective Intelligence AD: Cloud-Based
Based on 3.2 Billion 1 Known AD: Malware Analysts
2.3 Billion 1 Known MW Machine Learning
GW
Local
Technologies: 99.98% Automatic 100% classification
Signatures, Results 73,31% Automatic classification
Heuristics
classification +0.02% Manual
Behavior
analysis, Anti-
exploit…
Cloud-based lookup
Events Storage
Historic Timeline
Events Stream
1As of 2019
Copyright ©2020. WatchGuard Technologies, Inc. All Rights Reserved27
DEMO FOCUS POINT
Luca Settino
Sales Engineer – luca.settino@watchguard.com
Copyright ©2020. WatchGuard Technologies, Inc. All Rights ReservedPuoi anche leggere
