Tim Davidson System Engineer

Slides:



Advertisements
Similar presentations
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
Advertisements

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Year 6 mental test 5 second questions
A Practical Approach to Advanced Threat Detection and Prevention
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye
© 2009 VMware Inc. All rights reserved View Pool Image Configuration Considerations for Gold Images around Application virtualization and performance.
Palo Alto Networks Jay Flanyak Channel Business Manager
FireEye Architecture & Technology Full Spectrum Kill-chain Visibility
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
1 Bitdefender 2013 Virtualization Security Understanding The Impact.
Addition 1’s to 20.
25 seconds left…...
Security Life Cycle for Advanced Threats
What’s New in WatchGuard Dimension v1.2
Week 1.
Number bonds to 10,
We will resume in: 25 Minutes.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.
APT29 HAMMERTOSS Jayakrishnan M.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Lit Space Monitoring for Botnets Stuart Staniford Chief Scientist 1/21/2008.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Sky Advanced Threat Prevention
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
1Copyright © 2015 Blue Coat Systems Inc. All Rights Reserved. BLUE COAT SYSTEMS CORPORATE OVERVIEW May 2015.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.
Understanding and breaking the cyber kill chain
Proactive Incident Response
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Exchange Online Advanced Threat Protection
Real-time protection for web sites and web apps against ATTACKS
Jon Peppler, Menlo Security Channels
Exchange Online Advanced Threat Protection
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
The Next Generation Cyber Security in the 4th Industrial Revolution
Secure once, run anywhere Simplify your security with Sophos
Presentation transcript:

Tim Davidson System Engineer Malware Pandemic? Sometimes getting a shot only treats the symptoms and not the cause… Tim Davidson System Engineer

Agenda Changing Threat Landscape Why Traditional Defenses Fail? Introducing the FireEye Platform FireEye Advantage

Changing Threat Landscape

Changing Threat Landscape – Advanced Persistent Threats (APTs) Leverages spectrum of exploits Well-known and zero-day vulnerabilities Multi-pronged Advanced Goal oriented rather than opportunistic Targeted attacks Well-planned – low and slow Persistent Organized, well-funded adversaries Nation-states, cyber-espionage groups Stealthy and camouflaged attacks Threats The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted MODERN Stealthy Unknown and Zero Day Targeted Persistent Well-funded syndicates Advanced Persistent Threats Open Known and Patchable Broad One Time Individuals LEGACY

High Profile Targeted Attacks 3 minutes On average, malware activities take place once every 3 minutes 184 countries, 41% Over the past year, FireEye captured callbacks to 184 countries, a 41% rise 46% Asia (China, Korea, India, Japan, Hong Kong) accounts for 24% callbacks Eastern Europe (Russia, Poland, Romania, Ukraine, Kazakhstan, Latvia) accounts for 22% Technology companies Technology companies experienced highest rate of callback activity 89% 89% of callback activities linked with APT tools made in China or Chinese hacker groups Source: FireEye Advanced Threat Report, March 2013

Significant Compromise Still Exists! Percent of Deployments Infections/Weeks at Normalized Bandwidth 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 98.5% of deployments see at least 10 incidents*/week/Gbps 1 Gbps Average is about 221 incidents*/week 20% of deployments have thousands of incidents*/week 100,000 10,000 1,000 100 10 Source: FireEye Advanced Threat Report, March, 2013 221 Average Net New Incidents Per Week at Only 1 Gbps! * An incident is beyond inbound malware – it includes an exploit and callback

Why Traditional Defenses Fail

What’s causing the compromise? Dynamic, Polymorphic Malware Coordinated Persistent Threat Actors NEW THREAT LANDSCAPE Multi-Vector Attacks Multi-Staged Attacks

The Attack Life Cycle – Multiple Stages Compromised Web server, or Web 2.0 site 1 Callback Server 1 Exploitation of system 4 Exploit detection is critical All subsequent stages can be hidden or obfuscated 2 Malware executable download 3 Callbacks and control established File Share 2 IPS 5 4 Data exfiltration File Share 1 2 3 5 Malware spreads laterally

Traditional Defenses Don’t Work The new breed of attacks evade signature-based defenses IPS Anti-Spam Gateways Firewalls/ NGFW Secure Web Gateways And what do they all have in common? The attacks are targeted, persistent and unknown, enabling them to evade traditional signature-based defenses. Traditional or next generation firewalls, IPS, gateways or AV. It doesn’t matter. They are all completely defenseless in the face of these new attacks. Desktop AV

The Enterprise Security Hole Attack Vector NGFW FW Web-Based Attacks IPS SECURITY HOLE Spear Phishing Emails Malicious Files SWG AV

Legacy Pattern-Matching Detection Model New Virtual Execution Model A New Model is Required Legacy Pattern-Matching Detection Model New Virtual Execution Model MATCH 100100111001010101010110 MATCH 100100111001010101010110 101011010101101000101110001101010101011001101111100101011001001001001000 100100111001010101010110 110100101101011010101000 Signature-Based Reactive Only known threats Many false negatives Signature-less Dynamic, real-time Known/unknown threats Minimal false positives

Introducing the FireEye Platform

FireEye Platform: Next Generation Threat Protection Dynamic Threat Intelligence (CLOUD) Multi-Vector Virtual Execution engine Dynamic Threat Intelligence (ENTERPRISE) Technology Interoperability Ecosystem Partners

FireEye Platform: Multi-Vector Virtual Execution (MVX) Email MPS 2 Inbound 1 SMTP CMS 3 MVX 6 Outbound 4 HTTP 5 Callback Server 1 – Email with weaponized pdf 2 – Executed in MVX (Email MPS) – phish suspected 3 – Web MPS notified via CMS 4 – Callback over HTTP to C&C server 5 – Callback detected by Web MPS and blocked 6 – End user defended from multi-vector attack Web MPS Multi-vector blended attack

FireEye Platform: Multi-Flow Virtual Execution File-oriented sandboxing can be easily evaded by malware Lack of virtually executing flows vs. file-based approach Lack of capturing and analyzing flows across multiple vectors FireEye uses multi-vector, multi-flow analysis to understand the full context of today’s cyber attacks Stateful attack analysis shows the entire attack life cycle Enables FireEye to disrupt each stage and neutralize attack Callback Server Infection Server Malware Executable Data Exfiltration Exploit Callbacks Downloads

FireEye Platform: Dynamic Threat Intelligence Anonymized Malware Metadata Anonymized Malware Metadata DTI Cloud Enterprise 2 DTI Enterprise Ecosystem Partners Enterprise 1 Ecosystem Partners DTI Enterprise Enterprise 3 Ecosystem Partners DTI Enterprise

FireEye Advantage

FireEye Platform Advantage 1. Thousands of Permutations (files, OS, browser, apps) 2. Multi-flow analysis 3. Multi-vector analysis 4. Correlation of information 5. Cloud Sharing 6. Time to protection Local Loop MVX MVX Dynamic Threat Intelligence (DTI) Threat Protection Fabric Single Enterprise Cross Enterprise

Sandbox Approach (Cloud) File-oriented sandbox - evasion 1. Thousands of Permutations (files, OS, browser, apps) 2. Multi-flow analysis 3. Multi-vector analysis 4. Correlation of information 5. Cloud Sharing 6. Time to protection Single file Sandbox in the cloud Privacy violation Compliance and regulation violation Latency issues Single vector partial hours or days

Sandbox Approach (On-Premises) File-oriented sandbox 1. Thousands of Permutations (files, OS, browser, apps) 2. Multi-flow analysis 3. Multi-vector analysis 4. Correlation of information 5. Cloud Sharing 6. Time to protection Sandbox (On-Premises) Malware can easily circumvent generic sandbox File-based sandbox misses the exploit detection phase No flow causes lack of stateful malware analysis Single file Single vector Hashes: limited value Non-realtime

Key Takeaways Changing Threat Landscape Advanced Persistent Threats Traditional Defenses Fall Short Exploit Detection is Critical File-oriented sandboxing does not detect exploits FireEye Platform MVX architecture DTI Cloud DTI Enterprise

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.