Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Slides:

Advertisements

Similar presentations

Next Generation Threat Protection

Advertisements

Nathan Labadie Systems Engineer, US-Central FireEye

Palo Alto Networks Jay Flanyak Channel Business Manager

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

Tim Davidson System Engineer

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

By Hiranmayi Pai Neeraj Jain

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Next Generation Threat Protection

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

IBM Security Network Protection (XGS)

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.

Norman SecureSurf Protect your users when surfing the Internet.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals Preventing the next breach or discovering the one.

APT29 HAMMERTOSS Jayakrishnan M.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

The Changing World of Endpoint Protection

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Network security Product Group 2 McAfee Network Security Platform.

Copyright 2009 Trend Micro Inc. Beyond AV security, now with DLP and web protection. Trend Micro PortalProtect SharePoint Security.

Advanced Persistent Threats (APT) Sasha Browning.

Sky Advanced Threat Prevention

Threat Landscape Ryan Kane – SWAT Specialist - Secure Wireless, & Access Technologies Data Connectors ABQ December 2015.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks

2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Introducing Dell SonicWALL Capture Advanced Threat Protection Service

Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

Understanding and breaking the cyber kill chain

Barracuda Advanced Threat Detection

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Exchange Online Advanced Threat Protection

Ilija Jovičić Sophos Consultant.

TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊

Jon Peppler, Menlo Security Channels

Exchange Online Advanced Threat Protection

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

The Next Generation Cyber Security in the 4th Industrial Revolution

Introduction to Symantec Security Service

Presentation transcript:

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 Company Overview The leader in stopping advanced targeted attacks Marquee customers across every industry –Top banks, hi-tech, oil and gas, government –All major Internet search engines, top social networks, and auction sites One of the fastest growing enterprise technology companies in the world

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Manufacturing Hit Worst

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Don’t Take Usual Vacations ( Attacks)

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7

8 Chinese Hacking Methodology

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Chinese Hacking Methodology - Translated

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Characteristics of Malware Stealth Level Ranges from High to Low Target Vulnerability Unpatched machines, plug-ins, browsers Intended victim(s) Specific victims - using Spearphishing Objectives Theft? Disruption? Fear?

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 High Profile APT Attacks Are Increasingly Common

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKA—Advanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 The Enterprise Security Hole Web-based Attacks NGFW FW IPS SWG AV Attack Vector SECURITY HOLE Malicious Files Spear Phishing s

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Traditional Defenses Don’t Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 Typical Enterprise Security Architecture Firewalls/ NGFW Block IP/port connections, application-level control, no visibility into exploits and ineffective vs. advanced targeted attacks IPS Attack-signature based detection, shallow application analysis, high- false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script-based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature-based detection (some behavioral); no true spear phishing protection Desktop AVDesktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing s Multi-Vector Delivered via Web or Blended attacks with containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 FireEye Malware-VM™ Filter Phase 1: Aggressive capture heuristics  Deploys out-of-band/passive or inline  Multi-protocol capture of HTML, files (e.g. PDF), & EXEs  Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis  Confirmation of malicious attacks  Removal of false positives Phase 3: Block Call Back  Stop data/asset theft XML/SNMP alerts on infections as well as C&C destinations Global loop sharing into MAX Cloud Intelligence Fast Path Real-time Blocking in Appliance Phase 3

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 The FireEye Difference Multi-Vector Protection Protection against Web attacks Protection against attacks Protection against file-based attacks Multi-Stage Protection Inbound zero-day exploit detection Outbound malware callback blocking Malware binary payload analysis Latent malware quarantine Multi- Vector Multi- Stage

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Multi-Vector Protection Blended Web/ Threats Internal Lateral Movement of Threats Web Threats Threats CMS

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 LATERAL SPREAD Multi-Staged Attack Pieces Connected Point Products WEB EXPLOIT MALWARE EXECUTABLE DOWNLOAD CALLBACK WEB OR EXPLOIT MALWARE EXECUTABLE DOWNLOAD DATA EXFILTRATION CALLBACK LATERAL MOVEMENT DATA EXFILTRATION

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 Inline blocking both inbound and outbound Advanced content analysis (PDF, JavaScript, URLs) Models up to 1 Gbps at microseconds latency FEATURES Web Malware Protection System Inline, real-time, signature-less malware protection at near-zero false positives Analyzes all web objects, e.g., web pages, flash, PDF, Office docs and executables Blocks malicious callbacks terminating data exfiltration across protocols Dynamically generates zero-day malware and malicious URL security content and shares through Malware Protection Cloud network Integration with and File MPS and MAS for real-time callback channel blocking

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Supports large range of file types (PDF, Office formats, ZIP, etc.) Attachment analysis URL analysis Correlation of malicious URLs to s at the CMS FEATURES Malware Protection System Protection against spear phishing and blended attacks Analyzes all s for malicious attachments and URLs In-line MTA active security or SPAN/BCC for monitoring Brute-force analysis of all attachments in VX Engine Web MPS integration for malicious URL analysis/blocking Web MPS integration for blocking of newly discovered callback channels

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: MPS Attachments URL Analysis

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Protecting Against Blended Threats Secures Against Attacks Using URLs in High priority URL analysis through Web MPS VX engine Web MPS integration for correlation of malicious URL with spear phished message Web MPS integration for blocking of newly discovered callback channels Central Management System Web MPS MPS

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 File Malware Protection System Supports large range of file types (PDF, Office, ZIP, etc.) CIFS support Malicious file quarantine Integration via CMS FEATURES Protects file sharing servers from latent malware Addresses malware brought into the network via web or or file sharing as well as other manual means Detects the lateral spread of malware through network file shares Continuous and incremental network file share analysis Web MPS integration for blocking of newly discovered callback channels

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: MPS Attachments URL Analysis PHASE 1: FILE MPS Network File Shares

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Multi-Layered Threat Intelligence Sharing Local Sharing Seconds Internal Feedback Loop Web MPS Cross-Enterprise Sharing Central Management System Global Sharing Cross-Enterprise Web MPS Deployment Many 3 rd party Feeds Validated by FireEye Technology

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 31 Summary Pace of advanced targeted attacks is accelerating, affecting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and gateways) no longer stop these attacks Real-time, integrated signature- less solution is required across Web, and file attack vectors FireEye has engineered the most advanced threat protection to supplement traditional defenses and stop advanced targeted attacks Complete Protection Against Advanced Targeted Attacks Web Malware Protection System Malware Protection System File Malware Protection System

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 32 Enjoy the rest of the show! Thank You!