1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Advertisements

Nathan Labadie Systems Engineer, US-Central FireEye

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

By Hiranmayi Pai Neeraj Jain

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

David Flournoy Bit9 Mid-Atlantic Regional Manager

Cyber Security Discussion Craig D’Abreo – VP Security Operations.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Intrusion Detection Systems and Practices

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Advanced Persistent Threats CS461/ECE422 Spring 2012.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Cyber Crime Tanmay S Dikshit.

BotNet Detection Techniques By Shreyas Sali

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Network security Product Group 2 McAfee Network Security Platform.

Sky Advanced Threat Prevention

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Role Of Network IDS in Network Perimeter Defense.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Final Project: Advanced Security Blade IPS and DLP blades.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Understanding and breaking the cyber kill chain

Proactive Incident Response

Exchange Online Advanced Threat Protection

Sophos Intercept Next-Gen Endpoint Protection

Ilija Jovičić Sophos Consultant.

Adversary playbook.

Real-time protection for web sites and web apps against ATTACKS

Faizel Lakhani | President & COO

Intelligence Driven Defense, The Next Generation SOC

TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊

Sophos Intercept Next-Gen Endpoint Protection

ADVANCED PERSISTENT THREATS (APTs) - Simulation

Exchange Online Advanced Threat Protection

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Home Internet Vulnerabilities

Skybox Cyber Security Best Practices

Security as Risk Management

Chapter 4: Protecting the Organization

Intrusion Detection system

Data Mining & Machine Learning Lab

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

Using Software Restriction Policies

Presentation transcript:

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta

2© Copyright 2011 EMC Corporation. All rights reserved. Defining APT Evolution of threat models Intention of such threats How to gear up for such a threat Agenda

3© Copyright 2011 EMC Corporation. All rights reserved. What is APT Advanced –Sophisticated. –Targeted. –With a purpose. Persistent –Continued efforts to achieve the goal. –Month after month, even years. Threat –Are resourceful, capable. –Are determined to achieve the goals.

4© Copyright 2011 EMC Corporation. All rights reserved. Intrusion kill chain Different Stages ReconnaissanceResearch, identification and selection of targets. WeaponizationCoupling a remote access Trojan with an exploit into a deliverable payload. DeliveryTransmission of weapon into the target network. ExploitationOnce a weapon is delivered, the intruders code exploits a vulnerability of an application OR operating system. InstallationInstallation of remote access Trojan, allows backdoor entry. Command and ControlCompromised host forms a channel to controlled servers. Actions on objectivesOnce the above phases are complete, intruders take actions to achieve original goal. Chain is a series of process such as find, fix, track, target, engage and assess. So find the targets for engagement, fix their location, track and keep an eye, target with suitable weapon, engage, assess the effects. This is called a chain because any interruption breaks the entire process.

5© Copyright 2011 EMC Corporation. All rights reserved. Differentiator, evolution of threats Traditional Virus/MalwareAPT Target random networks/hosts.Target specific network/hosts. Probably of getting detected are high by AV as their signatures get detected. Combination of malware used, signatures go undetected because of this. The effects become visible over a period of time, as large network/hosts get infected. The idea is to lay low over a significant period of time. A good firewall OR intrusion detection system can prevent entry by signature checking. Carrier is mostly through content, which uses well known ports (80, 443 etc.) and known protocol http, https etc.

6© Copyright 2011 EMC Corporation. All rights reserved. Different techniques used in an APT Spear phishing s Social engineering s

7© Copyright 2011 EMC Corporation. All rights reserved. Different techniques used in an APT Zero Day exploits

8© Copyright 2011 EMC Corporation. All rights reserved. Am I a APT victim, how to gear up? How to figure out you are a victim of APT attack? What to look out for? May get unnoticed by a single AV/IDS. Analyzing network layered packets is good way to start. Log analyses from various sources with co-relation should help. Monitoring end points for suspicious behavior. Good asset management should be in place, guard critical systems. Monitoring critical asset’s is very important. Finding needle in a hay stack.

9© Copyright 2011 EMC Corporation. All rights reserved. Am I a APT victim, how to gear up? What to look out for? Multi layered defense is needed. We are moving towards intelligence driven security systems.

10© Copyright 2011 EMC Corporation. All rights reserved. RSA Security Analytics RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to one with better visibility, analysis, and workflow