Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

Slides:



Advertisements
Similar presentations
Next Generation Threat Protection
Advertisements

Nathan Labadie Systems Engineer, US-Central FireEye
Tim Davidson System Engineer
The Threat Landscape Jan Threat Report 2.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director
Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.
APT29 HAMMERTOSS Jayakrishnan M.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Monitoring Malware at Runtime. From Last Lecture Malware authors use advanced coding for avoiding detection AnserverBot is a very sophisticate piece of.
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Fifth level June 10 th, 2009Event details (title,
表單 (Form)
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Exploiting Temporal Persistence to Detect Covert Botnet Channels Authors: Frederic Giroire, Jaideep Chandrashekar, Nina Taft… RAID 2009 Reporter: Jing.
© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.
Advanced Persistent Threats (APT) Sasha Browning.
Sky Advanced Threat Prevention
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Computer security: certification Frans Kaashoek Spring 2007.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.
2012 Malnet Report: Breaking the Vicious Cycle Grant Asplund Senior Technology Evangelist.
表單 (Form). … Ex. … method  method="get"  URL:  HTTP message entity: none  不可超過 256 個字元  method="post"
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
How to Make Cyber Threat Intelligence Actionable
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Fiddler and Your Website Robert Boedigheimer. About Me Web developer since 1995 Columnist for aspalliance.com Pluralsight Author 3 rd Degree Black Belt,
Lecture 4: Stateful Inspection, Advanced Protocols.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
“My Company's Intellectual Property Went to China and All I Got Was This Lousy Pink Slip” Defending Against Data-Exfiltrating Malware Joe Stewart, GCIH.
Understanding and breaking the cyber kill chain
Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain
BUILD SECURE PRODUCTS AND SERVICES
A Virtual Tour of SophosLabs Building next-generation protection
Exchange Online Advanced Threat Protection
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
Real-time protection for web sites and web apps against ATTACKS
Intelligence Driven Defense, The Next Generation SOC
TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊
Jon Peppler, Menlo Security Channels
Exchange Online Advanced Threat Protection
Cisco Dumps PDF Implementing Cisco Network Security RealExamCollection.com.
12/1/ :04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
The Next Generation Cyber Security in the 4th Industrial Revolution
Presentation transcript:

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 "We're moving towards a world where every attack is effectively zero-day… having a signatured piece of malware, that shouldn't be the foundation on which any security model works." - Chris Young, GVP Cisco Security Tech Week Europe, September 28 th 2012

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 High Profile APT Attacks Are Increasingly Common

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware binary download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 DMZ File Share 2 File Share 1

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Crimeware == for the $

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Persistent Threat == Human

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 This is Alex == FireEye Research

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 The Usual Suspects

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Organized…Persistent…

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Reconnaissance made easy…

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 The Exploit

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 LaserMotive

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 CEOs are targeted

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Could you stop this?

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 The Callback

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 Hidden in plain view…

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 Blog Post?

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 RSS Feed?

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 We’re Only Human

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 HR make for easy targets

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 Just doing my job…

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 NATO is a frequent spearphish target

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Global Unrest

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Who’s Oil is it?

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 The curious case of Trojan.Bisonal Targets 100% Japanese organizations Delivered via weaponized doc/xls files Embeds the target name into the command and control traffic

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Custom “Flag” and c2 domain GET /j/news.asp?id=* HTTP/1.1 User-Agent: flag:khi host:Business IP: OS:XPSP3 vm: �� proxy: �� Host: online.cleansite.us Cache-Control: no-cache GET /a.asp?id=* HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0;.NET CLR ;.NET CLR ;.NET CLR ) Host: khi.acmetoy.com Connection: Keep-Alive

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 Other “Flag”s seen flag:410maff <-- ministry of agriculture, forestry, and fisheries flag:1223 Flag:712mhi<-- mitsubishi heavy industries Flag:727x Flag:8080 Flag:84d flag:boat Flag:d2 Flag:dick flag:jsexe flag:jyt Flag:m615 flag:toray Flag:MARK 1 flag:nec01<-- nec corporation Flag:qqq flag:nids<-- national institute for defense studies (nids.go.jp) flag:nsc516<-- nippon steel corp flag:ihi<-- ihi corp

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 China is not the only threat

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware binary analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: MPS Attachments URL Analysis

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 31 Thank You! FireEye - Modern Malware Protection System

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.