Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Prevention anno 2012: Widening the IPS concept.

Published byMya Bramble Modified over 10 years ago

Similar presentations

Presentation on theme: "Intrusion Prevention anno 2012: Widening the IPS concept."— Presentation transcript:

1 Intrusion Prevention anno 2012: Widening the IPS concept

2 2 Traditional IDS/IPS doesnt cut it anymore… Blended attacks Application-focused attacks Oldies but Goodies still exist Nothing goes away. Ever. Survival instinct of applications much higher than before Built-in evasion techniques Must assume malicious activity occurs within trusted applications Lets take a closer look at some examples…

3 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet - Phishing Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the compromise of the integrity of the entire network.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. ZEUS/ZBOT Email contains link to false domain Credentials entered in to fake site BOT infection sent to user as a Facebook Security Update application User installs BOT and is now infected, all data is compromised Connection is then redirected to real Facebook site so user is not suspicious Prevalent today and sold as a crime kit. 3

4 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet – Legitimate Site Compromised Employee access a legitimate site, but it or one of its content providers has been compromised and is now hosting malicious code.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. FakeAV Botnet In 2009 the advertising network used by the New York Times was infected by a malicious flash advertisement Readers were accessing the NYT site but were provided with the infected advertisement This directed users to a site hosting the exploit code to install fake antivirus software.. 4

5 Threat Landscape-Blended Threat & Botnet Examples Targeted Attack – Spear Phishing Using social engineering to distribute emails with links to malware, the emails are relevant to the corporation being targeted. Infected documents (PDF, DOC, XLS) can use software exploits to infect systems. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. Kneber (Zeus) Botnet In 2010 a spear phishing attack on US.mil and.gov employees by a Zeus variant infected 50,000+ end systems Data stolen included: Corporate Login credentials Email and webmail access Online Banking sites Social Network credentials SSL Certificates 5

6 Threat Landscape-Blended Threat & Botnet Examples Ransomware Once installed is very difficult to reverse, files are encrypted, this isnt just based on the fear that something might happen, once you are reading the ransom note your data has already been encrypted. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. gpCode Ransomware Once installed searches hard drive for document and media files Files are encrypted with a 1024bit key which only the attacker has the decryption key Ransom note is displayed to user, system continues to operator but data is inaccessible Will encrypt xls, doc, pdf, txt, rar, zip, avi, jpg, mov, etc… 6

7 Addressing the Threat Landscape: Fortinets Next Generation Enterprise Security!

8 Beyond Application Identification Todays Network Security Requires Application Detection, Monitoring, and Control Allowing access to Web 2.0 applications has made enforcing data security policies far more complex User-created content embeds threats in content, pages, links, comments to blogs… Protection against effects of social media applications Data loss Threat propagation Bandwidth consumption Inappropriate use Endpoint to the Core Single pane of glass management for visibility & control 8

9 Life of a Packet with IPS enhancements DoS Policy Inspection addition Inspected first prior to firewall inspection DoS Policy Inspection Firewall Inspection IPS / App. Control AV / WF (Proxy) IN PASS Block (attack) Block (deny) Block (attack / disallowed application) Block (Virus / Web Content Block OUT 9 Fortinet Confidential **Internal view only**

10 Life of a Packet with IPS enhancements IPS & Application Control processing Then hand off to proxies engines DoS Policy Inspection Firewall Inspection IPS / App. Control AV / WF (Proxy) IN PASS Block (attack) Block (deny) Block (attack / disallowed application) Block (Virus / Web Content Block OUT 10 Fortinet Confidential **Internal view only**

11 Three Components Complete Content Protection Requires Identification Customizable list of approximately 2,000 apps, growing weekly Consolidated security: DLP, AV/AS, SSL Inspection, Endpoint protection Monitoring See whats in your network Control Granular control of behavior » Apps & features within apps » Users » Traffic 11

12 Identification Over 2,000 applications »More added every week »Category IM, P2P, Remote Access, Video, etc. »Ranked on popularity & risk »Independent of port, protocol, IP address »Decrypt encrypted traffic Including HTTPS, POP3S, SMTPS and IMAPS protocols 12

13 Identification - Application Botnet Category

14 Monitoring Understand whats in your network »Summary & detailed reports Application usage Behavior of user Bandwidth consumption »Visualization of trends, threats, and behaviors that put your network at risk 14

15 Control Granular control of behavior »Apps & features within apps Categories of apps Individual apps Actions within apps »Users Domain, groups, individual users »Traffic Prioritize Limit access by groups or users »Time of day »Day of week 15

16 Fortinet Confidential Real Threat Protection in Action Innocent Video Link: Redirects to malicious Website Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm Solution: Error message: Drops copy of itself on system and attempts to propagate Out of date Flash player error: Download malware file Problem:

17 17 Consolidated Security with Real Time Updates Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs. Application Control: Unwanted Services and P2P Limiting Botnet command channel, compromised Facebook applications, independent of port or protocol Web Filtering: Multiple categories and Malicious sites Botnet command, phishing, search poisoning, inappropriate content Antispam: Unsolicited messages Phishing, Malware, Social Engineering and Junk Antivirus: All malicious code Documents, macros, scripts, executables Delivered via Web, Email, USB, Instant messaging, social networks, etc Vulnerability Management: Real time exploit updates Multiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan

18 Thank You!

Download ppt "Intrusion Prevention anno 2012: Widening the IPS concept."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Next Generation Firewalls:

Next Generation Firewalls:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Threats To A Computer Network

Threats To A Computer Network
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google