Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Published byCaren Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye."— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 3 Company Overview The leader in stopping advanced targeted attacks Marquee customers across every industry –Top banks, hi-tech, oil and gas, government –All major Internet search engines, top social networks, and auction sites One of the fastest growing enterprise technology companies in the world

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Manufacturing Hit Worst

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Don’t Take Usual Vacations (Email Attacks)

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7

8 8 Chinese Hacking Methodology http://www.thedarkvisitor.com/2008/11/chinese-hacker-attack-flowchart/

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Chinese Hacking Methodology - Translated http://www.thedarkvisitor.com/2008/11/chinese-hacker-attack-flowchart/

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Characteristics of Malware Stealth Level Ranges from High to Low Target Vulnerability Unpatched machines, plug-ins, browsers Intended victim(s) Specific victims - using Spearphishing Objectives Theft? Disruption? Fear?

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 High Profile APT Attacks Are Increasingly Common

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKA—Advanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 The Enterprise Security Hole Web-based Attacks NGFW FW IPS SWG AV Attack Vector SECURITY HOLE Malicious Files Spear Phishing Emails

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Traditional Defenses Don’t Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

16 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 Typical Enterprise Security Architecture Firewalls/ NGFW Block IP/port connections, application-level control, no visibility into exploits and ineffective vs. advanced targeted attacks IPS Attack-signature based detection, shallow application analysis, high- false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script-based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature-based detection (some behavioral); no true spear phishing protection Desktop AVDesktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks

17 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing Emails Multi-Vector Delivered via Web or email Blended attacks with email containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

18 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

19 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 FireEye Malware-VM™ Filter Phase 1: Aggressive capture heuristics  Deploys out-of-band/passive or inline  Multi-protocol capture of HTML, files (e.g. PDF), & EXEs  Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis  Confirmation of malicious attacks  Removal of false positives Phase 3: Block Call Back  Stop data/asset theft XML/SNMP alerts on infections as well as C&C destinations Global loop sharing into MAX Cloud Intelligence Fast Path Real-time Blocking in Appliance Phase 3

20 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 The FireEye Difference Multi-Vector Protection Protection against Web attacks Protection against email attacks Protection against file-based attacks Multi-Stage Protection Inbound zero-day exploit detection Outbound malware callback blocking Malware binary payload analysis Latent malware quarantine Multi- Vector Multi- Stage

21 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Multi-Vector Protection Blended Web/Email Threats Internal Lateral Movement of Threats Web ThreatsEmail Threats CMS

22 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 LATERAL SPREAD Multi-Staged Attack Pieces Connected Point Products WEB EXPLOIT MALWARE EXECUTABLE DOWNLOAD CALLBACK WEB OR EMAIL EXPLOIT MALWARE EXECUTABLE DOWNLOAD DATA EXFILTRATION CALLBACK LATERAL MOVEMENT DATA EXFILTRATION

23 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 Inline blocking both inbound and outbound Advanced content analysis (PDF, JavaScript, URLs) Models up to 1 Gbps at microseconds latency FEATURES Web Malware Protection System Inline, real-time, signature-less malware protection at near-zero false positives Analyzes all web objects, e.g., web pages, flash, PDF, Office docs and executables Blocks malicious callbacks terminating data exfiltration across protocols Dynamically generates zero-day malware and malicious URL security content and shares through Malware Protection Cloud network Integration with Email and File MPS and MAS for real-time callback channel blocking http://

24 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications

25 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Supports large range of file types (PDF, Office formats, ZIP, etc.) Attachment analysis URL analysis Correlation of malicious URLs to emails at the CMS FEATURES Email Malware Protection System Protection against spear phishing and blended attacks Analyzes all emails for malicious attachments and URLs In-line MTA active security or SPAN/BCC for monitoring Brute-force analysis of all Email attachments in VX Engine Web MPS integration for malicious URL analysis/blocking Web MPS integration for blocking of newly discovered callback channels

26 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: E-MAIL MPS Email Attachments URL Analysis

27 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Protecting Against Blended Threats Secures Against Attacks Using URLs in Email High priority URL analysis through Web MPS VX engine Web MPS integration for correlation of malicious URL with spear phished email message Web MPS integration for blocking of newly discovered callback channels Central Management System Web MPSEmail MPS

28 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 File Malware Protection System Supports large range of file types (PDF, Office, ZIP, etc.) CIFS support Malicious file quarantine Integration via CMS FEATURES Protects file sharing servers from latent malware Addresses malware brought into the network via web or email or file sharing as well as other manual means Detects the lateral spread of malware through network file shares Continuous and incremental network file share analysis Web MPS integration for blocking of newly discovered callback channels

29 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: E-MAIL MPS Email Attachments URL Analysis PHASE 1: FILE MPS Network File Shares

30 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Multi-Layered Threat Intelligence Sharing Local Sharing Seconds Internal Feedback Loop Web MPS Cross-Enterprise Sharing Central Management System Global Sharing Cross-Enterprise Web MPS Deployment Many 3 rd party Feeds Validated by FireEye Technology

31 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 31 Summary Pace of advanced targeted attacks is accelerating, affecting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and gateways) no longer stop these attacks Real-time, integrated signature- less solution is required across Web, email and file attack vectors FireEye has engineered the most advanced threat protection to supplement traditional defenses and stop advanced targeted attacks Complete Protection Against Advanced Targeted Attacks Web Malware Protection System Email Malware Protection System File Malware Protection System

32 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 32 Enjoy the rest of the show! Thank You!

Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye."

Similar presentations

Next Generation Threat Protection

Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Tim Davidson System Engineer

Tim Davidson System Engineer
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection

Next Generation Threat Protection
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

Similar presentations

Ads by Google