Download presentation
Presentation is loading. Please wait.
Published byStanley Blankenship Modified over 9 years ago
1
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager
2
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 The Acceleration of Advanced Targeted Attacks # of threats are up 5X Nature of threats changing –From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating –High profile victims common (e.g., RSA, Symantec, Google) –Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 20042006200820102012 Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Worms Viruses Disruption Spyware/ Bots Cybercrime Cyber-espionage and Cybercrime Damage of Attacks
3
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 High Profile Attacks are Increasingly Common By Ben Elgin, Dune Lawrence & Michael Riley - Nov 4, 2012 6:01 PM ET Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time. Coke Gets Hacked And Doesn’t Tell Anyone
4
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We are Only Seeing the Tip of the Iceberg Headline Grabbing Attacks Thousands More Below the Surface APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks
5
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Traditional Defenses Don’t Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways
6
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKA—Advanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted
7
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Malware Infection Lifecycle Desktop antivirus Losing the threat arms race Compromised Web server, or Web 2.0 site Callback Server Perimeter Security Signature, rule-based Other gateway List-based, signatures System gets exploited Drive-by attacks in casual browsing Links in Targeted Emails Attachments in Targeted Emails Dropper malware installs First step to establish control Calls back out to criminal servers Found on compromised sites, and Web 2.0, user-created content sites Malicious data theft & long- term control established Uploads data stolen via keyloggers, Trojans, bots, & file grabbers One exploit leads to dozens of infections on same system Criminals have built long-term control mechanisms into system 33 22 11 Anti- spam DMZ Email Servers
8
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 Malware Analysis What types of Malware Analysis should you do? Malware Analysis Static Analysis SignatureHeuristics Dynamic Analysis Discrete Object analysis Contextual Analysis
9
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Case Study: Operation Aurora Infection Cycle Desktop antivirus Losing the threat arms race Malicious Web server Callback Server System gets exploited Social engineering Obfuscated JavaScript code Exploited IE 6 zero-day vulnerability Web server delivers malware Servers mapped by dynamic DNS XOR encoded malware EXE delivered No Signatures Malware calls home & long-term control established Complete control of infected system Further payloads downloaded C&C located in Taiwan Using outbound port 443 (SSL) 33 22 11
10
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Captured Aurora on Day Zero Signature-less detection of zero-day attack Decryption routine for “a.exe” Malicious binary download posing as JPG
11
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Captured Aurora on Day Zero Decryption complete. MD5 of Hydraq.Trojan Hydraq callback captured
12
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 Requirements for APT Detection / Protection 1. Dynamic defenses to stop targeted, zero-day attacks 2. Real-time protection to block data exfiltration attempts 3. Accurate, low false positive rates 4. Global intelligence on advanced threats to protect the local network
13
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 CORPORATE Over $825M in Revenue HQ in Chantilly, VA National Sales and Engineering Presence IS0 9001:2008 Certified for the Chantilly, VA, Largo, MD, and Kent, WA locations PEOPLE 350+ Employees More than 85% of Services Delivery Personnel Possess Government Clearances PMP and ITIL Professionals Skilled Pre-sales and Post-sales Engineers with Top-tier Certifications TECHNOLOGY MARKETS Commercial Department of Defense Federal Civilian Intelligence Strategic Manufacturer Partnerships Practice Disciplines Cloud Computing Collaboration Data Center Information Security Secure Mobility Network Infrastructure 13 Who is Iron Bow Technologies
14
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Past Performance Customer/ProjectIron Bow Technologies Activities Delivered a multi-vendor solution supporting the Army Top Layer Architecture (TLA). Solution provides IPS, firewall, web content filtering, and real-time forensic monitoring capabilities in a single integrated architecture. Architected and deployed a multi-factor authentication pilot to support worldwide access to critical business applications and information. The pilot involved critical integration points to core network services and expert knowledge transfer to enable local customer resources to expand the program subsequent to the pilot saving thousands in future services. Developed a solution to secure more than 2,000 mobile computing devices. Solution provided local device security hardening and centralized management across multiple computing tablet devices. Designed a solution to address web content filtering, application whitelisting, antivirus, and end-point security throughout the 128 site enterprise. The solution included centralized management of the entire security platform from a single console. Black Entertainment Television Booz Allen Hamilton U.S. Army NETCOM 14 Job Corps
15
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Thank You
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.