Cisco Security Experts Series: Ransom Where Everywhere: Breaking Down the Ransomware
|
|
- Kelley Cole
- 7 years ago
- Views:
Transcription
1 Cisco Security Experts Series: Ransom Where Everywhere: Breaking Down the Ransomware Andrew Edwards / Rob Gregg Cyber Cisco July 6th, 2016
2 Better Security Visibility Securing the Mobile Enterprise Protect Against Advanced Malware Improve Results with Security Services Harden and Segment the Network Security as a Network Driver 2
3 Effective Security Is Delivered When The Pieces Work Together. Seamlessly. Our goal is to make security less complex by providing a best of breed portfolio that s deeply integrated and delivers solutions that are superb individually, but vastly more powerful when used together. 3
4 Security For Ransomware In , ransomware uses phishing or spam messages to gain a foothold. Users merely have to click links in phishing or spam or open attachments for ransomware to download and call out to its command-and- control server Cisco Security with Advanced Malware Protection (AMP)blocks spam and phishing s and malicious attachments and URLs.
5 Cisco Security Benefits Threat-Focus With Cisco, a substantial reduction in total cost of ownership and the new features to battle viruses and spam [are] a reality. Kenichi Tabata Komatsu. Ltd. Japan Signature and behavioral layers of defense built-into single appliance Multiple anti-spam engines, and Web Reputation, multiple AV-Scanners, and Outbreak Filters Exceptional threat identification infrastructure using Cisco s Talos Research Group Zero-day and blended threat protection Advanced Malware Protection
6 To Defend Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate WWW Web Endpoint Mobile Virtual Cloud Network Point-in-Time Continuous
7 Cisco Security Overview Talos Cloud Appliance Virtual Incoming Threat BEFORE DURING AFTER Reputation Mail Flow Policies Acceptance Controls Anti-Spam Anti-Virus AMP File Reputation Graymail Management Content Controls Outbreak Filters AMP File Sandboxing and Retrospection Inbound ThreatGrid Safe Unsubscribe URL Rep & Cat Anti-Phish WIT Tracking User Click Activity (Anti-Phish) X X X X X X X X HQ Admin Management Reporting Message Track
8 Cisco Security Integration with Threat Intelligence Built on Unmatched Collective Security Analytics Threat Intelligence I00I III0I III00II 0II00II I0I I000 0II0 00 0III000 II Cisco III000III0 I00I II0I III Talos Research Response III0 I00I II0I III00II 0II00II II0 00 0III000 III0I00II II II0000I II0 100I II0I III00II 0II00II I0I000 0II0 00 WWW Endpoints Web Networks IPS Devices 1.6 Million Global Sensors 100 TB of Data Received per Day 150 Million+ Deployed Endpoints 600+ Engineers, Technicians, and Researchers 35% Worldwide Traffic 13 Billion Web Requests 24 x 7 x 365 Operations 40+ Languages ESA 180,000+ file samples per day FireAMP community Advanced Microsoft a and industry disclosures Snort and ClamAV open source communities Honeypots Sourcefire AEGIS program Private and public threat feeds Dynamic analysis
9 Cisco Talos Reputation Database BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Spam Traps Complaint Reports IP Blacklists and Whitelists Message Composition Data Compromised Host Lists Website Composition Data Breadth and Quality of Data Make the Difference Global Volume Data Domain Blacklist and Safelists Other Data IP Reputation Score
10 Cisco Security Delivers Industry-Leading Inbound Security Threat Protection Data Security Anti-Spam Antivirus Data Loss Prevention Encryption Advanced Malware Protection (AMP) Outbreak Filters
11 Prevent Spoofing Attacks BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Forged Detection Incoming Mail: Good, Bad, Unknown FED Content Filter FED filter parameters: Exec name directory Cousin domain check LDAP query DMARC verification Other Actions Quarantined or Expose Spoofed Mail From Suspect Spoofs: Prepend with Warning, BCC, alternate destination, etc.
12 Antispam Defense in Depth BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Anti-Spam What Incoming Mail: Good, Bad, and Unknown Cisco Talos Suspicious Mail Is Rate Limited and Spam Filtered Who Where Cisco Anti-Spam How When > 99% catch rate < 1 in 1 million false positives Known Bad Mail Is Blocked Before It Enters the Network Choice of Scanning Engines to Suit Every Customer s Risk Posture
13 Antivirus Defense in Depth BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Antivirus What Who Where Cisco Anti-Spam IMS How When Anti-Spam Engines Antivirus Engines Choice of Anti-Virus Engines: Sophos, McAfee
14 Cisco Zero-Hour Malware Protection Advanced Malware Protection Cisco AMP integration File Reputation Known file reputation Reputation update File Sandboxing Advanced Malware Protection Unknown files are uploaded for sandboxing (archived, Windows PE, PDF, MS Office) Outbreak Filters
15 AMP Provides Continuous Retrospective Security BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Breadth and Control Points WWW Endpoints Web Network IPS Devices Telemetry Stream File Fingerprint and Metadata File and Network I/O Process Information Continuous Feed Continuous Analysis
16 Outbreak Filters Zero Hour URL and File Based Malware Protection BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Outbreak Filters Outbreak Filters Advantage Average lead time*: Over 13 hours Outbreaks blocked*: 291 outbreaks Total incremental protection*: Over 157 days Cisco Talos Dynamic Quarantine Virus Filter Advanced Malware Protection Outbreak Filters in Action Cloud Powered Zero- Hour Malware Detection Zero-Hour Virus and Malware Detection
17 Outbreak Filters Defend Against Blended Attacks BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Link Is Clicked Website Is Clean Cisco Security Dynamic, Real-Time Inspection via HTTP Cisco Talos Website Is Blocked The requested web page has been blocked Cisco and Web Security protects your organization s network from malicious software. Malware is designed to look like a legitimate or website which accesses your computer, hides itself in your system, and damages files.
18 Outstanding URL Defense Many Ways of Protecting End Users from Malicious or Inappropriate Links BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Contains URL Web Rep and/or Web Cat Send to Cloud Rewrite URL Analysis Cisco Talos Defang BLOCKEDwww.playboy. comblocked BLOCKEDwww.proxy.or gblocked Replace This URL is blocked by policy Automated with Outbreak Filters or Manual
19 Web Interaction Tracking Enabling Tracking of URLs Rewritten by Policy BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Filtering User A Rewritten URL: 2asyncfs.com Click Time: 09:23:25 12 Jan 2015 Re-write reason: Outbreak Action taken: Blocked App 1 App 2 App 3 App 5 User B Rewritten URL: 5asynxsf.com Click Time: 11:01:13 09 Mar 2015 Re-write reason: Policy Action taken: Allowed App 4 G App 6 App 7 Potentially Malicious URLs Rewritten URLs User C Rewritten URL: 8esynttp.com Click Time: 16:17:44 15 Jun 2015 Re-write reason: Outbreak Action taken: Blocked Monitor Users from a Single Pane of Glass
20 Mitigating one of Today s Most Significant Cyber Threats: Ransomware Rob Gregg Channel Systems Rob.gregg@cisco.com
21 YOUR FILES ARE ENCRYPTED 21
22 Ransomware Discoveries 24
23 Typical Ransomware Infection Infection Vector C2 Comms & Asymmetric Key Exchange Encryption of Files Request of Ransom 25
24 Encryption C&C Payment MSG NAME DNS IP NO C&C TOR PAYMENT Locky SamSam TeslaCrypt CryptoWall TorrentLocker PadCrypt CTB-Locker FAKBEN PayCrypt KeyRanger DNS DNS (TOR) DNS DNS DNS DNS (TOR) DNS DNS (TOR) DNS DNS
25 Ransomware Kill Chain in Detail User Clicks a Link or Malvertising Initial Exploit Using Angler Malicious Infrastructure Ransomware Payload Encryption Key C2 Infrastructure w/ Malicious Attachment Ransomware Payload 27
26 How Cisco Protects Customers from Ransomware Umbrella blocks the request NGFW blocks the connection Web or Security w/amp blocks the file Umbrella blocks the request NGFW blocks the connection Lancope detects the activity AMP for Endpoints blocks the file Umbrella blocks the request 28 Umbrella Next-Gen Firewall AMP Lancope
27 29 OpenDNS Technology Overview
28 Why leverage DNS to Detect and Block Threats most attacker C2 is initiated via DNS lookups with some non-web callbacks 15% of C2 bypasses Web ports 80 & 443 Storm Regin Pushdo/Cutwail Gh0st Lethic Seasalt (APT1) njrat NON-WEB C2 EXAMPLES Glooxmail (APT1) Zbot ZeroAccess Bifrose DarkComet Hesperbot Tinba Starsypound (APT1) Gameover Zeus Longrun (APT1) Citadel Kelihos PoisonIvy Biscuit (APT1) Bouncer (APT1) Tinba 91% of C2 can be blocked at the DNS layer IP DNS IP Lancope Research (now part of Cisco) 1 NON-WEB WEB Cisco AMP Threat Grid Research 2 millions of unique malware samples from small office LANs over 2 years millions of unique malware samples submitted to sandbox over 6 months NOTE1: Visual Investigations of Botnet Command and Control Behavior (link) malware reached out to 150,000 C2 servers over 100,000 TCP/UDP ports malware often used 866 (TCP) & 1018 (UDP) well known ports, 30 whereas legitimate traffic used 166 (TCP) & 19 (UDP) ports NOTE2: Forthcoming 2016 Cisco Annual Security Report 9% had IP connections only and/or legitimate DNS requests 91% had IP connections, which were preceded by malicious DNS lookups very few had no IP connections
29 Our Perspective Diverse Set of Data 80B Requests Per Day 65M Daily Active Users 160+ Countries 12K Enterprise Customers 31
30 Anatomy of a Cyber Attack Reconnaissance and Infrastructure Setup Domain Registration, IP, ASN Intel., Public / Private Announcements Monitor Adaption Based on Results Patient Zero Hit Target Expansion Wide-Scale Prevalence Defense Signatures Built
31 We See Where Attacks Are Staged using modern data analysis to surface threat activity in unique ways
32 34 Real World Example Blocking Locky
33 Feeling Locky? - Encrypts & renames the infected device s important files with.locky extension - Appx 90,000 victims per day [1] - Ransom ranges from BTC (1 BTC ~ 422 USD) - Linked to Dridex operators [1] Forbes Ransonware Crisis 35
34 Blocking Ransomware: Real World Example with a Locky Domain glslindia[.]com (detection Date: 15/03/2016) 36
35 Blocking Ransomware Locky: Real World Example These domains co-occurr Malware Download URL These domains share the same infrastructure 37 Domains in Red are automatically blocked by OpenDNS Hash of the malicious file downloaded from these domains
36 Blocking Ransomware Locky: Real World Example Infection Point 38 Before During After Current Malware distribution Point Next Malware Distribution Points Expose the attacker s infrastructure (Nameservers and IPs) to predict the next moves
37 Discover the Threats Before They Happen VT Link: (first VT submission: :51:45 three days after OpenDNS, see next slide) 39
38 UMBRELLA Enforcement Network security service protects any device, anywhere INVESTIGATE Intelligence Discover and predict attacks before they happen PRODUCTS & TECHNOLOGIES 40
39 What does OpenDNS Provide CATEGORY MALWARE C2 CALLBACK PHISHING CUSTOM (API) IDENTITY INTERNAL IP HOSTNAME AD USER HOSTNAME Umbrella (Enforcement) SECURITY LABS Investigate (Intelligence) STATUS & SCORES CO-OCCURRENCES RELATIONSHIPS ATTRIBUTIONS PATTERNS & GEOs DOMAIN, IP, ASN, , HASH API 41
40 Automate Security to Reduce Attack Dwell Time CUSTOMER & PARTNER COMMUNITY THREAT ANALYSIS & INTELLIGENCE UMBRELLA Enforcement & Visibility CUSTOMER files domains Automatically Pulls newly discovered malicious domains in minutes AMP Threat Grid - Cloud Logs or Blocks all Internet activity destined to these domains 48
41 Prevent and Contain Ransomware with Umbrella and AMP 50
42 Talos has developed a decryption tool to aid users whose files have been encrypted by TeslaCrypt ransomware. The Talos TeslaCrypt Decryption Tool is an open source command line utility for decrypting TeslaCrypt encrypted files so users files can be returned to their original state. 51
Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationCisco Email Security: Layered Protection from Blended Threats
Cisco Email Security: Layered Protection from Blended Threats Benefits Faster, more comprehensive email protection, often hours or days ahead of the competition The largest network of threat intelligence
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco Cloud Email Security Interoperability with Microsoft Office 365
White Paper Cisco Cloud Email Security Interoperability with Microsoft Office 365 We ve all been witness to the cloud evolution and the technologies that have been driven by moving operations and resources
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationC I S C O E M A I L S E C U R I T Y A P P L I A N C E
C I S C O E M A I L S E C U R I T Y A P P L I A N C E U R L F I L T E R I N G September 2015 Version 1.3 Tobias Mayer Consulting Systems Engineer The most current version of this document can be found
More informationCisco Web Security: Protection, Control, and Value
Cisco Web Security: Protection, Control, and Value Benefits Strong protection: Protects every device through a sophisticated global threat-intelligence infrastructure, which includes Cisco Talos Security
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationCisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015
Cisco Security Strategy Update Integrated Threat Defense Oct 28, 2015 Breaches are the New Normal FDA Wards of Security Flaw in Infusion Pump Cisco Confidential Cisco s Covers the Threat-Centric Entire
More informationSourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
More informationINCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe
INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN Albin Penič Technical Team Leader Eastern Europe Trend Micro 27 years focused on security software Headquartered
More informationCloud App Security. Tiberio Molino Sales Engineer
Cloud App Security Tiberio Molino Sales Engineer 2 Customer Challenges 3 Many Attacks Include Phishing Emails External Phishing attacks: May target specific individuals or companies Customer malware or
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationOffice 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.
Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information
More informationComprehensive Email Filtering. Whitepaper
Comprehensive Email Filtering Whitepaper Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email loses
More informationWhy Use Big Data for a Security Service?
Using Big Data for Good Advanced Malware Protection as a Cloud Service Gary Spiteri Security Engineer 17 July 2012 Why Use Big Data for a Security Service? Because the traditional way is broken Industry
More informationTrend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond
Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond Too many malware incidents >90% Targeted Attacks Start with Email Attackers: Target specific companies or individuals Research
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationWhen Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper
When Reputation is Not Enough Barracuda Email Security Gateway s Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level
More informationWhen Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling
When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationAddressing Advanced Web Threats. Addressing Advanced Web Threats: Protect Your Data and Brand
Addressing Advanced Web Threats: Protect Your Data and Brand What You Will Learn From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely on the
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationHow To Protect Your Email From Spam On A Barracuda Spam And Virus Firewall
Comprehensive Email Filtering: Barracuda Spam & Virus Firewall Safeguards Legitimate Email Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationMitigating Email Virus Attacks
White Paper Mitigating Email Virus Attacks Since the early 1990s, email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate communications.
More informationComprehensive Anti-Spam Service
Comprehensive Anti-Spam Service Chapter 1: Document Scope This document describes how to implement and manage the Comprehensive Anti-Spam Service. This document contains the following sections: Comprehensive
More informationComprehensive Email Filtering: Barracuda Spam Firewall Safeguards Legitimate Email
: Barracuda Firewall Safeguards Legitimate Email Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email
More informationSPEAR-PHISHING ATTACKS
SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT
More informationWhen Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper
When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationK7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109
K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS v.109 1 The Exchange environment is an important entry point by which a threat or security risk can enter into a network. K7 Mail Security is a complete
More informationCisco Email Security Appliances
Data Sheet Cisco Email Security Appliances Product Overview Over the past 20 years, email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationWEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW
WEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW Challenge The nature of email threats has changed over the past few years. Gone are the days when email security, better known as anti-spam, was primarily tasked
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationDeploying Next Generation Firewall with ASA and Firepower services
Deploying Next Generation Firewall with ASA and Firepower services Dragan Novaković Security Consulting Systems Engineer March 2015. Threat Landscape Demands more than Application Control 60% of data is
More informationIT Sicherheit im Web 2.0 Zeitalter
IT Sicherheit im Web 2.0 Zeitalter Dirk Beste Consulting System Engineer 1 IT Sicherheit im Web 2.0 Zeitalter Cisco SIO und Global Threat Correlation Nach dem Webinar sollte der Zuhörer in der Lage sein:
More informationDeploying Layered Email Security. What is Layered Email Security?
Deploying Layered Email Security This paper is intended for users of Websense Email Security who want to add Websense Hosted Email Security to deploy a layered email security solution. In this paper: Review
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationEmail Migration Project Plan for Cisco Cloud Email Security
Sales Tool Email Migration Project Plan for Cisco Cloud Email Security 2014 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Conf idential. For Channel Partner use only. Not f
More informationHope is not a strategy. Jérôme Bei
Hope is not a strategy Jérôme Bei Press Highlights Conficker hits German Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Customer Records lost! About 1.000.000 pieces of Malware
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationCisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi
Cisco and Sourcefire AGILE SECURITY : Security for the Real World Stefano Volpi SOURCEfire Worldwide John Chambers statement Security is the TOP issue for Cisco and many of the CIO s in the industry. We
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection CONTAIN IDENTIFY CONTROL Nick Keller Director Federal Civilian Sales Duncker Candle Problem Solution Creativity, Change the Paradigm Why listen to me? Connect these 3 Companies
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationZscaler Cloud Web Gateway Test
Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the
More informationOne Minute in Cyber Security
Next Presentation begins at 15:30 One Minute in Cyber Security Simon Bryden Overview Overview of threat landscape Current trends Challenges facing security vendors Focus on malware analysis The year? The
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationSystem Compatibility. Enhancements. Operating Systems. Hardware Requirements. Email Security
Email Security SonicWALL Email Security 7.0 for Microsoft Small Business Server System Compatibility SonicWALL Email Security 7.0 Software is supported on systems with the following: Operating Systems
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationCisco Email Security Appliance Keeps your Critical Business Email Safe
Solution Overview Cisco Email Security Appliance Keeps your Critical Business Email Safe BENEFITS Faster, more comprehensive emailprotection often hours or days ahead of the competition The largest network
More informationEuropean developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules
Cloud Email Firewall Maximum email availability and protection against phishing and advanced threats. If the company email is not protected then the information is not safe Cloud Email Firewall is a solution
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationData Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control
Award-winning messaging security for inbound protection and outbound control Overview The delivers inbound and outbound messaging security for email and IM, with effective and accurate antispam and antivirus
More informationSimple security is better security Or: How complexity became the biggest security threat
Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationTRITON APX. Websense TRITON APX
TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationAdaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSolution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores
Solution Brief Aerohive and OpenDNS Advanced Network Security for Retail Stores Introduction Protecting your retail business requires security for all users and devices connected to the network, regardless
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationSecurity Intelligence Blacklisting
The following topics provide an overview of Security Intelligence, including use for blacklisting and whitelisting traffic and basic configuration. Security Intelligence Basics, page 1 Security Intelligence
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationCopyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.
PureMessage for Microsoft Exchange protects Microsoft Exchange servers and Windows gateways against email borne threats such as from spam, phishing, viruses, spyware. In addition, it controls information
More informationWHAT S NEW IN WEBSENSE TRITON RELEASE 7.8
WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8 Overview Global organizations are constantly battling with advanced persistent threats (APTs) and targeted attacks focused on extracting intellectual property
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationTrend Micro Hosted Email Security. Best Practice Guide
Trend Micro Hosted Email Security Best Practice Guide Hosted Email Security Best Practice Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products described
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationWhatWorks in Detecting and Blocking Advanced Threats:
WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationNext Generation Firewalls and Sandboxing
Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More information