The Ostrich Effect In Search Of A Realistic Model For Cybersecurity

Size: px
Start display at page:

Download "The Ostrich Effect In Search Of A Realistic Model For Cybersecurity"

Transcription

1 The Ostrich Effect In Search Of A Realistic Model For Cybersecurity 1

2 Contents Introduction 3 Threats Stealthy, Sophisticated & Successful 4 Operation Beebus 5 G20 Brisbane Redefining the Debate 6 Assurance 7 Staff Training & Education 7 A Risk Management Approach 8 A Better Approach to the Management of Threats 8 ASD Top 35 9

3 Introduction It could be argued that a huge range of choice, and the unrelenting promises of cyber security solutions from vendors, has led to IT security fatigue (even paralysis), with many organisations unsure of where to turn and what to do, resulting in poor cyber security arrangements. Added to this is what might be called organisational exceptionalism, namely the general perception, despite facts to the contrary, that it is other organisations which will be attacked and not one s own. However, the following analysis shows that both IT security fatigue and organisational exceptionalism are out of sync with the facts on the ground. Simply put, all organisations are susceptible to advanced malicious software, zero-day exploits, and targeted advanced persistent threat (APT) attacks. Traditional perimeter defences are no longer effective controls and are regularly bypassed as criminals focus on and web-based targeted attacks. These advanced attacks are difficult to stop, with traditional signature-based (that is, looking for the signature of the code) solutions like intrusion prevention systems and anti-virus identifying only already known threats. Advanced threats, using zero-day vulnerabilities often combined with spear phishing (tailored communications such as an or instant message directed at a specific individual or group of people who the attacker wishes to compromise) need to be detected and stopped in real time, or near real time. Zero-day means the exploit is used by attackers before it is known by the IT security industry and therefore are no software fixes nor signatures. In short, all aspects of an organisation, including technologies, people, and processes, may be vulnerable to compromise by sophisticated attackers. In spite of the clear evolution of threats, which have become more wide ranging in terms of vectors of attack, stealthiness and potential harm, many organisations still fail to protect themselves regardless of the array of products and services available. We hope that the following analysis will underscore why this posture should be re-examined and offer a path for how any cybersecurity shortcomings can be addressed.

4 Threats Stealthy, Sophisticated & Successful Organised online attackers, including those who act on behalf of nation states, are generally determined in their efforts and use many ways to mount their attacks. Their goals vary from stealing intellectual property to eavesdropping on sensitive communications. Attackers use a wide array of publicly available sources, such as organisational data available on social networking sites, company websites, and annual reports, to create highly targeted phishing s and malware targeted at the types of applications and operating systems (with all their vulnerabilities) typical in particular industries, particularly those in export facing markets. Web-based exploits often use documents containing malicious code which is also a sophisticated way to attack an organisation (this is sometimes referred to as a watering hole attack because the attacker sets up their trap at a place known to be frequented by their intended victim, and waits for them to visit the website). Once inside an organisation s IT systems, advanced malware, zero-day and targeted APT attacks will hide, replicate, and disable host protections. After it installs, it may phone home to it s command and control server for instructions, which could be to steal data, infect other endpoints, allow reconnaissance, or lie dormant until the attacker is ready to strike. The seriousness of these blended attack modes can not be under estimated. But how should an organisation prepare itself? And if already subject to an attack, what should they do? APTs are highly complex cyber attacks which are targeted, persistent, evasive and hard to detect. APTs often use multiple attack vectors to maximise their success. These attacks may play out in several phases over a long period of time; apply a complex mix of attack methods and target multiple vulnerabilities The ten countries that were most frequently targeted by APTs in 2013 were: Based on FireEye data from 2013, the top 10 countries targeted by APT actors are the following: 1. United States 3. Canada 5. United Kingdom 7. Switzerland 9. Saudi Arabia 2. South Korea 4. Japan 6. Germany 8. Taiwan 10. Israel (FireEye Advanced Threat Report ) 4

5 identified within the organisation. Cyber criminals target organisations dependent on their sector and the potential value of the information which lies within its systems. Organisations should seek threat intelligence such as new malicious software profiles, vulnerability exploits, and obfuscation tactics which are deployed across multiple threat vectors. They then need a systematic way to deal with these many issues, particularly the need for dynamic analysis to detect zero-day threats. The most common software targets for zero-day attacks in 2013 signatures to detect and remove threats. Which threats get detected and which signatures get subsequently created arises from evidence collected in the wild. A key aspect of targeted attacks is their ability to enter an organisation under the radar, while compromising networks, avoiding detection and remaining in place until they have done their job. Reputation-based threat intelligence networks can make false assumptions about potentially risky code and broadcast signatures. These systems rely heavily on signatures and known patterns of misbehaviour to identify and block threats. Operation Beebus Internet Explorer Java Flash Reader Exploiting a vulnerability in the Windows operating system, this campaign uses both and drive-by downloads as a means of infecting end users. The perpetrator uses attachment names of documents/white papers released by well-known companies as a hook. The malicious attachment exploits some common vulnerabilities in PDF and DOC files. Java has traditionally been a common focus for attackers in developing zero-day attacks as exploit development against Java is much easier than for most other programs. Older versions of browsers are susceptible to compromise with tell-tale signs including changes within a system that cannot be accounted for, such as new user accounts, executables and changed permissions. Many of these attacks are vocationally or regionally focused. It is expected browser based vulnerabilities will become more common. Conventional protections, like traditional and next-generation firewalls, intrusion prevention systems, anti-virus and web gateways are important but generally only scan for known inbound attacks. Traditional signature based security tools rely on reactive The malware communicates with a remote command and control server. This campaign has been targeting companies in the aerospace and defense verticals. These industries have rich data which requires an advanced threat protection solution that not only monitors cyber attacks from the outside in, but the inside out as well. If an organisation is unable to stop threats from entering through the web, , or the office front door, then effort needs to be placed in stopping them from communicating out and spreading further. 5

6 G20 Brisbane 2014 APT activity may be described as a campaign combining a series of attacks over time. In the lead up to the G20 in St Petersburg, 2013, a number of global diplomatic missions and ministries of foreign affairs were targeted in a cyber espionage campaign falsely advertising information updates about the crisis in Syria a focus of the G20 meeting. The attackers responsible were first identified in 2010 and have traditionally used spearphishing s with either a malware attachment or a link to a malicious download as their method of attack. In addition to the Syria-themed campaign, they also used a London Olympics-themed campaign in Cyber attackers routinely employ breaking news as targeted lures in an attempt to entice targets into clicking on malicious attachments. The 2014 G20 Leaders Summit will be held in November in Brisbane, Queensland. This will be the most significant meeting of world leaders that Australia has hosted with as many as 4,000 delegates and 3,000 media representatives expected to attend. Building on the St Petersburg summit, Australia s G20 Presidency will structure leaders discussion around the key themes of promoting stronger economic growth and employment outcomes, and making the global economy more resilient to deal with future shocks. The scope for targeted spear-phishing attacks to compromise government and private sector organisations involved with the series of G20 meetings is large. Once control is gained, attackers will conduct reconnaissance and move laterally through the compromised networks. Accordingly, diplomatic missions, including ministries of foreign affairs, are likely to be targeted by malware-based espionage campaigns in the lead up to this event. Redefining the Debate Achieving effective IT security is an ongoing process of gathering and sharing intelligence and responding to changing technology and conditions, whilst balancing security measures against functionality. This balance is critical to ensure business operations can efficiently take place against the trade-off of reducing cyber attacks. With the correct tools and techniques in place organisations can respond, mitigate and reduce their likelihood of a breach significantly. Top ten most targeted verticals, based on the number of unique APT-associated malware families. (FireEye Advanced Threat Report ) 6

7 Rather than focus on threat nomenclature and brochure-ware hype, organisations need to look closely at the industry they operate in and it s broader susceptibility to compromise from state sanctioned actors, organised cyber criminals, issue motivated groups and disgruntled current or former employees and contractors. They need to consider their current IT and physical security posture and take a risk-based approach to accurately identifying the controls they should put in place. There isn t a single path to take to increase the resilience of business assets to cyber threats. Organisations today need to explore a new threat protection model in which their defense-in-depth architecture incorporates a signature-less layer that specifically addresses the evolution of cyber attacks discussed in this paper. Assurance Assurance does not automatically imply good security, but provides a degree of confidence that security needs of a system are satisfied. It provides a level of certainty that controls have been implemented to reduce the anticipated risk. Assurance allows organisations to have a reasonable and prudent degree of trust in their software, hardware and data. An assurance framework will assist organisations to comply with relevant legislation, identify capability gaps, recognise opportunities for improvement, prioritise remediation activities, articulate and quantify organisational risk and evaluate the overall effectiveness of their security program. Staff Training & Education Rather than exploiting vulnerabilities in hardware or software, many targeted attacks exploit vulnerabilities in people, in what is known as social engineering. Advanced attacks use spear phishing; drive-by-downloads, where an attacker compromises a website in such a way where malicious software is surreptitiously installed on the computer of a visitor to the website; or watering hole attacks, where an attacker plants malware on a website most likely to be visited by a target organisation, using this as a stepping stone to compromise an organisation; as part of a multi-vector attack strategy. For example, intelligence may first be gathered by the attacker to determine the websites most frequently visited by employees of a target organisation, so that they may compromise those websites to host malicious code. This makes employees an equally important part of the security equation and a key component of defence-in-depth protocols. Staff need to be educated on the types of cyber attacks which may target them; how to recognise social engineering attempts; identification of sensitive business critical information and intellectual property; and how to report suspicious activity or unexpected behaviour. Rapidly changing technology, human error, poor requirement specifications, inadequate development processes and underestimating the threat all introduce challenges to achieving the right level of assurance. Staff training is more of an art than a science and must fit organisational culture as well as business requirements. 7

8 Successful programs need to integrate corporate policies and procedures; readily available security awareness resources, such as on a staff intranet; simple, yet consistent messaging; integration into other training & education; and, most importantly, sponsorship and adoption by senior management. A Risk Management Approach The process of risk management assists decision makers to make informed choices, to identify priorities and select the most appropriate action. Identifying advanced threats prior to their impact is becoming harder for many organisations. A well-executed and rehearsed response can more effectively contain damage and boost resilience to future attacks. A thorough approach to incident management can help organisations to develop proactive controls to reduce the number of incidents within their networks and more effectively and efficiently identify and respond to incidents through implementation of consistent solutions. Organisations should perform: Incident response gap analysis Incident response technical training Incident response dry run exercises Not only should organisations focus on the basics of secure system design, development and testing, they also need to extend their enterprise wide risk management framework to cyber security issues, thoroughly analysing the effect of uncertainty on the objectives of the business. CISO s need to consider the possibility of advanced cyber risks occurring, and apply risk treatment options to ensure that any uncertainty in their organisations operational requirements will be avoided, reduced or removed. A Better Approach to the Management of Threats The cyber landscape sees a constant evolution of the types of cyber attacks and how they are deployed in an attempt to circumvent IT security defences. Organisations are finding it harder to perform real-time threat detection along with the subsequent triage process. Automation enables this process and allows security teams to focus on containing, and resolving incidents. However, even with automation, they still need to monitor and react to the changing attack situations including live analysis and within a sandbox. A properly rehearsed plan, allowing for a strategic response, will allow for a more competent reaction, including identification of what criminals may be trying to do to a network and the types of information they are seeking. This will allow them to effectively update their information security policies and plans, assess business risks and proactively respond to information security incidents. Critical to the management of threats is the ability to determine the nature and extent of an incident, along with identifying the internal and external resources required to facilitate an investigation. Organisations should augment their security staff with incident response and forensic services to handle critical security incidents, resolve immediate issues and put long-term solutions in place to address systemic causes of the incident. 8

9 ASD Top 35 The Australian Signals Directorate on behalf of the Australian government, in acknowledging the threat to government departments, critical infrastructure organisations and the broader private sector, created a list of 35 mitigations, which if followed will greatly reduce the likelihood and impact of a cyber incident. Understanding the difficulty in implementing many of these measures and the fluidity of the ever changing online threat environment, organisations need an integrated platform that inspects traffic, Web traffic, and files at rest, and shares threat intelligence across those attack vectors. This has been borne out with amendments to the Australian Signals Directorate s 35 mitigations, with automated dynamic analysis of and web content run in a sandbox to detect suspicious behaviour now placed at number six. This mitigation analyses network traffic, new or modified files, or other configuration changes. It is relatively simple to implement and helps prevent malicious code execution. In addressing this mitigation, organisations should seek to: Analyse s before delivering them to users Mitigate web content that has already been delivered to users which has subsequently been identified as malicious Enable a customised sandbox to match the operating system CISO checklist to report to Management 1. We have a flow chart of the threat lifecycle. 2. We have implemented at least the ASD Top 4 mitigations. 3. We have active management on our Firewalls, IPS, AV and gateways. 4. We have technical measures in place to guard against advanced dynamic attacks which exploit zero-day vulnerabilities. 5. We have a rehearsed incident response plan in place should there be a compromise. 6. We can isolate critical systems from the remainder of the network and test their operational independence from other systems. 7. We encrypt sensitive or businesscritical information. 8. We know what is the single most important piece of information in our company. 9. We know who has access to our business sensitive information. Organisations need to augment their existing defences to inspect internet traffic and/or files looking to identify obfuscation techniques. Sessions should be replayed in a (safe) virtual environment to determine whether the suspicious traffic actually contains malware. 9

10 About the Centre for Internet Safety The Centre for Internet Safety at the University of Canberra was created to foster a safer, more trusted Internet by providing thought leadership and policy advice on the social, legal, political and economic impacts of cybercrime and threats to cybersecurity. For more information visit About FireEye FireEye has invented a purpose-built, virtual machine-based security platform that provides realtime threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,500 customers across 65 countries, including over 150 of the Fortune 500. For more information visit

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape Contents Introduction 2 Many SMBs Are Unaware Of Threats 3 Many SMBs Are Exposed To Threats 5 Recommendations

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It

More information

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Securing Cloud-Based Email

Securing Cloud-Based Email White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures

More information

REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED

REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED CONTENTS Inside This Report...3 Executive Summary...3 Finding 1 Explosion in Advanced Malware Bypassing Traditional Signature-Based Defenses...4

More information

FireEye Advanced Threat Report 1H 2012

FireEye Advanced Threat Report 1H 2012 FireEye Advanced Threat Report 1H 2012 FireEye, Inc. FireEye Advanced Threat Report 1H 2012 1 Advanced Threat Report Contents Inside This Report 2 Executive Summary 2 Finding 1 3 Explosion in Advanced

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

The Advanced Cyber Attack Landscape

The Advanced Cyber Attack Landscape The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Cybersecurity Strategies for Small to Medium-sized Businesses

Cybersecurity Strategies for Small to Medium-sized Businesses White Paper Cybersecurity Strategies for Small to Medium-sized Businesses Cyber Attacks Threaten Customer Data and Intellectual Property White Paper Contents Traditional Security Measures Fail Against

More information

I D C A N A L Y S T C O N N E C T I O N

I D C A N A L Y S T C O N N E C T I O N I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)

More information

Cybersecurity Strategies for Small to Medium-sized Businesses

Cybersecurity Strategies for Small to Medium-sized Businesses White Paper Cybersecurity Strategies for Small to Medium-sized Businesses Cyber Attacks Threaten Customer Data and Intellectual Property White Paper Contents Traditional Security Measures Fail Against

More information

Symantec Advanced Threat Protection: Network

Symantec Advanced Threat Protection: Network Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

Advanced Cyber Threats in State and Local Government

Advanced Cyber Threats in State and Local Government RESEARCH SURVEY Advanced Cyber Threats in State and Local Government January 2014 SHUTTERSTOCK UNDERWRITTEN BY: Section 1: Executive Overview In the past, scattershot, broad-based attacks were often more

More information

Cyber Attacks on Government

Cyber Attacks on Government White Paper Cyber Attacks on Government How APT Attacks are Compromising Federal Agencies and How to Stop Them White Paper Contents Executive Summary 3 The Problem: Federal Agencies are Under Constant

More information

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

Report. Bromium: Endpoint Protection Attitudes & Trends 2015. Increasing Concerns Around Securing End Users

Report. Bromium: Endpoint Protection Attitudes & Trends 2015. Increasing Concerns Around Securing End Users Report Bromium: Endpoint Protection Attitudes & Trends 2015 Increasing Concerns Around Securing End Users Table of Contents AUTHOR Clinton Karr Introduction 3 End Users Remain Greatest Security Risk 3

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

SPEAR-PHISHING ATTACKS

SPEAR-PHISHING ATTACKS SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT

More information

Practical Threat Intelligence. with Bromium LAVA

Practical Threat Intelligence. with Bromium LAVA Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful

More information

Symantec Insight and SONAR

Symantec Insight and SONAR We keep track of over 3. billion executable files We gather intelligence from over 20 million machines We deliver 70 per cent faster scans What Is Symantec Insight and SONAR Symantec Insight is a security

More information

Attivo Networks BOTsink and McAfee NSP Integration DNS Sinkhole with URL Sandboxing

Attivo Networks BOTsink and McAfee NSP Integration DNS Sinkhole with URL Sandboxing NSP Integration DNS Sinkhole with URL Sandboxing Botnets are a complex and pervasive form of cyber attack that has been used by attackers, for over a decade, to compromise millions of endpoints in order

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Big Data Analytics in Network Security: Computational Automation of Security Professionals February 13, 2015 Big Data Analytics in Network Security: Computational Automation of Security Professionals Stratecast Analysis by Frank Dickson Stratecast Perspectives & Insight for Executives (SPIE)

More information

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH INTRODUCTION: WHO S IN YOUR NETWORK? The days when cyber security could focus on protecting your organisation s perimeter

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always

More information

SOLUTION CARD WHITE PAPER

SOLUTION CARD WHITE PAPER WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

FISMA and SANS Critical Security Controls Driving Compliance

FISMA and SANS Critical Security Controls Driving Compliance FISMA and SANS Critical Security Controls Driving Compliance In a bid to bolster cyber security today s highly networked computing environment, the Federal Information Security Management Act (FISMA) imposes

More information

The Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.

The Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats. The Federal CISO Dilemma You have to do FISMA. You must defend against cyber threats. October 2012 Executive Summary Federal CISOs face a unique cyber security challenge copious amounts of regulatory compliance

More information

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com Next Generation Security Strategies Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com IT Ever-Evolving Challenges & Constraints Support IT Initiatives Minimize Business Risks from Cybersecurity

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

A New Approach to Assessing Advanced Threat Solutions

A New Approach to Assessing Advanced Threat Solutions A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises

More information

Compliance Guide: ASD ISM OVERVIEW

Compliance Guide: ASD ISM OVERVIEW Compliance Guide: ASD ISM OVERVIEW Australian Information Security Manual Mapping to the Principles using Huntsman INTRODUCTION In June 2010, The Australian Government Protective Security Policy Framework

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Today s New Breed of Email-based Cyber Attacks and What it Takes to Defend Against Them

Today s New Breed of Email-based Cyber Attacks and What it Takes to Defend Against Them 2 3 4 9 Spear Phishing: A Common Launch Point of Advanced Attacks Combatting the New Breed of Cyber Attacks: The Key Requirements Email Security Focus Shifts to Address the Risks of Targeted Attacks and

More information

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats Eva Chen CEO and Co-Founder Consistent Vision for 25 Years A world safe for exchanging

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009 Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Advanced Persistent Threats

Advanced Persistent Threats Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected? Current Threat Landscape 2 Global Threat Landscape:

More information

Advanced Threat Protection

Advanced Threat Protection Advanced Threat Protection DR151026D December 2015 Miercom www.miercom.com Contents Executive Summary... 3 Overview... 4 Methodology... 5 Results Summary... 9 Fair Test Notification... 13 About Miercom...

More information

AppGuard. Defeats Malware

AppGuard. Defeats Malware AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs? A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social

More information

THE HUMAN COMPONENT OF CYBER SECURITY

THE HUMAN COMPONENT OF CYBER SECURITY cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon

More information

Cyber Situational Awareness for Enterprise Security

Cyber Situational Awareness for Enterprise Security Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature

More information

WHITE PAPER. Understanding How File Size Affects Malware Detection

WHITE PAPER. Understanding How File Size Affects Malware Detection WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

GOING BEYOND BLOCKING AN ATTACK

GOING BEYOND BLOCKING AN ATTACK Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version

More information

Threat Landscape. Threat Landscape. Israel 2013

Threat Landscape. Threat Landscape. Israel 2013 Threat Landscape Threat Landscape Israel 2013 Document Control Document information Version Title Creation Date Revision Date 1.4 Threat Intelligence / Israel 2013 17 January 2014 27 January 2014 Contact

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Specific recommendations

Specific recommendations Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Comprehensive Advanced Threat Defense

Comprehensive Advanced Threat Defense 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,

More information

Bio-inspired cyber security for your enterprise

Bio-inspired cyber security for your enterprise Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t

More information

Big Threats for Small Businesses

Big Threats for Small Businesses White Paper Big Threats for Small Businesses Five Reasons Your Small or Midsize Business is a Prime Target for Cybercriminals White Paper Contents Introduction 3 Today s Attacks Target Small and Midsize

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

5 Design Principles for Advanced Malware Protection

5 Design Principles for Advanced Malware Protection White Paper 5 Design Principles for Advanced Malware Protection Winning the war against next-generation threats White Paper Table of Contents Executive Summary 1 Advanced Malware Defined 1 Understanding

More information

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions The evolution of virtual endpoint security Comparing vsentry with traditional endpoint virtualization security solutions Executive Summary First generation endpoint virtualization based security solutions

More information

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information