Advanced Persistent Threats
|
|
- Marybeth Osborne
- 8 years ago
- Views:
Transcription
1 White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which are combined, sustained attacks on an organization s computer systems, have infiltrated several major IT companies, including Google, Adobe and Juniper, demonstrating the effectiveness of these methods. Ask yourself: What would your employees do if they found a USB stick in the parking lot? How susceptible would they be to clicking on a link in a Phishing message? Would they approve the installation or update of a third-party browser plug-in? How frequently do you update all your desktop applications for vulnerability fixes? All of these methods have been used in the initial stages of APT attacks on organizations. APTs pose serious new security concerns to organizations, especially if the tools and kits used to create them become commercialized similarly to attack toolkits. This paper will outline the evolution of APTs, explain the motivation behind them, and determine best practices for defending against these threats. CONTENTS About...2 Definition...2 Anatomy of an APT...2 Stages of an APT Attack...3 Case Study of an APT: Operation Aurora...4 Remediation: Protecting Against...5 Best Practices...5 Layer Security Technologies...5 Be Proactive...5 Protect the Initial Attack Point (Blended Threats)...5 Cover the Major Threat Vector, the Web Gateway...6 Correlate Threat Information between & and the Web...6 Set Network Activity Baselines...7 Additional Preventative Steps...7 About M86 Security...8 m86security.com
2 ABOUT ADVANCED PERSISTENT THREATS Definition The term refers to a series of low-level attacks that were previously seen individually, but are now used collectively to launch highly-targeted, prolonged attacks. The goal is to gain maximum access and control into an organization. Anatomy of an APT An APT attack tries to penetrate an organization using any method available both technical and physical. Examples of the individual attack components include: Blended threats These attacks spoof known addresses and/or domains. messages are well-formatted with no attachments, so they pass through spam and anti-virus scanner defenses running at the gateway. These s include embedded URLs that link to an infected Web page. They typically use social engineering techniques to encourage users to click through. Legitimate websites hosting malware These sites are usually linked from blended threats s. Typically, employees visit the legitimate site regularly for business-related tasks, and infections of the site may be limited to specific blocks of time all to limit the possibility of detection. Cross-site scripting attacks and stolen FTP credentials are just two ways cybercriminals infect legitimate websites. Combination of malware tools Back-door downloaders, key loggers, network scanners and password stealers may be combined for the purposes of installing malware. Malware used in an APT is low-level in terms of activity and is designed to escape detection. In addition, this dynamically-created malware evades anti-virus scanners by being the first/only example ever created or by using polymorphic viruses which constantly change to escape signature-based detection technologies. Infected workstations (bots) These are the infected workstations inside the organization s network. Once the malware is inside the trusted network, infiltrating or compromising additional information such as credentials or confidential data is easier. Command & Control servers Operated by the attacker, these remote servers communicate with bots, or infected workstations. They can be used as a collection point to which compromised data is uploaded or to control the workstation s actions. Most APT activity occurs outside of the normal U.S. workday, again to evade detection. Outbound communication between the bot and these C&C servers is called the C&C communication channel. Previously, this has been easy to spot because attackers used protocols such as RPC, but recently, this has become more complex through use of diverse methods such as Google Groups or Tweets. Today s C&C networks are highly resilient and very difficult to track. The Internet makes it easy to host servers in other countries, routing data through them to avoid detection. Attack management console This user interface is used to control all aspects of the APT process, and multiple attackers can work on the same target. The management console enables the attackers to control the actions of the infected bots through the C&C servers, install new malware on the bots, and assemble all aspects of the APT to measure the current success rate. The screenshot below shows an attack toolkit, which is similar to an APT attack console. User Interface of Attack Toolkit Crimepack Page 2
3 Stages of an APT Attack Each attack is different and customized to its target for maximum success. Page 3
4 Example below: How APTs spread through an organization and how they are controlled The attacker s C&C server is the external point which controls the overall attack. It can be a single server or multiple cascading servers, which are difficult to track and neutralize. Case Study of an APT: Operation Aurora Widely reported in the press, operation Aurora was the first major disclosure of a widespread series of APT attacks. We believe Operation Aurora started in mid-2009 and was first publicly disclosed by Google in a blog post on Jan. 12, Other organizations, including Juniper, Adobe and Rackspace followed with their own disclosures. The goal of the attack was to access and potentially modify source code repositories at the affected high-tech, security and defense companies. The ability to modify and infect a backdoor into the source code could be a larger prize for cybercriminals than financial or design documents. Operation Aurora followed the typical stages of an APT (as previously defined). Detailed steps in this case include: 1. Employees with the most access to proprietary data were identified first, after which their social networks were investigated and compromised. This enabled cybercriminals to send blended threats s to them from trusted friends, improving chances that they would click on links inside the messages. 2. links led to an infected website, initiating the initial malware infection. This occurred through a vulnerability in Internet Explorer versions 6, 7 and 8 that allowed remote code to be executed on the target machine. 3. With a backdoor into the organization, the attackers were able to move laterally from the infected workstation, identifying other vulnerable targets that could be compromised and infected to eliminate a single point of failure. 4. They began to scan systems to obtain higher level security privileges. 5. In the discovery phase, the compromised credentials were used to try to access the master details of selected Gmail accounts of known Chinese dissidents. Now that the attackers were inside the network of target organizations, vulnerabilities found in the Perforce source code system were used to directly access source code for the organizations products. This was a potentially serious problem because the source code could have been deployed to thousands of the organization s customers, giving the attackers a backdoor to those as well. 6. There is only conjecture as to how long this attack was active, but many reports put the elapsed period at more than four months of sustained, multiple attacks and infections with un-measurable data flowing back out. The source of these attacks was traced to two technical institutes based in China. Page 4
5 REMEDIATION: PROTECTING AGAINST ADVANCED PERSISTENT THREATS Today, APTs are widespread and frequently used. Organizations need to determine their risk levels and note their most valuable resources to plan how to defend themselves effectively. The following diagram provides a basic outline for protecting your organization. Best Practices Multi-faceted attacks require multi-faceted responses. Ideally, solutions that can correlate threat information to maximize attack intelligence will provide an optimal defense. 1. Layer multiple technologies for the best possible defense. 2. Combine proactive and reactive security controls to maximize coverage. 3. Deploy security controls as early as possible at the network perimeter or in the cloud before threat infiltrates your network. 4. Deploy coverage against blended threats at the security gateway to prevent compromised s from reaching user inboxes. 5. Deploy appropriate security controls at the Web gateway. 6. Use solutions that correlate threat information between and Web gateways as well as vendors who use collective intelligence to share information on attacks. 7. Establish baseline network activity so you can recognize irregular behavior and traffic earlier. Layer Security Technologies Build as many defenses as possible by layering security technologies such as desktop malware protection and and Web gateway security. Look for suspicious network activity especially to unknown external hosts. Though you might not block the initial infection, awareness of the threat will go a long way to stopping an APT as soon as possible. A great pre-emptive step includes having an effective way to process log information and spot unusual activity across all layers. Be Proactive Today s threats involve dynamically-created malware or Polymorphic viruses that are designed to evade reactive security controls. Highly innovative proactive controls can detect and block suspicious behavior exhibited through or the Web to successfully detect new and emerging threats. Best-in-class security solutions layer reactive controls for speed with proactive controls to close the threat window. Look for technologies such as M86 s patented Real-time Code Analysis and behavioral analysis. Ensure proactive controls are running on all the data your users access, as they are accessing it, to maximize coverage. A high proportion of malware comes from legitimate websites. Protect the Initial Attack Point: (Blended Threats) Typically, the first vector tried in an attack is . Are proactive security controls on your gateway scanning specifically for blended threats? Page 5
6 Blended Threats are blocked at the gateway, or correlated information is sent to the Web gateway for blocking. Cover the Major Threat Vector: the Web Gateway When an unsuspecting user clicks a link in a blended threat , the actual attack occurs through the Web, necessitating a secure Web gateway (SWG) solution. The SWG should include proactive security controls that analyze all content moving through the Web gateway, like are within the M86 SWG. All users, whether on the network at headquarters and remote workers should be covered. Hybrid Web services extend 100% of the security coverage offered on-premises to remote and external users. Security solutions that reside on the desktop provide few, if any, proactive security controls. So catching threats earlier at the gateway is ideal (though these solutions aren t always used). Evaluate your current endpoint security solutions. How many proactive capabilities do they have? How effective are they in independent tests? Correlate Threat Information between and the Web Consider a scenario in which an gateway detected low levels of activity that could be a possible attack. The Web gateway also detected low levels of suspicious traffic. Individually, these solutions might not act on this information (to prevent overblocking). But correlating this data between both gateways would trigger a block. The power of correlation moves to a whole new level if a vendor is able to correlate across an entire customer base. Page 6
7 Cycle of threat data received from customer installations and third party feeds, correlated and analyzed at M86 Security Labs and then fed back out to installed products. An organization running and Web security solutions from a single vendor doubles the advantage they get from this threat data correlation. It can use the updated threat data to maximize coverage, minimize attack windows and secure the organization from coordinated APTs. Set Network Activity Baselines APTs will generate irregular network traffic from internal computers to external command and control (C&C) servers. C&C traffic can use a number of ports and applications. Traditionally RPC channels have been used, Google groups, Twitter and other seemingly legitimate protocols and applications have been used as well. Recognizing this C&C traffic is an important step in mitigating APTs. So knowing the volume of your traffic and the external hosts/applications typically used will help you spot abnormal activity possibly an infected internal workstation that s communicating externally. Analyzing firewall logs is a good way to get started, but there are many tools and products that can assist. Additional Preventative Steps Ways an administrator can help prevent APTs include: 1. Keep applications up to date Most vulnerabilities target outdated browsers like Internet Explorer 6 and 7, and old versions of applications like Adobe Flash and Adobe Reader. Most recent updates to these applications address many of the vulnerabilities that continue to be exploited. 2. Disable administrative rights for most users It s been proven that by eliminating user administrative privileges, 90% of Windows 7 vulnerabilities would be mitigated. 3. Conduct sensitive tasks such as financial transactions on another system If members of your organization conduct e-banking on your network, we strongly encourage they do so on a separate computer on a separate network. Many of the headline-making e-banking business thefts occur when a user account is compromised by an information-stealing Trojan. Another option is to arm employees with a Linux live CD for use with sensitive transactions. 4. Educate users Never underestimate the power of user education. Ensure your employees can recognize social engineering, Phishing, Man-in-the-middle malware, etc. And institute a policy regarding external devices such as USB sticks. Page 7
8 ABOUT M86 SECURITY M86 Security is the global expert in real-time threat protection and the industry s leading Secure Web Gateway provider. The company s appliance, software, and Software as a Service (SaaS) solutions for Web and security protect more than 24,000 customers and over 17 million users worldwide. M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand. TRY BEFORE YOU BUY M86 Security offers free product trials and evaluations. Simply contact us or visit Corporate Headquarters 828 West Taft Avenue Orange, CA United States Phone: +1 (714) Fax: +1 (714) International Headquarters Renaissance 2200 Basing View, Basingstoke Hampshire RG21 4EQ United Kingdom Phone: +44 (0) Fax: +44 (0) Asia-Pacific Millennium Centre, Bldg C, Level Great South Road Ellerslie, Auckland, 1051 New Zealand Phone: +64 (0) Fax: +64 (0) Version 08/20/10 Copyright 2010 M86 Security. All rights reserved. M86 Security is a registered trademark of M86 Security. All other product and company names mentioned herein are trademarks or registered trademarks of their respective companies.
How IT Can Enhance User Productivity with Dynamic Web Repair
White Paper How IT Can Enhance User Productivity with Dynamic Web Repair INTRODUCTION We all know that malware is a major concern for organizations worldwide. And with the mainstreaming of interactive
More informationSWG Installation Utility
Technical Brief SWG Installation Utility Contents Introduction 2 Usage Instructions 2 Known Limitations 7 m86security.com INTRODUCTION The new SWG Installation Utility replaces the Finjan OS version upgrade
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationAdvanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management
A Websense Brief By Patrick Murray, Senior Director of Product Management Advanced Persistent Threats: From FUD to Facts With Websense, you can stay a step ahead of the threats. From our roots in web filtering,
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationProtecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009
Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationEndpoint Security Management
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationBuyers Guide to Web Protection
Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS:
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationSecuring Cloud-Based Email
White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures
More informationyou us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services
MSSP you us are a Managed Security Service Provider looking to offer Advanced Malware Protection Services Lastline is the only company with 10+ years of academic research focused on detecting advanced
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationWhen less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński
When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński 1 Agenda Spear-Fishing the new CEO Fear How to Fight Spear-Fishing It s All About the Data Evolution of the bad guys
More informationDefending Against. Phishing Attacks
Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNetsweeper Whitepaper
Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826-5222 F: +1 (519) 826-5228 Netsweeper Whitepaper The Evolution of Web Security June 2010
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationWEBSENSE TRITON SOLUTIONS
WEBSENSE TRITON SOLUTIONS INNOVATIVE SECURITY FOR WEB, EMAIL, DATA AND MOBILE TRITON STOPS MORE THREATS. WE CAN PROVE IT. PROTECTION AS ADVANCED AND DYNAMIC AS THE THREATS THEMSELVES The security threats
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments
HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what
More informationWEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW
WEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW Challenge The nature of email threats has changed over the past few years. Gone are the days when email security, better known as anti-spam, was primarily tasked
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationWhen attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher
TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationAntiVirus and AntiSpam email scanning The Axigen-Kaspersky solution
AntiVirus and AntiSpam email scanning The Axigen-Kaspersky solution The present document offers a comprehensive analysis of the ways to secure corporate email systems. It provides an expert opinion on
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationSmall and Midsize Business Protection Guide
P r o t e c t i o n G u i d e : C l o s e t h e P r o t e c t i o n G a p Small and Midsize Business Protection Guide Close the protection gap and safeguard your business future Confidence in a connected
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationIBM Security X-Force Threat Intelligence
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
More informationEndpoint Security More secure. Less complex. Less costs... More control.
Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap
More informationWhen your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.
Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using
More informationSecuring the Borderless Enterprise
Securing the Borderless Enterprise Websense TRITON Solution The Web 2.0 Workplace: New Opportunities, New Risks Web-enabled technologies are reshaping the modern enterprise. Powerful, cloud-based business
More informationTRITON APX. Websense TRITON APX
TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationV1.4. Spambrella Email Continuity SaaS. August 2
V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationSymantec Endpoint Protection 12.1.5 Datasheet
Symantec Endpoint Protection 12.1.5 Datasheet Data Sheet: Endpoint Security Overview Malware has evolved from large-scale massive attacks to include Targeted Attacks and Advanced Persistent Threats that
More informationSpyware: Securing gateway and endpoint against data theft
Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation
More informationTechnology Blueprint. Protect Your Email. Get strong security despite increasing email volumes, threats, and green requirements
Technology Blueprint Protect Your Email Get strong security despite increasing email volumes, threats, and green requirements LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More information