Comprehensive Advanced Threat Defense
|
|
- Cody Neal
- 8 years ago
- Views:
Transcription
1 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1
2 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions, and plenty of marketing hype and spin on the topic, but it s the science and the art of defending yourself against sophisticated, persistent adversaries who can get past (or have already gotten past) your security defenses. We like to define advanced threat defense in terms of the adversary rather than the attack technique used to remind ourselves that what we are really up against is a person or, more likely, a group of people who are specifically targeting your organization, and will use whatever attack vectors and techniques necessary to achieve their objectives. This paper describes a comprehensive, network- based approach to Advanced Threat Defense. PAGE 2 PAGE 2
3 THE THREAT LIFECYCLE It is important to understand that advanced, targeted attacks are not instantaneous events. They are complex processes with multiple phases that occur over a period of time. As shown in Figure 1, we break the threat lifecycle down into four major phases: 1. Infiltration 2. Command and Control Communication 3. Lateral Propagation 4. Data Exfiltration Figure 1. Threat Lifecycle PAGE 3 PAGE 3
4 Infiltration Phase If the adversaries are external threat actors, they normally need to get access to, and then gain control over, one of your organization s computing assets. There are many ways they can accomplish this. They could use a classic server- side exploit technique such as SQL injection or a fuzzing attack. They could guess, buy, or hack or crack one of your users VPN login credentials (username and password). Or they could use social engineering to exploit a user s trust and naivety to snare login credentials. They may launch a spear- phishing attack to deceive one of your users into visiting a malicious website that will exploit their browser or open a document that will exploit an application on their computer or mobile device. If the adversary is an internal user (a trusted insider ), they normally do not have to go through the infiltration phase, as they already have authorized access to your computing and network resources. This ancillary infiltration case, Insider Threat, is also detailed in Figure 1. Command and Control ( C2 ) Communication Phase Once an external adversary has gained unauthorized access and control ( compromised ) over one of your computing assets, Victim 0 ; they will typically exercise complete remote control over that compromised asset. The attacker will normally do that by using remote administration utilities that are already available on the compromised asset or by installing a back door program such as a remote administration trojan (RAT) on the asset, which they will then use to communicate with the asset. This will result in command and control (C2) communication between the compromised asset and the remote C2 server. This communication is bi- directional, with beaconing messages going from the victim to the server and commands being issued from the server to the victim. Lateral Propagation Phase Attackers are ultimately interested in valuable data assets to extract information from. So after they have successfully taken control of Victim 0, they use that device as a starting point to find and infiltrate other connected assets inside your network. They move laterally from network device to network device, compromising more assets; escalating privilege; looking for and staging sensitive, valuable or classified information; and installing more back doors so they can persist in your environment even if you identify and clean up some of the compromised assets. Data Exfiltration Phase Once the attackers have found and staged the data they want to steal, they begin to send it out of the network. They will often try to obfuscate the data by encapsulating, compressing, transforming, or encrypting it in some way. Then they will send it out of the network, either by hiding it in plain sight on standard outbound network channels such as web (HTTP) and (SMTP), or by trying to circumvent your standard network security systems (such as web and proxies) by sending it out of the network using non- standard ports and/or protocols. PAGE 4 PAGE 4
5 THE THREE DIMENSIONS OF NETWORK THREAT INTELLIGENCE There are three components you must understand when you are looking for threats in your network: Content Channels Locations Content What information is being transferred? Content is the information that is flowing over the network. Examples of content include web pages, files, and attachments. It is important to understand that content and packets are not the same thing. In most cases today, the content is not visible in the packets because it has been buried under multiple levels of encapsulation, encoding, embedding, packing and/or compression. Because most targeted attacks these days involve content- level threats, in the infiltration phase as well as in the data exfiltration phase, it is very important that a network- based ATD system be able to extract, decode and analyze the content traversing the network no matter how deeply or recursively embedded it is. This applies to both inert (non- executable) and active (executable) content objects. Channels How is the information being transferred? Channels are the way in which information is being transferred over the network. Channels include the attributes of the network ports, protocols, and applications that are being used. Channels define the context in which information exchange occurs on the network, and that contextual awareness is often critically important in being able to distinguish normal network activity from abnormal, suspicious, or malicious network activity. Locations Where/who is the information coming from and going to? Locations are everything that relate to the source and destination of the information that s traversing the network. Examples of locations includes not just network-, protocol-, and application- level source and destination information such as TCP/UDP ports, IP addresses, DNS domains, and URLs, but also organizational-, reputational-, and identity- based attributes of the sources and destinations of information. PAGE 5 PAGE 5
6 THREAT DETECTION, PREVENTION, AND INCIDENT RESPONSE REQUIREMENTS A network- based Advanced Threat Defense system should serve two primary roles: 1. Threat Detection and Prevention role protects you from internal and external attacks. 2. Incident Response role helps automate and accelerate your incident response cycle. In the Threat Detection and Prevention role, the key actions for an ATD are to detect and prevent a whole spectrum of malicious activity, regardless of the tactics, including phishing, exploits, malware, command and control communication, lateral propagation, data staging, data leakage, and exfiltration, among others. The key technical requirement here is that the ATD system must be able to identify threats in real time as they occur and be able to take a unilateral prevention action when it sees them. This unilateral prevention capability is important because, in many cases, the ATD system is the only one in the network security infrastructure that can identify the threat with sufficient precision to be able to block it without disrupting normal network traffic. In the Incident Response role, the ATD system must be able to discover compromised systems, investigate live and dormant incidents, and contain targeted attacks before they result in data loss. Implicit in the previous statement is the fact that no ATD system can guarantee that you will never be compromised by an advanced adversary. The key technical requirement in this role is that the ATD system must have some form of historical network memory and be able to search, query, and analyze the recorded information. This gives the incident responders the ability to go back in time and look for things that the system did not know were malicious at the time that they occurred. PAGE 6 PAGE 6
7 COMPREHENSIVE NETWORK-BASED ADVANCED THREAT DEFENSE CAPABILITIES A comprehensive network- based ATD solution can be broken down into three critical capabilities: Advanced Malware Protection Data Theft Protection Network Security Analytics Figure 2. Comprehensive Advanced Threat Defense PAGE 7 PAGE 7
8 Advanced Malware Protection The industry may lead you to believe that this is only about advanced malware protection; however, a truly comprehensive ATD solution provides protection against targeted persistent attacks at each phase of the threat lifecycle on the network: before they are downloaded, when they are transferred within the network, to when they are installed on an endpoint. A truly comprehensive ATD solution protects you with these features: Advanced Malware Detection analyzing scores of inbound threats per second as they flow over the network, maintaining a high malware detection rate with extremely low false positives. Rich Malware Execution Forensics detailed description of what the malware did when it executed in the virtual execution environment such as registry, file system and operating system changes, network call- out behavior, etc. Real- Time Threat Prevention analyzing network traffic at multi- gigabit speeds, providing real- time discovery and prevention. Automated Threat Intelligence delivering a continuous stream of finely curated reputational threat intelligence for automatic consumption; a key component in enabling the solution to quickly identify suspicious and malicious activity. Flexible Policy (Rules) Engine operationalizing known advanced threat indicators using open industry standards, like YARA. Wire- Speed Performance analyzing gigabits of network traffic in real time, providing visibility, analysis, and protection from advanced threats before they harm your enterprise. Data Theft Protection A truly comprehensive ATD solution will directly detect and prevent the unauthorized flow of sensitive, valuable, or classified information out of the network. The technical requirements include: Data Exfiltration Prevention using sophisticated rules and techniques to prevent the theft of sensitive and confidential data out of your network. PAGE 8 PAGE 8
9 Intellectual Property Protection flexible and powerful policy engine to match the characteristics of your intellectual property and block any unauthorized transfers of this data. Compete Content Visibility delivering network visibility, analysis, and control over all protocols, applications, and file types to defend against advanced threats and prevent data theft in real time. Flexible Data Profiling Through a flexible, powerful policy engine, you can define the characteristics of your most valuable data to identify sensitive data and keep it from leaving your network. Actionable Alerts alerts provide comprehensive, actionable information allowing you to rapidly triage and remediate threats. Network Security Analytics A comprehensive ATD solution will provide a historical record of all network activity so you may go back in time to look for things that you didn t know were bad at the time that they occurred. There are many use cases for this capability across all phases of the threat lifecycle. The technical requirements include: Full Metadata Capture collecting details (metadata) about every network transaction. This metadata is stored as historical network memory and leveraged to discover past incursions. Multi- dimensional Analysis analyzing network content against multiple sources of threat intelligence including reputation feeds, custom policies, and threat prevention policies that are updated frequently. Advanced Visualization delivering dynamic summaries and trends of your enterprise, by host, alerts, location, and protocols to understand your organizations threat landscape. Customizable Reporting standard and customizable reports on the rich metadata collected over time. Correlated Alerting correlating alert data for investigation with other transactions potentially related to the threat. A comprehensive, network- based ATD system should combine all three capabilities Advanced Malware Protection, Data Theft Protection, and Network Security Analytics in a seamless, tightly integrated system, under a single management framework. PAGE 9 PAGE 9
10 INTEGRATION WITH ENDPOINT SECURITY SYSTEMS The main job of a network- based ATD system is to protect the enterprise s computing assets (endpoints) at the network level from being compromised. The primary way it does this is by decoding and analyzing the network traffic that flows to and from those endpoints, looking for indications of threat and/or compromise within the contextual information that is available on the network. It can also simulate endpoint execution environments by incorporating emulators and/or full virtualized endpoint execution containers ( sandboxes ) for example. However, no matter how good a network- based ATD system is it needs to have access to the contextual information that is available on the actual enterprise endpoints themselves. To do this, the network ATD system should integrate with endpoint defenses. This integration should include the sharing of contextual information about threats and/or threat intelligence. For example, if the network ATD system sees malware inbound to an enterprise endpoint, it does not know if the malware actually executed on the real endpoint. On the other hand, if there is an endpoint security solution that is monitoring and recording the behavior of all executable objects on the endpoint, the network ATD system can query the endpoint security system to determine if the malware actually executed on the target endpoint (or at other endpoints in the enterprise). If the answer is yes, the network ATD system can increase the severity of the malware alert and escalate its priority in the security analyst s workflow. Figure 3. Integration between Network and Endpoint ATD Systems PAGE 10 PAGE 10
11 THE FIDELIS XPS SOLUTION The Fidelis XPS solution is a comprehensive, network- based Advanced Threat Defense solution consisting of four major components, as shown in Figure 4. Figure 4. The Fidelis XPS Solution These components are described briefly below. For more details, see the Fidelis Solution Overview white paper. Fidelis Insight is a cloud- based aggregation of dynamic threat intelligence derived from multiple public and proprietary sources. Fidelis Insight includes content-, channel-, and location- based threat intelligence. It also includes a secure, high- capacity, virtual execution (sandbox) environment. Fidelis XPS CommandPost is the management system for the Fidelis XPS products and the integration point between the Fidelis XPS solution and other systems in the enterprise network security infrastructure. Fidelis XPS Sensors are the workhorses of the Fidelis XPS solution. They are typically deployed at boundary points on the enterprise network (e.g. at Internet or MPLS access points, in front of the enterprise PAGE 11 PAGE 11
12 fileshares, etc.). They can be deployed in line with the network traffic or out of band where they receive a copy of the traffic from a network TAP or a switch SPAN port. There are several different types of sensors that are designed for deployment at different points in the physical and logical network infrastructure. The sensors reassemble, decode, and analyze the traffic that traverses the network boundary in real time using Fidelis patented Deep Session Inspection technology, which gives them deep visibility and control over the protocols, application, and content objects that are flowing over the network. This enables the Fidelis XPS sensor to detect threats that are not visible to other network security systems. The Fidelis XPS sensors include an integrated Malware Detection Stack that identifies malware objects flowing over the network using a combination of rule- based behavioral analysis, static and dynamic malware detection technologies. The malware detection stack uses a high speed, multi- threaded architecture that can analyze hundreds of objects per second (per sensor). When a sensor detects a session that triggers a threat detection rule, it takes an action on the session. The action is configurable at the rule level and can be a record- and- alert action or a prevention- and- alert action. The sensors also extract rich network-, protocol-, application-, and content- level metadata from each and every network session that occurs on the network whether the session triggers a threat detection rule or not and sends the metadata to a Fidelis XPS Collector system (if deployed). Fidelis XPS Collector is a database for rich session metadata extracted from all network sessions by the Fidelis XPS sensors. The Collector stores session metadata from one or more Fidelis XPS sensors in a high- speed database and makes it available to analysts via a query and search interface on the Fidelis XPS CommandPost. The Collector supplies historical network memory at a much lower total cost of ownership than a full packet capture system. The Collector corresponds to the index component of a full packet capture system, but the Collector s index is much richer because of the deep protocol, application, and content decoding capabilities of the Fidelis XPS sensors that extract the metadata the richer the index, the higher the probability of detection. PAGE 12 PAGE 12
13 Fidelis XPS Solution Architecture The Fidelis XPS products are purpose- built for advanced threat defense, and have the following specific architectural capabilities: Broad visibility over all network ports, protocols, and applications Deep visibility into encapsulated, encoded, embedded, compressed, obfuscated content Multi- dimensional dynamic threat intelligence Historical and comprehensive network memory Static and dynamic malware detection and analysis Data theft/exfiltration detection and prevention Open policy, rules, and threat intelligence engine Scalability up to 2.5+ Gbps for each stand- alone appliance (up to 20+ Gbps per blade center chassis) Unilateral real- time prevention (blocking) capability Integrations with leading- edge endpoint- based ATD systems PAGE 13 PAGE 13
14 FIDELIS XPS A COMPREHENSIVE NETWORK-BASED ATD SOLUTION Visibility and Control over the Entire Threat Life Cycle The Fidelis XPS solution includes technologies and threat intelligence that give visibility and control over each of the four phases of the threat lifecycle (infiltration, command and control communication, lateral propagation, and data exfiltration). Experience shows that this broad spectrum approach significantly increases the probability of seeing the threat before it does irreparable harm to the targeted organization. Multi- Dimensional Dynamic Threat Intelligence Fidelis XPS Deep Session Inspection technology, coupled with the dynamic threat intelligence available in Fidelis XPS Insight, gives the Fidelis XPS solution a unique ability to operationalize all three dimensions of network threat intelligence (content, channels and locations) on network traffic. This multi- dimensional visibility also increases the probability of detecting an advanced threat. Threat Detection/Prevention and Incident Response The architecture of the Fidelis XPS solution, and in particular its unique combination of real- time detection and prevention capability with both selective and non- selective network memory, enables it to add value both in threat detection and prevention and in incident response roles. Integrations with Endpoint Advanced Threat Detection Systems The Fidelis XPS solution has integrations with leading edge endpoint- based ATD systems such as Verdasys Digital Guardian and Bit9 + Carbon Black. These integrations give the Fidelis XPS system access to contextual information that is only available on the endpoint itself. All Three Critical ATD Capabilities in a Single, Tightly Integrated System One of the most distinguishing characteristics of the Fidelis XPS solution is that it integrates all three critical capabilities of network based advanced threat defense (advanced malware protection, data exfiltration protection, and network forensics and analytics) in a single system under a unified management framework, as shown in Figure 4. The benefits of having all three of these capabilities seamlessly integrated into a single system, under a unified management framework include: higher probability of detecting or preventing threats before they result in serious damage; lower incident response costs due to fewer incidents, faster containment and remediation, and lower post- incident charges such as legal, forensics, etc.; and lower network security infrastructure costs as a result of having fewer boxes, lower maintenance, and less analyst oversight. PAGE 14 PAGE 14
15 ABOUT GENERAL DYNAMICS FIDELIS CYBERSECURITY SOLUTIONS General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today's sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence through use of our Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands on experience, and our award winning Fidelis XPS Advanced Threat Defense products, which provide visibility and control over the entire threat life cycle. PAGE 15 PAGE 15
Advanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationStop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats
Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWhite. Paper. Understanding and Addressing APTs. September 2012
White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,
More informationRAVEN, Network Security and Health for the Enterprise
RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationFidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1
Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationWHAT S NEW IN WEBSENSE TRITON RELEASE 7.8
WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8 Overview Global organizations are constantly battling with advanced persistent threats (APTs) and targeted attacks focused on extracting intellectual property
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationYou ll learn about our roadmap across the Symantec email and gateway security offerings.
#SymVisionEmea In this session you will hear how Symantec continues to focus our comprehensive security expertise, global intelligence and portfolio on giving organizations proactive, targeted attack protection
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network Data Sheet: Advanced Threat Protection The Problem Today s advanced attacks hide themselves on legitimate websites, leverage new and unknown vulnerabilities,
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationTRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT
TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS AND DATA THEFT Your business and its data
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationHow Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com
How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional
More informationCisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats
Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationThe Purview Solution Integration With Splunk
The Purview Solution Integration With Splunk Integrating Application Management and Business Analytics With Other IT Management Systems A SOLUTION WHITE PAPER WHITE PAPER Introduction Purview Integration
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationZak Khan Director, Advanced Cyber Defence
Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts
More informationA New Era of Cybersecurity Neil Mohammed, Sales Engineer
A New Era of Cybersecurity Neil Mohammed, Sales Engineer Copyright 2015 Raytheon Company. All rights reserved. R W Market Advantages Strong Financial Backing Accelerated Innovation Increased Breadth and
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationWhitepaper. Advanced Threat Hunting with Carbon Black
Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationAfter the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationUsing Network Forensics to Visualize Advanced Persistent Threats
Using Network Forensics to Visualize Advanced Persistent Threats Dale Long, Sr. Technology Consultant, RSA Security 1 The Problem 2 Traditional Security Is Not Working 99% of breaches led to compromise
More informationTRITON APX. Websense TRITON APX
TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More information