An New Approach to Security. Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com

Similar documents
How To Build Security By Silo

Leading The World Into Connected Security. Paolo Florian Sales Engineer

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Secure Cloud Computing

Data Center security trends

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Agenda , Palo Alto Networks. Confidential and Proprietary.

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

INVESTIGATIONS REPORT

Modular Network Security. Tyler Carter, McAfee Network Security

Information Security and Risk Management

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Cybersecurity: Protecting Your Business. March 11, 2015

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

The Hillstone and Trend Micro Joint Solution

10 Smart Ideas for. Keeping Data Safe. From Hackers

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Advanced Threats: The New World Order

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

CyberArk Privileged Threat Analytics. Solution Brief

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

McAfee Network Security Platform

High End Information Security Services

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Alert (TA14-212A) Backoff Point-of-Sale Malware

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

10 Things Every Web Application Firewall Should Provide Share this ebook

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Data Loss Prevention Best Practices for Healthcare

Fighting Advanced Threats

Into the cybersecurity breach

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Practical Steps To Securing Process Control Networks

Perspectives on Cybersecurity in Healthcare June 2015

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

ITAR Compliance Best Practices Guide

Whitepaper. Advanced Threat Hunting with Carbon Black

Evolving Threat Landscape

Getting real about cyber threats: where are you headed?

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Cybersecurity and internal audit. August 15, 2014

Incident Response. Six Best Practices for Managing Cyber Breaches.

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Comprehensive Advanced Threat Defense

AB 1149 Compliance: Data Security Best Practices

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Unified Security, ATP and more

IBM Security re-defines enterprise endpoint protection against advanced malware

Security Information & Event Management (SIEM)

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Hunting for Indicators of Compromise

Speed Up Incident Response with Actionable Forensic Analytics

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

The Fortinet Advanced Threat Protection Framework

Presented by Evan Sylvester, CISSP

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Overall, which types of fraud has your organisation experienced in the past year?

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Security Services. 30 years of experience in IT business

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

A HELPING HAND TO PROTECT YOUR REPUTATION

Advanced Persistent Threats

Cybersecurity Awareness. Part 1

Securing Your Business with DNS Servers That Protect Themselves

Cyber Security Metrics Dashboards & Analytics

Cisco Advanced Malware Protection for Endpoints

Solution Path: Threats and Vulnerabilities

Breaking the Cyber Attack Lifecycle

Transcription:

An New Approach to Security Chris Ellis McAfee Senior System Engineer Chris_Ellis@McAfee.com

Advanced Targeted Attack Challenges Criminal Theft Sabotage Espionage After the Fact Expensive Public Uncertainty COMPROMISE CONTAINMENT ATTACK DISCOVERY High Value Data Key Systems Exploit Weakness Stealthy Replacement Process Preparation Sadder but Wiser 2

Challenges Faced by Security Professionals 20% False Positives 22% Protection 11% Timely Response 35% Discovery 3% Other 9% Damage Repair 3 Source: McAfee Survey at Black Hat USA 2013

Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO DISCOVERY DISCOVERY TO CONTAINMENT CONTAINMENT 9% Hours 4% 12% Months Years 19% Hours 2% Minutes 23% Months DISCOVERY COMPROMISE 11% Days 14% Weeks ATTACK 64% Weeks 42% Days $8,769 / Incident $3,840,988 / Year 1.2 incidents / Day 4 Sources: Verizon 2013 Data Breach Investigations Report. Securosis Malware Analysis Quant Metrics Model

Security-Related TCO Is Skyrocketing Multiple products operate in separate functional silos Constantly rising costs of operational security No efficiency, no effectiveness Stale defenses lack adaptive, contextaware capabilities 5 Increasingly complex to manage

Advanced Targeted Attacks The Reality Downtime Brand Impact Data Loss Priceless INTELLECTUAL PROPERTY LEAKAGE 6

Let s look at our current arsenal.

The Current Arsenal Reputation Intelligence Server Protection Virtualization Optimization DB Protection Firewall / More Needs To Be Done! DLP Network IPS Compliance Management ATMs Mobile Devices Desktop Protection Mail Web Mobile Protection Endpoint Protection Security Management Network Protection

Targeted Attack Protection Examples Meeting the Needs of Different Operational Environments File Is New Execution Location Low Prevalence Packed Suspiciously Low Prevalence Revoked Certificate 9

Recent Notable Advanced Targeted Attacks Targeted attacks against Point-of-Sale (POS) systems Memory parsing/scraping malware Extracts full magnetic stripe data out of memory Not detected by traditional A/V Not detected for a significant amount of time Substantial damage 40 million credit cards where ex-filtrated in the TARGET compromise Estimated $652 million loss in market cap after Target breach Containment took long (VISA) 10

Dissecting the Target Breach Suspicions of initial intrusion through HVAC supplier credentials Initiated through phishing attack, Citadel password stealing bot Off-the-shelf Malware BlackPOS Memory scraping of credit card data on the POS Data accumulated on compromised internal share Best1_user password BackupU$r Malware events ignored on Nov 30, Dec 2, breach public Dec 15 Numerous other retailers are now under similar attacks

Targeted Attack Protection Examples Meeting the Needs of Different Operational Environments File Is New Execution Location Low Prevalence Packed Suspiciously Low Prevalence Revoked Certificate 12

CSIS Economic Impact Analysis > Study Key Findings Annual loss to global economy is likely more $445 billion Globally the loss from cybercrime is between 0.5% and 0.8% of global economy G20 Countries lost about $200 billion Annual loss to U.S. economy could be more than $100 billion Annual loss of U.S. jobs estimated at more than 200,000 EU Job loss of more than 150,000 Cybercrime would rank 27th if it were a nation ahead Singapore, Austria, Thailand, Denmark and South Africa

Economic Impact Analysis - CSIS McAfee Took a Unique Approach Builds economic model to scope the direct losses from cybercrime and cyberespionage CSIS enlisted economists, intellectual property experts, security researchers to develop report Surveys not effective because: Not all companies willing to state their losses Those that are willing often can t estimate what s been taken Intellectual property losses difficult to value Self-selection process of surveys can distort results CSIS (csis.org) 50-year old bipartisan nonprofit headquartered in Washington, D.C. Source: Net Losses: Estimating the Global Cost of Cybercrime Center for Strategic and International Studies 2014 14

Economic Impact Analysis - Canada Source: Net Losses: Estimating the Global Cost of Cybercrime Center for Strategic and International Studies 2014 15

Source: Verizon 2014 Data Breach Investigations Report 16

Source: Verizon 2014 Data Breach Investigations Report POINT-OF-SALE INTRUSIONS WEB APP ATTACKS INSIDER AND PRIVILEGE MISUSE PHYSICAL THEFT AND LOSS MISCELLANEOUS ERRORS CRIMEWARE PAYMENT CARD SKIMMERS DENIAL OF SERVICE CYBER-ESPIONAGE 17

The Challenge - Hackers are getting more sophisticated - Zero day malware is getting through - Computing environments are getting more sophisticated. Think Cloud - Users continue to click web links - Budgets are not increasing - Finding and maintaining training security professionals is difficult. 18

What Can We Do? Leverage Cyber Threat Intelligence Introduce Local Malware Analysis Increase Situational Awareness 19

Leverage Cyber Threat Intelligence

Threat Intelligence Sources Organizational Intelligence Reputation Data File, IP / Domain, Mail Digest Administrator Organizational Knowledge Centralized Repository Vendor Reputation Feeds 3 rd Party Feeds Local Threat Intelligence Threat Intelligence Mail Gateway IPS Assemble, override, augment and tune the intelligence source information Firewall Sandboxing Endpoint Agents Web Gateway

Cyber Threat Intelligence And Analysis Adapt and Immunize From Encounter to Containment in Milliseconds Malicious Code Security Management Local Threat Intelligence Reputation Intelligence Local Threat Intelligence - Consolidates threat information across the enterprise - Provides malware administrators appropriate context to make decisions - Enables more effective malware policy

New Levers for Security Admins Local Context Execute Tunable Policy Classification Decision Prevent and Remediate Prevent and Quarantine Site Specific Threat Intelligence Variable Degrees of Risk Tolerance Submit to Application Sandboxing

Targeted Attack Protection Examples Watch and Act Upon Usual Events! File Is New Execution Location Low Prevalence Packed Suspiciously Low Prevalence Revoked Certificate

Local Threat Intelligence Adapt and Immunize From Encounter to Containment in Milliseconds Reputation Intelligence YES NO OTHER FILE CHARACTERISTICS Malicious Code Security Management Local Threat Intelligence File Reputation Certificate Reputation 3rd Party File Reputation 3rd Party Cert. Reputation Enterprise Prevalence (Occurrence) Enterprise Age (First Contact) Enterprise File Reputation Enterprise Cert. Reputation Endpoint Context Endpoint Detection Info. ATD Detection Info. Administrator Classifications Existing Files & Certificates New Files & Certificates

Advanced Threat Analysis Reputation Intelligence Malicious Code Security Management Local Threat Intelligence Advanced Threat Analysis

Advanced Threat Analysis Centralized Malware Analysis and Action Reputation Intelligence DYNAMIC ANALYSIS Observe Registry Modifications Observe Network Communications Observe Process Activities Observe File System Changes YES NO YES NO STATIC ANALYSIS Unpacking Malicious Code Security Management Local Threat Intelligence Advanced Threat Analysis Static Analysis of Disassembled Code Discovery of Latent Code Hidden Logic Paths

Extending to the Network The network device can utilize the sandbox to evaluate malware! Reputation Intelligence Network IPS YES NO IPS device evaluates malware inline against AV and reputation. Malicious Code Security Management Local Threat Intelligence Advanced Threat Analysis File moved to the sandbox for analysis Convicted hash populated in malware cache. All future occurrences are thwarted

Extending to the Network Reputation Intelligence Protection Across the Network! Network IPS NGFW Mail Web Malicious Code Security Management Local Threat Intelligence Advanced Threat Analysis All network devices could be updated.

Value of Security Connected Point Products Layered Tools Integrated Tools Security Connected Architecture TCO CapEx + OpEx Security Posture Parity Security Optimization Advancement 30

. Questions Chris_Ellis@McAfee.com

Chris_Ellis@McAfee.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information