Cybersecurity: An Innovative Approach to Advanced Persistent Threats



Similar documents
Modular Network Security. Tyler Carter, McAfee Network Security

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Defending Against Data Beaches: Internal Controls for Cybersecurity

End-user Security Analytics Strengthens Protection with ArcSight

Critical Security Controls

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Caretower s SIEM Managed Security Services

Information Security for the Rest of Us

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Payment Card Industry Data Security Standard

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

74% 96 Action Items. Compliance

Internet threats: steps to security for your small business

Security Information & Event Management (SIEM)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Chapter 1 The Principles of Auditing 1

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Enterprise Cybersecurity: Building an Effective Defense

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Braindumps QA

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

All Information is derived from Mandiant consulting in a non-classified environment.

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Redefining SIEM to Real Time Security Intelligence

Protecting the un-protectable Addressing Virtualisation Security Challenges

External Supplier Control Requirements

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

KEY TRENDS AND DRIVERS OF SECURITY

Protection Against Advanced Persistent Threats

Cisco Advanced Malware Protection for Endpoints

Fighting Advanced Threats

UNCLASSIFIED. General Enquiries. Incidents Incidents

Endpoint Security for DeltaV Systems

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

RSA Security Analytics

Presented by: Mike Morris and Jim Rumph

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Digital Pathways. Penetration Testing

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

Data Center security trends

Secure Your Mobile Workplace

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

The Role of Security Monitoring & SIEM in Risk Management

IBM Security Strategy

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Driving Company Security is Challenging. Centralized Management Makes it Simple.

A Decision Maker s Guide to Securing an IT Infrastructure

How To Protect Yourself From A Hacker Attack

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

High End Information Security Services

Sophos SG 1 Session: Sophos UTM

KEY STEPS FOLLOWING A DATA BREACH

Security Services. 30 years of experience in IT business

OPC & Security Agenda

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Industrial Security for Process Automation

The Protection Mission a constant endeavor

Firewall and UTM Solutions Guide

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

13 Ways Through A Firewall

INFORMATION PROTECTED

Concierge SIEM Reporting Overview

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

APT Advanced Persistent Threat Time to rethink?

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Practical Steps To Securing Process Control Networks

McAfee - Overview. Anthony Albisser

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Next Generation IPS and Reputation Services

McAfee Security Architectures for the Public Sector

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Cisco & Big Data Security

Transcription:

Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee

This is who I am 2

This is what I do 3

Student B The Hack Pack I used to do this 4

Then I did this which was really cool 5

Then I worked for these guys 6

Until these guys flew airplanes into my building - which really pissed me off 7

Then I went to work for these guys Capitol Hill 8

Now I work for these guys 9

I used to be this guy 10

And now I m this guy (applause now, please!) 11

Just moved to Texas and bought a Ford F150 truck 12

Look a little closer 13

Agenda: Advanced Persistent Threats How We Got Here What Are Advanced Persistent Threats? What Should We Be Doing? 14

How We Got Here

Financial gain Weaponization APT (Advanced Persistent Threats) 1990 s 2000 2004 2008 2010 Today Just for the thrill of it Corporate / government espionage Purpose The world is changing 16

Key trends and drivers of security Mobility The Cloud Emerging Threats Regulatory and Compliance Mobile devices Social media Cloud services Nonstandard Global threat intelligence Security-as-a- Service 17 Decrease in time to exploit Targeted attacks Advanced persistent threats SOX, PCI, EU Privacy FISMA ISO 27001 Other regulations

Today s threat environment 18

Security Architecture Design & Implementation Firewall Protection at Perimeter DMZ (single tier) for Internet facing services VPN for Remote Access Two-Factor Authentication 24x7x365 IDS monitoring Monthly vulnerability scanning Comprehensive patching and antivirus program SPAM filtering A well-trained internal security team Typical Security Office Activities 19

What are Advanced Persistent Threats?

What is Advanced Persistent Threat? Advanced Persistent Threat is not normal malware. It s a group of highly-skilled, determined actors who are financed to go after intellectual property or commit espionage. There s a language barrier We see the same thing differently 21

An example Compromise several internal hosts Using unknown malicious code Install user and kernel mode root kits Data mining tools Find desktop systems of key users for compromise Deploy key loggers widely Target corporate executives & key users Infiltrate via home, laptop systems and mobile devices Copy *.data, compress, encrypt and send Go to sleep, set a schedule 22

What Should We Be Doing?

Build your architecture and trust it Security Architecture Design & Implementation Next Gen Firewall Protection DMZ (multiple tier) for Internetfacing services VPN for Remote Access Authentication Framework NetFlow Wireless Umbrella Follow-the-sun Security Operations Center Continuous monitoring Correct security posture for all devices Email filtering Web filtering Forensics Trust your infrastructure to stop 99% of threats 24

Network Architecture Your generalpurpose network is compromised (Internet2) Everybody on the Outside Tiered Network Protect IP in secure enclaves Internal Enclaves 25

Advanced Threat Defense Find, freeze, fix Find: hunt the 1% Freeze: Freeze threat and prevent infection of other devices Fix: Identify devices requiring remediation; streamline response across all endpoints Why it s important (Internet2) Integrated solutions combining network and endpointlevel visibility and controls are the best way to combat targeted attacks and quickly enable remediation 26

Volume 75 Billion Malware Reputation Queries/Month 20 Billion Email Reputation Queries/Month 2 Billion IP Population Queries/Month 300 Million IPS Attacks/Month 100 Million IP Port Reputation Queries/Month 100+ BILLION QUERIES Breadth and Depth Malware: 60 Million Endpoints Email: 30 Million Nodes Web: 45 Million Endpoint and Gateway Users Intrusions: 4 Million Nodes 100+ MILLION NODES, 120 COUNTRIES Advanced Threat Defense: Global Threat Intelligence 27

How it works Internet File Reputation Request Network Connection Reputation Network PS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed

Multi-vector protection Internet Network Reputation (High Risk) Network PS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed

Data Centers Across the Globe 30

Mobility and the Cloud The Challenge No clear boundary between the enterprise and consumer APT becomes easier when lines are blurred Identity and authentication even more important Only host-based security for cloud servers Need for Adaptive Authentication Understand you, your device, your location Challenge you with a relevant set of credentials Trust calculation changes based on location, device and what you are trying to access Need Encryption 31

Summary The world has changed, and threats are becoming more complex APT has emerged as a different kind of threat Need to redesign and re-engineer your architecture (culture): trust your infrastructure, take your warfighters off the fence and turn them into hunters Authentication frameworks and encryption will become more important, as mobility accelerates and we move to fat clouds and thin clients Keep score with the bad guys when you play the game Remember: this is a marathon, not a sprint 32

Questions Does anyone have any questions for my answers? - Henry Kissinger 33

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information