EXPLORING ADVANCED THREATS

Similar documents
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES

NEXT GENERATION SECURE WEB GATEWAY: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE

Decrypt Inbound SSL Traffic for Passive Security Device (D-H)

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Security Report. Security Empowers Business DO NOT ENTER. Blue Coat Research Maps the Web s Shadiest Neighborhoods. September 2015

WAN OPTIMIZATION FOR MICROSOFT SHAREPOINT BPOS

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Blue Coat ICS PROTECTION Scanner Station Version

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM

Blue Coat Security First Steps. Solution for HTTP Object Caching

Data Center security trends

Don t Fall Victim to Cybercrime:

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Protecting against cyber threats and security breaches

Blue Coat Security First Steps Transparent Proxy Deployments

Types of cyber-attacks. And how to prevent them

WHITE PAPER. Understanding How File Size Affects Malware Detection

Blue Coat Security First Steps Solution for Controlling HTTPS

A TECHNICAL REVIEW OF CACHING TECHNOLOGIES

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Network Security and the Small Business

BOOSTING INTERNET ACCESS LINK PERFORMANCE WITH BLUE COAT WAN OPTIMIZATION TECHNOLOGIES

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Top five strategies for combating modern threats Is anti-virus dead?

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

isheriff CLOUD SECURITY

Managing Web Security in an Increasingly Challenging Threat Landscape

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

How To Protect Your Online Banking From Fraud

VIRTUALIZED SECURITY: THE NEXT GENERATION OF CONSOLIDATION

Security Intelligence Services.

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Fighting Advanced Threats

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Security A to Z the most important terms

Building a Business Case:

Things To Do After You ve Been Hacked

Cyber Security Management

Beyond the Hype: Advanced Persistent Threats

Advanced Endpoint Protection Overview

THE WEBPULSE COLLABORATIVE DEFENSE

Spear Phishing Attacks Why They are Successful and How to Stop Them

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Marble & MobileIron Mobile App Risk Mitigation

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

COB 302 Management Information System (Lesson 8)

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Blue Coat Security First Steps Solution for Recording and Reporting Employee Web Activity

Secure Your Mobile Workplace

10 Things Every Web Application Firewall Should Provide Share this ebook

Advanced Persistent Threats

GlobalSign Malware Monitoring

Security Practices for Online Collaboration and Social Media

Agenda , Palo Alto Networks. Confidential and Proprietary.

2012 Endpoint Security Best Practices Survey

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Anti-exploit tools: The next wave of enterprise security

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Netsweeper Whitepaper

Symantec Advanced Threat Protection: Network

Can Your Organization Brave The New World of Advanced Cyber Attacks?

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

IBM Protocol Analysis Module

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

10 Smart Ideas for. Keeping Data Safe. From Hackers

The Business Case for Security Information Management

Internet threats: steps to security for your small business

Advanced Cyber Threats in State and Local Government

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Blue Coat Security First Steps Solution for Streaming Media

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Transcription:

Whitepaper Blue Coat Advanced Threat Protection Series Security Empowers Business EXPLORING ADVANCED THREATS Advanced Threat Protection (ATP) Essentials, Part 1

SECURITY ISN T ONLY ABOUT PREPARING FOR THE WORST Introduction Virtually every article, blog, or white paper about cyber security begins the same way: by trying to scare the living daylights out of you. Horrifying statistics, alarming news reports we re sure you ve seen them. Here s the thing: when you really take a hard look at today s security threats and vulnerabilities, even the new breed of advanced threats, you start to see that security isn t only about preparing for the worst. Security is also about empowerment. When you know enough to implement the right security the right way, security instills confidence, creates opportunities, and opens doors to new possibilities. We ve written this series of papers to help you see advanced threats in a whole new light. Because the more you understand about advanced threat protection, the more you ll understand how it can empower your business. In this paper, we present the basics about advanced threats: what they are, how they differ from traditional threats, where they originate, and how they can impact your business. Then in the next two papers, we take a closer look at how best to mitigate the threats and how to get started putting an effective business empowerment solution in place. 2

Contrasting Basic and Advanced Threats The following are key characteristics of basic and advanced cyber threats: Basic or mass-market threats are the ones everyone should be blocking. They re the known threats against known operating system (OS) or application-level vulnerabilities. They are commonly detected by traditional signature-based network- and endpoint-security defenses, including intrusion prevention systems (IPSs), secure web and e-mail gateways, and antivirus platforms. Advanced threats are unknown threats against unknown OS or application-level vulnerabilities. They can t be detected by traditional signature-based defenses. Advanced threats are far more difficult to detect. Traditional security defenses that rely on pattern-matching signatures are useless. Now it s important to point out traditional defenses such as firewalls, IPSs, and secure web and e-mail gateways are your front line in a defense-in-depth (layered defense) strategy. But you can t rely on these exclusively for detecting today s advanced threats. Basic Threats: Oldies but Baddies The mass-market cyberattacks described in this section are largely mitigated by traditional network and endpoint security solutions. Yet we keep seeing them over and over again because users still fail to take them seriously and protect against them. So reacquaint yourself, because left unchecked any of these could be your downfall. Worms, Trojans, and viruses A computer worm is malware that exploits the vulnerabilities of a computer s OS (such as Microsoft Windows) to self-propagate. Worms can consume large amounts of bandwidth, causing degradations in network performance. Unlike a virus, a worm doesn t attach itself to computer programs or files. A Trojan (or Trojan horse) is malware disguised as a legitimate application to trick a user into installing it on a computer. Unlike worms, Trojans can t propagate to other computers on their own. Instead, they join networks of other infected computers (called botnets), wait to receive instructions from the attacker, and then transfer stolen information. Trojans are commonly delivered through social media and spam e-mails; they may also be disguised as installers for games or applications. A computer virus is malicious code that attaches itself to a program or file so that it can spread from one computer to another, leaving infections as it propagates. Unlike a worm, a virus can t travel without a human helper in this case, a user who sends (usually unknowingly) an infected program or file to another user. Spyware and botnets Spyware is a form of malware that aggregates user information without the user s knowledge and forwards it to the perpetrator via the Internet. Sometimes, spyware is employed for the purpose of advertising (in which case it s called adware and displays pop-up ads). Other times, it s used to collect confidential information such as usernames, passwords, and credit-card numbers. A botnet is a group of internet-connected computers on which malware is running (bots). Bots are often used to commit denial-ofservice attacks (attacks that overload a server s processing power), relay spam, steal data, and/ or download additional malware to the infected host computer. Evolving landscape of modern threats 3

Phishing Phishing is an attempt to steal confidential information usernames, passwords, credit-card numbers, Social Security numbers, and so on via e-mail by masquerading as a legitimate organization. After clicking a seemingly innocent hyperlink in the e-mail, the victim is directed to enter personal information on an imposter website that looks almost identical to the one it s emulating. And it doesn t matter what type of device is being used phishing is device agnostic. In fact, mobile users are sometimes more vulnerable because the smaller screen size may reduce context clues. Baiting Baiting is when a criminal casually drops a USB flash drive or CD-ROM in a public area (perhaps a parking lot or cybercafé) within close proximity of the targeted organization. The media device is labeled with enticing words such as Product Roadmap or Proprietary & Confidential to spark the finder s interest. When the victim inserts the device into her computer, it installs malware. Buffer overflows and SQL injections These two common techniques exploit vulnerabilities in web applications: In a buffer overflow attack a hacker knowingly writes more data into a memory buffer than the buffer is designed to hold. Data spills into adjacent memory, causing the application to execute unauthorized code that may grant the hacker administrative privileges or even crash the system. In a SQL injection attack, the attacker enters SQL statements into a web form in an attempt to pass an unauthorized SQL command to the database. If successful, the attack can give its perpetrator full access to database content such as credit-card numbers, Social Security numbers, and passwords. Malnets A malnet (malware network) employs a distributed network infrastructure in the internet that is purpose built and maintained by cybercriminals to launch a variety of attacks over extended periods of time. Blue Coat estimates that nearly two-thirds of cyberattacks originate from malnets. 4

Advanced Threats: Emerging Dangers Now that you re up to speed on basic threats, let s explore the advanced threats that are emerging. Advanced persistent threats Advanced persistent threats (APTs) also known as advanced targeted attacks (ATAs) are multi-vectored (perpetrated through multiple channels) cyberattacks in which an attacker gains unauthorized network access and stays undetected for a long period. The goal is usually data theft. Let s break down the components of the acronym: Advanced: Attackers use a full spectrum of intrusion technologies and techniques, often exploiting unreported vulnerabilities in operating systems and applications. Persistent: After a network is breached, the perpetrator operates low and slow to remain undetected until the ultimate target has been identified. Threat: The attacker initiates each APT with a specific objective in mind and won t stop until that objective is achieved. Zero-day threats A zero-day threat is a cyberattack on an OS or application vulnerability that s unknown to the general public. It s called a zero-day threat because the attack was launched before public awareness of the vulnerability (on day zero). Polymorphic threats A polymorphic threat is a cyberattack that continuously changes, making it impossible for traditional signature-based security defenses to detect. Blended threats A blended threat employs multiple attack vectors (paths and targets) and multiple types of malware to disguise the attack, confuse security analysts, and increase the likelihood of a successful data breach. Classic examples of blended threats include Conficker, Code Red, and Nimda. Time and the Window of Opportunity Weeks 2% Months 1% Days 13% Hours 60% Seconds 11% Weeks 2% Months 1% Days 13% Hours 60% Seconds 11% Minutes 13% Initial Compromise to Discovery Initial Attack to Compromise Years 4% Months 62% Minutes 1% Hours 84% 9% 78% Minutes 13% Years 4% Months 62% Minutes 1% 84% 78% Days 11% Weeks 12% Hours 9% Days 11% Weeks 12% 5

DATA BREACHES BY THE NUMBERS In 2013, Verizon analyzed 621 data-breach incidents that occurred in 2012, resulting in 44 million compromised records, and came up with the following interesting statistics: 40 percent incorporated malware 52 percent involved some form of hacking 78 percent took weeks, months or years to discover 84 percent compromised their targets in seconds, minutes, or hours 69 percent were discovered by a third party 92 percent were perpetrated by outsiders 95 percent of state-affiliated attacks employed phishing You can download the full report at www.verizonenterprise.com/dbir/2013 Insider threats Not all threats originate outside the network. Some originate within, introduced by two types of users: Malicious users: These users may consist of ill-intentioned contractors, disgruntled employees, or even criminals who use social engineering techniques to gain physical access to the network after being admitted to the building by a negligent receptionist. Unknowing employees: Even well-intentioned employees may bring malwareinfected laptops and mobile devices into the office after surfing the web at home over the weekend. Know Thy Enemy It s not enough just to know what kind of cyberthreats you face. You also need to know the sources and goals of those threats. Here s some insight into potential attackers and potential attacks. Types of attackers Today s cyber-attackers fall into three broad categories: cybercriminals, statesponsored hackers, and hacktivists. Cybercriminals As the name suggests, cybercriminals hack for profit. They penetrate a company s network security defenses in an attempt to steal something valuable (such as credit-card numbers) and sell them on the black market. Today, cybercrime is a multibillion-dollar industry. State-sponsored hackers Cyber-attacks committed by nations against foreign corporations and governments are perpetrated by state-sponsored hackers people who hack for a paycheck with the objective of compromising data, sabotaging systems, or even committing cyber warfare. Hacktivists Hacktivists are computer hackers driven by political ideology. Typical attacks include website defacements, redirects, information theft and exposure, and denial-of-service attacks. 6

Hidden Costs of a Breach The true costs of a breach are difficult to quantify and are often underreported as they re spread across many areas, including both hard-dollar and soft-dollar costs such as: How to Fight Back against Advanced Targeted Attacks Security defenses have traditionally been built with standalone products that protect against known threats. But with today s increasingly sophisticated hackers and advanced threats, that s no longer enough. Investigation and forensics costs Customer and partner communication costs Public relations costs Lost revenue due to damaged reputation Regulatory fines and civil claims Opportunity costs and missed sales due to outages 3 Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Retrospective Escalation Fortify & Operationalize GLOBAL INTELLIGENCE NETWORK 2 Incident Containment Analyze & Mitigate Novel Threat Interpretation 1 Ongoing Operations Detect & Protect Block All Known Threats Unknown Event Escalation What s needed is a way to get the siloes of security solutions working together, sharing intelligence and analysis so that they can adapt, scale, and extend protection to unknown threats as well. What s needed is a lifecycle approach to implementing a complete, multi-layered defense. And it would look something like the diagram below (we ll discuss specific products that implement the lifecycle defense in Part 2 of this white paper series, Buying Criteria for Advanced Threat Protection. ). The three core capabilities of the lifecycle defense include: Ongoing operations: The lifecycle starts with detection and blocking of all known threats as part of routine, day-to-day operations. Unknown threat events are escalated to the containment phase. Incident containment: Unknown (novel) threats are analyzed and mitigated via closed-loop feedback, through which threat intelligence is automatically shared with other security systems to inoculate the organization from future attacks. Threat information is also shared in real time among millions of users in thousands of organizations via a global intelligence network, so the defense system can learn, adapt, and evolve to stay a step ahead of advanced threats. Incident resolution: Breaches that do occur are investigated, analyzed, and quickly remediated, and the resulting intelligence is shared via the global intelligence network, which in turn helps convert unknown threats into known threats. This lifecycle approach can help organizations prepare for advanced and unknown attacks that occur so that companies can mitigate the damage, resolve the issue quickly, learn from incidents, and apply new intelligence so that future attacks do not succeed. Simply put, the lifecycle defense is part of a holistic security approach that integrates prevention of known threats with preparedness and response so new threats can be identified and swiftly remediated. Figure 1: A three-stage, lifecycle approach to advanced threat protection. 7

Security Empowers Business 2013 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheEOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, Mach5, Packetwise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, See Everything. Know Everything., Security Empowers Business, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.wp-advanced-threat-protection-en-v1f-1113 Blue Coat Systems Inc. www.bluecoat.com Corporate Headquarters Sunnyvale, CA +1.408.220.2200 EMEA Headquarters Hampshire, UK +44.1252.554600 APAC Headquarters Singapore +65.6826.7000 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information