ADVANCED THREATS AND INTELLIGENT DEFENSE

Similar documents
Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Spear Phishing Attacks Why They are Successful and How to Stop Them

Using Network Forensics to Visualize Advanced Persistent Threats

Malicious Network Traffic Analysis

The session is about to commence. Please switch your phone to silent!

Using big data analytics to identify malicious content: a case study on spam s

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Practical Steps To Securing Process Control Networks

Advanced Threat Protection with Dell SecureWorks Security Services

Description: Course Details:

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

After the Attack. The Transformation of EMC Security Operations

Advanced Threats: The New World Order

Securing Cloud-Based

Cyber Watch. Written by Peter Buxbaum

DNS Firewall Overview Speaker Name. Date

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Security Analytics for Smart Grid

Fighting Advanced Threats

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Getting Ahead of Advanced Threats

Covert Operations: Kill Chain Actions using Security Analytics

Evolution of attacks and Intrusion Detection

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Introducing IBM s Advanced Threat Protection Platform

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

THE CYBER ESPIONAGE BLUEPRINT: Understanding Commonalities In Targeted Malware Campaigns. Alex Cox, Principal Research Analyst, RSA FirstWatch

Advanced Persistent Threats

RSA Security Analytics


ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Defending Against Cyber Attacks with SessionLevel Network Security

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Defending Against Data Beaches: Internal Controls for Cybersecurity

Breaking the Cyber Attack Lifecycle

Surviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa

Advanced & Persistent Threat Analysis - I

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

THE EVOLUTION OF SIEM

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

RSA Security Anatomy of an Attack Lessons learned

TRENDS IN THE THREAT LANDSCAPE

Proactive security IT body armor against business attacks WHITE PAPER

Exploring the Black Hole Exploit Kit

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

Networks and Security Lab. Network Forensics

Managing Web Security in an Increasingly Challenging Threat Landscape

Deciphering and Mitigating Blackhole Spam from -borne Threats

Obtaining Enterprise Cybersituational

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Security Challenges and Solutions for Higher Education. May 2011

The Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.

Data Center security trends

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Web site security issues White paper November Maintaining trust: protecting your Web site users from malware.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Security Intelligence Services. Cybersecurity training.

Information Protection in Today s Changing Mobile and Cloud Environments

Security A to Z the most important terms

The Future of the Advanced SOC

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

One Minute in Cyber Security

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Protecting Your Organisation from Targeted Cyber Intrusion

SPEAR PHISHING UNDERSTANDING THE THREAT

Visualizing Threats: Improved Cyber Security Through Network Visualization

Bad Romance: Three Reasons Hackers <3 Your Web Apps & How to Break Them Up

Targeted attacks begin with spearphishing

How To Hack An Apple Iphone With A Phishing Kit

Advanced Persistent Threats

Cisco RSA Announcement Update

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

Comprehensive Advanced Threat Defense

Securing Your Business with DNS Servers That Protect Themselves

Hunting for Indicators of Compromise

7 Things All CFOs Should Know About Cyber Security

Promoting Network Security (A Service Provider Perspective)

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Software that provides secure access to technology, everywhere.

Transcription:

ADVANCED THREATS AND INTELLIGENT DEFENSE Amit Yoran Senior Vice President of Products, RSA Session ID: SEC-T04 Session Classification: Intermediate

Agenda Overview of current threats Detection and defense

Threat Landscape Overview Crimeware as a Service (CaaS) DDoS, Hacking services Crimeware Exploit Kits Eleanor, Liberty, Blackhole, Poison Ivy Botnets Zeus, Andromeda, SpyEye Malicious Code & Content Networks (Malnets) Fraud Networks (Fraudnets) Laundering Networks Spam, Spear Phishing and Targeted Phishing Malicious Infector Sites Waterholing Sites APT campaigns SMT campaigns Criminal and subnational campaigns

Scams are getting cooler Betting on Rock Paper Scissors Usual scam links

Manufacturer DDoSed after Firefox announcement Make sure CISO involved in announcements!

Fake identities still big business Generates fake ID data Based upon real people, real data formats Data gleaned from social networking sites

From APTs to SMTs Evolution of advanced threats Advanced Persistent Threat Subversive Multivector Threat Target Military, Intelligence, DIB Much wider realm media, financial services Methods Adaptability Largely exploits technical vulnerability Largely linear in nature until goal is reached Union of technical, people and process weaknesses Highly dynamic based upon path of least resistance Attribution: Gragido/Pirc

Example: The VOHO Campaign? Discovered in July 2012 by RSA FirstWatch Infrastructure was shared for multiple threat campaigns Trojan payload via browser-based exploits to delivers exploits to website visitors At first glance appeared to be garden variety drive by attack However, victims seemed to be geographically clustered Further research found campaign used brand new attack approach utilizing water holing method Multistage Campaign: Redirection with a heavy dependency on JavaScript on two specific domains for majority of promulgation

VOHO Waterholing Attack Flow Who do I want to compromise? What websites do they frequent? Where can I host my malware? How do I get my victims to the watering hole Identify Target compromise hosts Identify Target Websites Create watering hole malware site Compromise Websites to redirect to watering hole

VOHO Watering Hole Leveraged Sample targeted websites (redacted) hxxp://www.xxxxxxxxtrust.com hxxp://xxxxxxxxxcountymd.gov hxxp://xxxxxxcenter.org hxxp:/xxxxxxxpolitics.com hxxp://www.xxxxxantennas.com Water Hole site (redacted) hxxp://xxxxxxxcurling.com

Detection Scenario Look for communication with blacklisted hosts Known C2 sites Known malware domains Look for suspect network traffic Gh0st or HTTPS in first 5 packets of non-rfc compliant session Use of web redirect using xkungfoo script

Indicators Defined To Help Identify Attack Look for Command and Control (C2) IP addresses Look for Control Channel IP addresses Parser created

The Cyber Kill Chain Attribution: Lockheed Martin

The Traditional Security Paradigm Content Filtering Anti-Malware Intrusion Detection Single events are rarely indicative of the scope of an event, and also easily obfuscated.

The Complex Event Paradigm Forensic Use Case Investigate Detection - Miss one event, miss everything. - Big Data visibility, do you have it? - Investigative time is of the essence. - Time proven methodology, but the ability to connect kill chain points has lacked, high potential for failure.

To Defend you need Big Data Infrastructure Need a fast and scalable infrastructure to conduct short term and long term analysis High Powered Analytics Give me the speed and smarts to discover and investigate potential threats in near real time Comprehensive Visibility See everything happening in my environment and normalize it Integrated Intelligence Help me understand what to look for and what others have discovered

Defense Architecture

Summary Adversary is getting smarter Threats evolving to complex mix of technology people and process Defense is a combination of Visibility Analytics Intelligence Response

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information