Evolving Threat Landscape



Similar documents
5 Steps to Advanced Threat Protection

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

Unified Security, ATP and more

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

24/7 Visibility into Advanced Malware on Networks and Endpoints

Cisco Advanced Malware Protection for Endpoints

Securing OS Legacy Systems Alexander Rau

Zak Khan Director, Advanced Cyber Defence

The Role of Security Monitoring & SIEM in Risk Management

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

SANS Top 20 Critical Controls for Effective Cyber Defense

The Hillstone and Trend Micro Joint Solution

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Countering Insider Threats Jeremy Ho

How To Create Situational Awareness

End to End Security do Endpoint ao Datacenter

Cisco Advanced Malware Protection for Endpoints

Advanced Threats: The New World Order

SIEM is only as good as the data it consumes

McAfee Network Security Platform

Persistence Mechanisms as Indicators of Compromise

Enterprise Cybersecurity: Building an Effective Defense

RSA Security Analytics

All Information is derived from Mandiant consulting in a non-classified environment.

End-user Security Analytics Strengthens Protection with ArcSight

Protecting Your Organisation from Targeted Cyber Intrusion

SPEAR PHISHING AN ENTRY POINT FOR APTS

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

High End Information Security Services

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Defending Against Data Beaches: Internal Controls for Cybersecurity

IBM Security re-defines enterprise endpoint protection against advanced malware

Unknown threats in Sweden. Study publication August 27, 2014

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

RSA Security Anatomy of an Attack Lessons learned

A Case for Managed Security

Critical Security Controls

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Endpoint Security for DeltaV Systems

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

Injazat s Managed Services Portfolio

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Top 20 Critical Security Controls

Comprehensive Advanced Threat Defense

Host/Platform Security. Module 11

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Concierge SIEM Reporting Overview

The Business Case for Security Information Management

Can We Become Resilient to Cyber Attacks?

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Secure Your Mobile Workplace

Find the needle in the security haystack

Bellevue University Cybersecurity Programs & Courses

Security strategies to stay off the Børsen front page

PCI Data Security Standards (DSS)

IBM Security Strategy

egambit Forensic egambit, your defensive cyber-weapon system. You have the players. We have the game.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Software that provides secure access to technology, everywhere.

Endpoint Threat Detection without the Pain

Endpoint protection for physical and virtual desktops

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Industrial Security for Process Automation

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Secret Server Qualys Integration Guide

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Integrating MSS, SEP and NGFW to catch targeted APTs

BEST PRACTICES. Systems Management.

The SIEM Evaluator s Guide

Practical Threat Intelligence. with Bromium LAVA

Incident Response. Six Best Practices for Managing Cyber Breaches.

Advanced Threat Protection with Dell SecureWorks Security Services

Transcription:

Evolving Threat Landscape

Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions

Growing Risks of Advanced Threats APT is on the rise 71% increase in APT attacks over the past 12 months APT targets any industry 83% of US companies have been hit by the APT APT is low profile 46% say it takes 30 days or more to detect APT is targeted 97% of the 140M records compromised through customized malware APT is elusive AV databases are 20-50% effective at detecting new or low-volume threats

What s Different About the APT? CLASSIC THREAT ADVANCED PERSISTENT THREAT RETRIEVE INFORMATION GAIN ACCESS TO INFORMATION GET IN; GET OUT FOOTHOLD FOR CONTROL ACTIVE HIBERNATES SINGLE ENTRY POINT MAINTAINS MANY ENTRY POINTS WORKS OUTSIDE/IN WORKS INSIDE/OUT MONEY MONEY; POWER; ESPIONAGE

Profile of the APT 1 2 3 4 5 6 7 Establish Trust With Social Engineering Drops Custom Malware on an Endpoint Creates a Backdoor to Ensure Access Moves Laterally To Other Endpoints Establishes a Staging Area Extracts Data Evolves to Evade Detection 7. Malware Morphs 6. Remote Command & Control 5. Build Stolen Data Archives 1. Target Individuals 3. Obtain Elevated Privileges/ Passwords 2. Send malicious email, PDF or URL 4. Migrate to Other Endpoints

Endpoint is a Massive Blind Spot Exponential Growth in AV Signatures 2,895,802 AV signatures Symantec Internet Threat Research Report April 2010 20% to 50% effective at detecting new or low-volume threats. A Buyer s Guide to Endpoint Protection Platforms Gartner, Dec 2010 For Every 10 New Threats Pushing 7,933 AV signatures / day 2002 2003 2004 2005 2006 2007 2008 2009 Stopped Maybe Evade Protection

Advanced Persistent Threat Targets Bit9 Parity Suite Registry Registry Protection APT attempts to change critical resources Config Files Portable Storage Devices Applications Memory File Integrity Monitoring Device Control Application Whitelisting Memory Injection Protection Operating System OS Tamper Protection

Bit9 Overview Advanced Endpoint Protection Parity Suite Portable Storage Devices Registry Settings Configuration Files Parity Visibility Advanced Threat Detection Parity Control Advanced Threat Prevention Applications Memory Operating System Files Parity Knowledge Software Reputation Service Global Software Registry Cyber Forensics Service Software Reputation to Filter Known Good

Bit9 Architecture Clients Management Server Software Reputation Service LAPTOPS CONSOLE DESKTOPS SERVERS GLOBAL SOFTWARE REGISTRY KIOSKS BIT9 PARITY SERVER MSFT SQL SERVER ATMS ACTIVE DIRECTORY SERVER POINT OF SALE Cyber Security Essentials

The New Strategy for Advanced Threats Advanced Network Protection Advanced Endpoint Protection Incident Response/Forensics SIEM APT Event Consolidation Traditional Network Protection Traditional Endpoint Protection

The Power of Correlation 1. Suspicious Network Traffic Alert on SIEM aurora.exe 2. Correlate Network Behavior with Endpoint Events aurora.exe 3. Identify Software Introduced in Last 24 Hrs 1 st Seen 4. Advanced Threat Detection aurora.exe MD5 hash: 93433579104738557312194765176145217231 5. Advanced Threat Protection

Reducing the APT Attack Surface 1 2 3 ESTABLISH EXECUTIVE COMMITMENT DEFINE AND MAP RISK PROFILES ESTABLISH ENDPOINT VISIBILITY AND REPUTATION 4 INTEGRATE EVENTS WITH EXISTING SECURITY FRAMEWORKS 5 COMMUNICATE RISK AND THREATS TO BUSINESS UNITS 6 REDUCE THE APT ATTACK SURFACE

Bit9 Case Study: Military Command Austere Challenge Friendly exercise to test security RED TEAM attempts to penetrate defenses Fishing e-mails have been traditionally successful Detailed in After Action Report (AC08) Bit9 Solution Initial deployed on NIPRNet 100% deterrent of RED TEAM attempts Expanded to SIPRNet

Custom Risk Analysis 2 Day Process Identify High Risk Endpoints Comprehensive Trust Assessment Share Risk Results with Stakeholders Deliverables Comprehensive Software Inventory Baseline Drift Analysis Report Software Risk Analysis Report

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information