Advanced Persistent Threats

Similar documents
Combating the Next Generation of Advanced Malware

Spear Phishing Attacks Why They are Successful and How to Stop Them

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Fighting Advanced Threats

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Advanced Persistent Threats

Data Center security trends

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Securing Cloud-Based

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Ostrich Effect In Search Of A Realistic Model For Cybersecurity

The Cyber Crime Guide for Small and Midsize Businesses

Secure Your Mobile Workplace

The Hillstone and Trend Micro Joint Solution

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

White. Paper. Understanding and Addressing APTs. September 2012

Breaking the Cyber Attack Lifecycle

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

Anti-exploit tools: The next wave of enterprise security

White. Paper. Good Enough Security Is No Longer Good Enough. January 2013

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Practical Steps To Securing Process Control Networks

Perspectives on Cyber Security Strategies & Tactics

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Defending Against Cyber Attacks with SessionLevel Network Security

Advanced Targeted Attacks

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

The Future of Cyberattacks

IBM Smarter Cities Cybersecurity Update

Penetration Testing The Red Pill

Perspectives on Cybersecurity in Healthcare June 2015

One Minute in Cyber Security

Integrating MSS, SEP and NGFW to catch targeted APTs

The Advanced Cyber Attack Landscape

SPEAR-PHISHING ATTACKS

REVOLUTIONIZING ADVANCED THREAT PROTECTION

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

2012 Bit9 Cyber Security Research Report

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

After the Attack. The Transformation of EMC Security Operations

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Unified Security, ATP and more

Content Security: Protect Your Network with Five Must-Haves

FortiGuard Security Services

5 Design Principles for Advanced Malware Protection

WHITE PAPER ADVANCED TARGETED ATTACKS: How to Protect Against the New Generation of Cyber Attacks SECURITY REIMAGINED

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

IBM Security re-defines enterprise endpoint protection against advanced malware

A New Approach to Assessing Advanced Threat Solutions

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Connected Threat Defense Strategy. Eva Chen, Co-Founder and CEO

A Case for Managed Security

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

CISO Guide to Next Generation Threats

Evolution Of Cyber Threats & Defense Approaches

Summary of the State of Security

Security Analytics for Smart Grid

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Advanced Persistent Threats: Detection, Protection and Prevention

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

INDUSTRY OVERVIEW: FINANCIAL

Cisco Advanced Malware Protection for Endpoints

Trust the Innovator to Simplify Cloud Security

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Security strategies to stay off the Børsen front page

Covert Operations: Kill Chain Actions using Security Analytics

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

24/7 Visibility into Advanced Malware on Networks and Endpoints

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

EMERGING TRENDS IN ENTERPRISE MOBILITY AND SECURITY. Presented by: Don Gulling, CEO, Verteks Consulting

Today s New Breed of -based Cyber Attacks and What it Takes to Defend Against Them

Defense Against the Dark Arts: Finding and Stopping Advanced Threats

Securing the endpoint and your data

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Agenda , Palo Alto Networks. Confidential and Proprietary.

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Advanced Cyber Threats in State and Local Government

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

Beyond the Hype: Advanced Persistent Threats

Can We Become Resilient to Cyber Attacks?

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Advanced Persistent Threats

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

Transcription:

Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected?

Current Threat Landscape 2

Global Threat Landscape: Threats Rising!

The Cloud s Becoming Suspect

Snowden Effect Influences Encryption

Information Security Trends Attackers more sophisticated Mobile attacks increase Ransomware is hot Attacks more targeted Security s a boardroom conversation You will get breached Internet of Things (IoT) Threat Intelligence gains prominence Encryption use grows Governments more involved

You ve Heard the APT spiel, for sure An Advanced Persistent Threat (APT) is a very high-tech, cutting edge attack leveraged to gain prolonged, stealthy control over a high value political or business target. Three APT Attributes: 1. Advanced 2. Persistent 3. Targeted

APTs are Only Nation-State Right? These don t affect me, right?

Advanced Threats Timeline Nation-states / Political Criminals / Private China-based C&C Spear Phishing Political Targets Four 0day PLC Rootkit Broke Centrifuges 0day Word flaw Iran, Sudan, Syrian Cyber Espionage Targeted Lebanon USB LNK Flaw APT Bank Trojan 152M records 0day Coldfusion Stolen source GhostNet Stuxnet Duqu Gauss Adobe Mar. 2009 Jan. 2010 Jun. 2010 Mar. 2011 Jun. Sep. 2012 2011 May 2012 Jan. 2013 Oct. 2013 Dec. 2013 Operation Aurora RSA/Lockheed Flame NYTimes Target IE 0day Comment Crew (CN) Stole Gmail and Src 0day Flash Flaw 0dayTrojan Stole SecureID Info 0day MS Cert Flaw Stole IP Target Iranian Oil China-based Spear phishing 0day malware 40M CCNs 0day malware Partner access 2009 2010 2011 2012 2013 2014

Modern Evasive Malware Advanced Persistent Threats How WatchGuard Protects

Advanced Threats Require Defense-in-Depth Advanced threats, by definition, leverage multiple vectors of attack. No single defense will protect you completely from computer attacks Firewall Intrusion Prevention System AntiVirus AntiSpam Reputation Services APT Protection The more layers of security you have, the higher chance an additional protection might catch an advanced threat that other layers might miss.

Cyber Kill Chain 3.0 ( the WatchGuard Edition) Reconnaissance Delivery Compromise/Exploit Infection/Installation Command and Control (C&C) Lateral Movement / Pivoting Objectives/Exfiltration *Cyber Kill Chain is an intelligence defense-driven process registered by Lockeed Martin

WatchGuard Breaks the Cyber Kill Chain Reconnaissance Delivery Compromise/Exploit Infection/Installation Command and Control (C&C) Lateral Movement / Pivoting Objectives/Exfiltration

APT Techniques Trickle Down Today, normal criminal malware exploits the same advanced tactics as nation-state APTs. Every organization is at risk of advanced threats! Zeus copies Stuxnet 0day exploit Criminals use evasive malware (Cryptolocker) Zeus uses stolen certificates Criminal spear phishing Criminal watering hole attacks

Advanced Phishing Hosts Compromised Opportunistic Attacks Hosts Compromised Is Anti-Virus Really Dead? Traditional antivirus software is best used to combat opportunistic (untargeted) attacks, offering effective and efficient protection following the creation of a signature. THRESHOLD OF DETECTION Signature available Goal for the cyber miscreant is to maximize slope. Time THRESHOLD OF DETECTION Signature available? Goal for the cyber miscreant is to minimize slope. Time Source: Jeffrey J Guy; Director, Product Management; Bit9/Carbon Black

APT Blocker How Does it Work (1) The «legacy» infection process 12 The Once attacker the malware buildspackage generic as been malware recognized to attack large no. of victims base Target: a signature is created and bytecode is damages comparedto against as much those assignatures possible hosts stored into AV DB Malware is distributed using: - phishing, spear phishing, - drive-by download on crowded, generic, communities and web services drive-by download mail GAV Signature DB (updated) attacker

APT Blocker How Does it Work (2) The «APT» approach > targeted for A 12 The attacker only way builds we have SPECIFIC today to (targeted) identify these threats packed is to launch (i.e. encrypted), them! malware to attack A s victim base Target: data An hash leaks/spy/damages for the malware isto calculated A s assets and compared on the cloud, just to check if it has been already found A can be a company, pool of targeted victims, Malware If not... an is array distributed of sandoboxes using: (Lastline) are used to lauch -the phishing, malware, spear inspect phishing, the code to and A sbehaviour users & «relatives» of the malware -on drive-by the victim s download system, on then communities is classified visitedatby runtime A s users drive-by download for A s victims mail sandbox cloud array attacker

That s why APT Blocker fills that security gap! Identifies and submits suspicious files to cloud-based, next-generation, full system emulation sandbox Provides real-time threat visibility; protection in minutes not hours Analyzes comprehensive set of files (Executables, Office documents, PDFs & Android APKs) Detects Zero Day Malware Scalable; inspects millions of objects at any given time Not fooled by evasion

Emilio Tonelli emilio.tonelli@watchguard.com Info&Sales: italy@watchguard.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information