1 / 15

Next Generation Threat Protection

Next Generation Threat Protection. Randy Lee– Sr. SE Manager. # of threats are up 5X Nature of threats changing From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating High profile victims common (e.g., RSA, Symantec, Google)

annona
Download Presentation

Next Generation Threat Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next Generation Threat Protection Randy Lee– Sr. SE Manager

  2. # of threats are up 5X Nature of threats changing From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating High profile victims common (e.g., RSA, Symantec, Google) Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro The Acceleration of Advanced Targeted Attacks Cyber-espionage and Cybercrime Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Cybercrime Damage of Attacks Spyware/Bots Disruption Worms Viruses 2004 2006 2008 2010 2012 “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012

  3. High Profile Attacks are Increasingly Common Coke Gets Hacked And Doesn’t Tell Anyone By Ben Elgin, Dune Lawrence & Michael Riley - Nov 4, 2012 6:01 PM ET Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time.

  4. We are Only Seeing the Tip of the Iceberg Headline Grabbing Attacks Thousands More Below the Surface APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

  5. Traditional Defenses Don’t Work Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses

  6. Defining Advanced Targeted Attacks • Utilizes advanced techniques and/or malware • Unknown • Targeted • Polymorphic • Dynamic • Personalized • Uses zero-dayexploits, commercial quality toolkits, and social engineering • Often targets IP, credentials and often spreads laterally throughout network • AKA—Advanced Persistent Threat (APT) The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted ADVANCED Advanced Targeted Attack TRADITIONAL

  7. Advanced Malware Infection Lifecycle 1 • System gets exploited • Drive-by attacks in casual browsing • Links in Targeted Emails • Attachments in Targeted Emails • Dropper malware installs • First step to establish control • Calls back out to criminal servers • Found on compromised sites, and Web 2.0, user-created content sites • Malicious data theft & long-term control established • Uploads data stolen via keyloggers, Trojans, bots, & file grabbers • One exploit leads to dozens of infections on same system • Criminals have built long-term control mechanisms into system Compromised Web server, or Web 2.0 site Callback Server 2 Perimeter Security Signature, rule-based Other gateway List-based, signatures Anti-spam 3 Email Servers DMZ Desktop antivirus Losing the threat arms race

  8. Malware Analysis • What types of Malware Analysis should you do?

  9. Case Study: Operation Aurora Infection Cycle 1 • System gets exploited • Social engineering • Obfuscated JavaScript code • Exploited IE 6 zero-day vulnerability • Web server delivers malware • Servers mapped by dynamic DNS • XOR encoded malware EXE delivered • No Signatures • Malware calls home & long-term control established • Complete control of infected system • Further payloads downloaded • C&C located in Taiwan • Using outbound port 443 (SSL) Callback Server Malicious Web server 2 3 Desktop antivirus Losing the threat arms race

  10. Captured Aurora on Day Zero Signature-less detection of zero-day attack Malicious binary download posing as JPG Decryption routine for “a.exe”

  11. Captured Aurora on Day Zero Decryption complete. MD5 of Hydraq.Trojan Hydraq callback captured

  12. Requirements for APT Detection / Protection 1. Dynamic defenses to stop targeted, zero-day attacks 2. Real-time protection to block data exfiltration attempts 3. Accurate, low false positive rates 4. Global intelligence on advanced threats to protect the local network

  13. Who is Mission Critical Systems? • Southeast based Information security solutions reseller & integrator in business for over 15 years. Headquarters in South Florida with additional offices in Atlanta and Tampa. • Network and Data security solutions are our only focus • Representing 20+ best-of-breed security products at either Platinum/Elite or Gold level partner status. Our relationships and status with the manufacturers allow us to leverage significant resources and hold manufacturers accountable. • Sales consultants and engineers maintain manufacturer certifications to ensure we provide accurate information to help customers achieve their security goals and not purchase unnecessary technologies. • We work on behalf of the customer to design the appropriate solution for their security needs, negotiate the best value, and ensure a successful project roll-out.

  14. Professional Services • Installation, Configuration and Support Services • Security Assessment and Audits • Vulnerability Scanning / Penetration Testing • Web Application Assessment • Secure Network Design • Telephone Support Contracts • Training

  15. Thank You

More Related