Advanced threat protection
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Advanced Threat Protection PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on
  • Presentation posted in: General

Advanced Threat Protection. Notable 2011 Breaches. Advanced Threat Vectors. Hidden Executables Malware executables delivered within PDFs Vulnerabilities Backdoors in browsers and applications that malware can bypass Portable Storage Devices

Download Presentation

Advanced Threat Protection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Advanced threat protection

Advanced Threat Protection


Notable 2011 breaches

Notable 2011 Breaches


Advanced threat protection

Advanced Threat Vectors

  • Hidden Executables

  • Malware executables delivered within PDFs

  • Vulnerabilities

  • Backdoors in browsers and applications that malware can bypass

  • Portable Storage Devices

  • Malware delivered on portable flash drives and USB sticks

Advanced

Persistent

Threat


Advanced threat protection

By the Numbers

The number of new malware signatures that are distributed daily2

1.6M

The amount of unique malicious code seen daily on average1

55k

The number of companies in the US who fell victim to a cyber security breach at least once in the past 12 months3

90%

1. Source: Symantec.

2. Source: McAfee.

3. Source: Ponemon Institute


Advanced threat protection

Acceleration of IP Loss


Advanced threat protection

The Advanced Threat Landscape

Criminal Enterprises

  • Broad-based and targeted attacks

  • Financially motivated

  • Getting more sophisticated

  • Hactivists

    • Targeted and destructive attacks

    • Unpredictable motivations

    • Generally less sophisticated

  • Nation-States

    • Targeted and multi-stage attacks

    • Motivated by information and IP

    • Highly sophisticated, endless resources


Advanced threat protection

The Advanced Threat…

4 STEPS

4 Steps …

Social

engineering

“email”

Malware

dropped

Malware

morphs &

moves

Data

gathered &

stolen

TRUST

DETECT

PROTECT

MEASURE


Advanced threat protection

A new approach is required


Advanced threat protection

The Solution


Advanced threat protection

Trust

PROVIDE A TRUST RATING ON ALL SOFTWARE

Cloud-Driven

Reputation

Automatically Trust Software “Pushed” by IT

IT-Driven

Reputation

Trusted Publisher – Microsoft

Trusted User – [email protected]

Trusted Directory – E:\sccm\packages

Trusted Updater – WebEx

IT sets trust policies for software “pulled” by end users

Firefox 10

10

Java.dll10

5

Keylogger0

0

Excel.exe 10

Acroread.msi10

Calc.exe9

Firefox 10

Java.dll10

Excel.exe 10

Acroread.msi10

Calc.exe9

VMware.exe8

Exchange10

Sharepoint10

Data Center

Finance

Marketing

Trust is assigned by user/group/organization


Advanced threat protection

Detect

IDENTIFY RISK

SIEM

Event

correlation

Real-time Endpoint Sensors to Monitor

File Integrity

Devices

Memory locations

Registry Keys

OS/application Tampering

Security Ops

Center

CFS

Forensic IR Team

Track every executable

Find out how software arrives

Learn how software propagates

See if file has executed

View full audit trail

Excel.exe 10

Acroread.msi10

Calc.exe9

Firefox 10

Java.dll10

Excel.exe 10

Acroread.msi10

Calc.exe9

VMware.exe8

Exchange10

Keylogger

Sharepoint10

Keylogger

Keylogger

x

Data Center

Finance

Marketing


Advanced threat protection

Protect

STOP THE APT

Enforcement Policies

Protection for:

Low Enforcement (Monitor unapproved)

Med Enforcement (Prompt unapproved)

High Enforcement (Block unapproved)

Ban unauthorized software

Perform emergency lockdown

Servers (file, application, SCADA, etc.)

Virtualized environments

Domain controllers

Desktop/laptop endpoints

Point-of-sale devices

User & Context-based Trust Policies

Excel.exe 10

Acroread.msi10

Calc.exe9

Firefox 10

Java.dll10

Excel.exe 10

Acroread.msi10

Calc.exe9

VMware.exe8

Microsoft

Adobe

WebEx

Exchange10

Sharepoint10

Data Center

Finance

Marketing


Advanced threat protection

Measure

ACTIONABLE SECURITY INTELLIGENCE

Reports for ongoing security health

  • Baseline drift

  • Health dashboards

  • Event categorization

  • Live inventory SDK

Track Activity Required For

Audit

Governance

Compliance

SOC

Incident Response

Analytics to assess, investigate, and fine-tune your security posture

  • Find file

  • Prevalence

  • Device usage

Alerts for unexpected threats or requests

  • For file propagation

  • For integrated helpdesk

  • approval

  • Sent to syslog

  • Sent to email

Excel.exe 10

Acroread.msi10

Calc.exe9

Firefox 10

Java.dll10

Microsoft

Adobe

WebEx

Excel.exe 10

Acroread.msi10

Calc.exe9

VMware.exe8

Exchange10

Sharepoint10

Data Center

Finance

Marketing


Advanced threat protection

The Advanced Threat…

4 STEPS

4 Steps …

Social

engineering

“email”

Malware

dropped

Malware

morphs &

moves

Data

gathered &

stolen

TRUST

DETECT

PROTECT

MEASURE


Advanced threat protection

Bit9 Global Software Registry

Publish

File Hash Metadata

  • Source

  • Publisher/certificate

  • First seen/last seen date

  • Product, version

  • AV scan results

  • Vulnerability information

  • Threat level

  • Trust Factor

  • Parity knowledge

  • Forensics (CFS/Analyzer)

  • File Advisor

Derive

  • Normalize data

  • Categorize

  • Determine trust vs. threat

Analyze

  • AV scanners

  • PE analysis

  • Correlation

Extract

  • 140 un-packers

  • 300+ variants

Collect

  • Crawlers

  • Partner feeds

  • Subscriptions


Advanced threat protection

Advanced Server Protection

  • Server Challenges

    • Security

    • Targeted malware and cyber attacks

    • Operations

    • Unauthorized configuration changes

    • Compliance

    • Lack of demonstrable change controls

  • Bit9 Solution

    • Security

    • Application control

    • Device control

    • Memory and registry protection

    • Operations

    • File integrity monitor and control

    • Baseline drift reports

    • Find unplanned changes

    • Compliance

    • Server consistency reports

    • Site integrity validation

Servers Under Protection

  • Domain controllers

  • Web servers

  • Application servers

  • Database servers

  • SharePoint servers

  • Internet Security and Acceleration (ISA) servers

  • Virtual servers


Advanced threat protection

New Strategy for the Advanced Threat

Advanced

Network Protection

Advanced

Endpoint Protection

Incident Response/Forensics

SIEM – APT Event Consolidation

Traditional

Endpoint Protection

Traditional

Network Protection


Benefits

Benefits

Protect your core IP by stopping the Advanced Threat from critical servers and users

Improve operational efficiency by reducing IT helpdesk calls and time spent reimaging

Reduce costs by understanding all software being used across the enterprise

Reduce risk by improving incident response times to quickly and accurately identify high risk files

Meet compliance requirements such as PCI DSS


Advanced threat protection

Case Study

Federally Funded Research and Development Center

Situation:

  • Gov’t funded facility with ~11,000 machines

  • Critical research to nation’s defense

  • Protect intellectual property, trade secrets

  • Forensics located APTs on machines

  • Client-based attacks identified as the “blind spot”

Bit9 Solution

  • Stopped APTs and unauthorized software from executing

  • Reduced number of re-images by 92 percent

  • Prevented a non-trusted file “hiding” as Google Earth from executing


Advanced threat protection

Case Study

Financial Technology Provider

Situation:

  • Struggling to keep up with advances in malware

  • Breach in a data center highlighted the urgency of the situation

  • Could not stop infection from spreading to thousands of servers

  • Bit9 Solution

    • Mitigated risk on infected or “dirty” machines

    • Delivered instant visibility into applications, utilities, and tools running on servers

    • Locked down hundreds of servers in less than a day

    • Easily scaled to ensure protection across entire data center


Advanced threat protection

Case Study

Grocery Retailer

  • Situation:

  • Improve performance during PCI DSS audits

  • Operating 5,000 machines across 560 stores

  • Must perform frequent/controlled software updates

  • Found unauthorized software on store systems

  • Bit9 Solution

  • Achieved PCI DSS compliance

  • Prevented targeted/insider attacks

  • Managed configuration drift

  • Monitored activity and provided alerts about unwanted activity


Advanced threat protection

Corporate Endpoints

Clients

Management Server

Software Reputation Service

Laptops

CONSOLE

Desktops

Servers

Kiosks

Bit9

server

Microsoft

SQL SERVER

ATMs

Active

Directory

server

Point of Sale


Advanced threat protection

Sample Customer List

Technology/Services

Government

Healthcare

Finance

Retail

Industrial

Bit9 Confidential Information


  • Login