1 / 25

Criminal Enterprises Broad-based and targeted attacks Financially motivated

The Advanced Threat Landscape. Hactivists Targeted and destructive attacks Unpredictable motivations Generally less sophisticated. Nation-States Targeted and multi -stage attacks Motivated by information and IP Highly sophisticated, endless resources. Criminal Enterprises

darva
Download Presentation

Criminal Enterprises Broad-based and targeted attacks Financially motivated

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Advanced Threat Landscape • Hactivists • Targeted and destructive attacks • Unpredictable motivations • Generally less sophisticated • Nation-States • Targeted and multi-stage attacks • Motivated by information and IP • Highly sophisticated, endless resources Criminal Enterprises • Broad-based and targeted attacks • Financially motivated • Getting more sophisticated

  2. Acceleration of Intellectual Property Loss: Significant Breaches of 2012 Oct Sept May Aug Mar Feb Apr Oct May Aug Mar July Apr Jan Jun Jun Sept July Jan Nov Feb

  3. 2013 is not starting off any better…..

  4. Recent findings from Mandiant • Telvent (Schneider Electric) successfully hacked into by Comment Crew (cybercrime crew) • Power Grids • Oil & Gas • Transportation • Water • Global services • And more!

  5. Java Problems

  6. Attackers adjust their approach.. Do adjust your defense? • Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook) • Palo Alto Networks put out a study recently finding: • Attackers have shifted from email exploits to web-based exploits • Web pages load instantly and can be tweaked on the fly versus waiting for email attack to work • 94% of undetected malware came from web-browsers or web proxies • 95% of the FTP based exploits were never detected by anti-virus • 97% used non-standard ports to infect systems • Palo Alto recommends the following: • Investigate unknown traffic • Restrict rights to DNS domains • Real-time detection and blocking • More fully deployed antimalware technology

  7. Have Hackers invented something earth shattering? USA Today on 3/27/13 by Geoff Collins • Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes. • But consider this: a vast majority of hacks are stunningly simple to deflect. • president of product management at 1E

  8. What they found out….. Really? • Australia's Defense Signals Directorate (DSD) and the U.S. National Security Agency (NSA) independently surveyed the techniques hackers used to successfully penetrate networks. NSA , in partnership with private experts, and DSD each came up with a list of measures that stop almost all attacks. • DSD found that just four risk reduction measures block most attacks. Agencies and private companies implementing these measures saw risk fall by 85 percent and, in some cases, to zero. • president of product management at 1E

  9. So what ARE the four simple measures? • First is "Application white-listing," which allows only authorized software to run on a computer or network. • Second is very rapid patching of Operating Systems and software. • This is very rapid patching of software • The fourth is minimizing the number of people on a network who have "administrator" privileges. • president of product management at 1E

  10. REQUIREMENTS Real-time visibility Every server/desktop/laptop Every executable and invocation Every critical system resource Define your trust policies What do you trust? (all else is “untrusted” by default) Apply your trust policies Detection Protection Incident response/forensics Trust-based Security: A New Approach Only trusted software PROACTIVE 1 2 3 Mobile Cloud-based servers Desktops/laptops Database •  Applications • Email • Storage • VDI • Domain • Controllers • Mac PC Fixed-function Virtual/physical servers ATMs Kiosks Point of sale

  11. Complementary and Integrated Technologies Virtual/physical servers Unprecedented Protection Against Advanced Threats email Desktops/laptop web traffic file share Fixed-function Automatically Real-time endpoint sensor Prioritize Alerts Network monitoring Scope Infection Detonates files Stops untrusted software Analyze Behavior Proactively Protect File inventory & audit trail Malware notifications

  12. Sensor Strategy – Faster Response & Improved Security + • Industry FIRSTS: • Combine a real-time endpoint sensor and continuous recorder with network detection to automatically confirm and prioritize alerts 1 • Immediate enterprise-wide visibility into all systems infected by malwarediscovered by network detection 2 • Automatically configure trust-based endpoint and server protection based on events identified by network file analysis 3 • Immediate access to any file on any system across the enterprise and automatically submits it for detonation and analysis. 4

  13. Bit9 Integration with Leaders in Network Security Next-Generation Network Security Next-Generation Endpoint and Server Security • Prioritize alerts • Protectendpoints and servers • Remediateby identifyingaffected endpoints and servers Incoming files on network Correlate endpoint/server and network data Transfer alerts “Detonate” files for analysis Analyze files on endpoints and servers Retrieve files from endpoints and servers Submit files

  14. Addressing Critical Security Challenges “Prioritize: I am receiving network malware alerts, how do I prioritize them?” 1 Did the malware land on my machines? How many machines? Did it execute? How severe is the threat? “Protect: How do I stop the malware from spreading?” 2 How do I immediately ban the malware from all endpoints and servers? “Remediate: Where do I start remediation?” 3 Which machines are affected? Who is patient zero? What else happened around this time? “Analyze: an unknown file arrived on an endpoint or server: is it malware? 4 What will it do if I allow it to execute? Should I ban it or approve it? Am I going to approve an APT?

More Related