1 / 17

AT&T Security Technologies Improving Enterprise Security Against Emerging Threats

AT&T Security Technologies Improving Enterprise Security Against Emerging Threats. Jim Boxmeyer Director of Cyber Intelligence and Incident Response Twitter: @ jboxmeyer. AT&T Security Process. Before Security Event & Threat Analysis. After Security Event & Threat Analysis. Discovery.

kevina
Download Presentation

AT&T Security Technologies Improving Enterprise Security Against Emerging Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AT&T Security TechnologiesImproving Enterprise Security Against Emerging Threats Jim BoxmeyerDirector of Cyber Intelligence and Incident ResponseTwitter: @jboxmeyer

  2. AT&T Security Process Before Security Event & Threat Analysis After Security Event & Threat Analysis • Discovery • Discovery • Lessons Learned • Lessons Learned • Identification • Identification • Containment • Containment • Recovery • Recovery • Eradication • Eradication • Hundred’s of thousands of log entries • 2 – 3 Hours to handle a case • 500 – 600 cases per day • 600+ Million log entries per day • 10 Minutes to handle a case • 40 cases per day

  3. Transforming Cyber Security • Web-based Information Collection • Broad Network Mapping Web-based Information Collection • Vulnerability Exploitation • Malware Installation • Web-based Information Collection • Web-based Information Collection • SocialEngineering • Targeted • Scan • Password Guessing • Reconnaissance • Scanning • System Access • Damage • Track Coverage Preventive Phase(Defense) Reactive Phase (Defense) AT&T Security ServicePrimary Emphasis

  4. AT&T Expertise • Network Traffic Analysis • Botnet Tracking Analysis • Internet Baseline • Anomaly Detection • DNS Analysis • Route Analysis • Registry Analysis • Passive Monitoring • Capture Malware • Monitor Attacks / Infections • Develop Signatures • Massive Data Volumes • Network Flow Analysis (8B+) • Enterprise log events (600M) • 28P per day traffic volumes • Malware Analysis • Passive Capture • Automated Analysis • Develop Signatures

  5. Internet Baseline

  6. AT&T Analysis Volume • Currently processing more than 8 billion records per hour. • Representing more than 2.6 Petabytesof traffic per day.

  7. Internet Scanning Detection

  8. Botnets, Malware, and Advanced Persistent Threat (APT)

  9. Malware Analysis & Botnet Tracking

  10. Malware Analysis & Botnet Tracking • Capture Communication • Retrieves malware • Checks Anti-virus detection (submits undetected) • Identifies network observable behavior • Short & long-term controlled operation & reporting • Tracks status in database • Determine new communications to monitor • Analyze Communication • Tracking several hundred known botnets • thousands of servers • hundreds of thousands of bots • Monitoring command and control channels • file transfers • attacks • recruiting and reconnaissance activities • Analyze Malware for Behavior • Capture New Malware • Thousands of malware updates retrieved • Approx 70+% NOT detected by Anti-virus

  11. AT&T Intelligence Sharing • Botnet Data • Signatures • Blocking • Alerting • Research • Network • Enterprise • Spam Sources • Controllers • Malicious DNS • Internet Protect • Learn Techniques • Improve Automation • Customer Alerts

  12. Cyber Threat Report http://techchannel.att.com

  13. Advanced Persistent Threat (APT) Willing to take steps to defeat security layers Develop technology to accomplish objectives Patience and careful planning and research Hard to detect. Difficult to remove. Persistent! Advanced Persistent Threat

  14. Typical APT Malware Behavior APT Research Protocol Monitoring Domain Tracking APT Alarms

  15. Security Operations

  16. AT&T Security Operations System Security Event & Threat Analysis AT&T Labs Research • Tools development • Network Research • 1,200 + world’s best scientists at six locations • 2 Patents Average per day CSO Technologies • Security Research • AT&T Security Technologies • Patented Technologies and processes 10+ years in development AT&T Network • 28+ Petabytes of Traffic/day • Enormous Statistical analysis • Unique view of the world’s IP traffic ExperiencedPeople • 1,500+ Security Professionals • Industry Leaders • Experienced Scientists and Engineers

More Related