Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Similar presentations


Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager."— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 The Acceleration of Advanced Targeted Attacks # of threats are up 5X Nature of threats changing –From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating –High profile victims common (e.g., RSA, Symantec, Google) –Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems. Gartner, Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Worms Viruses Disruption Spyware/ Bots Cybercrime Cyber-espionage and Cybercrime Damage of Attacks

3 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 High Profile Attacks are Increasingly Common By Ben Elgin, Dune Lawrence & Michael Riley - Nov 4, :01 PM ET Hackers had broken into the companys computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time. Coke Gets Hacked And Doesnt Tell Anyone

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We are Only Seeing the Tip of the Iceberg Headline Grabbing Attacks Thousands More Below the Surface APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Traditional Defenses Dont Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKAAdvanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Malware Infection Lifecycle Desktop antivirus Losing the threat arms race Compromised Web server, or Web 2.0 site Callback Server Perimeter Security Signature, rule-based Other gateway List-based, signatures System gets exploited Drive-by attacks in casual browsing Links in Targeted s Attachments in Targeted s Dropper malware installs First step to establish control Calls back out to criminal servers Found on compromised sites, and Web 2.0, user-created content sites Malicious data theft & long- term control established Uploads data stolen via keyloggers, Trojans, bots, & file grabbers One exploit leads to dozens of infections on same system Criminals have built long-term control mechanisms into system Anti- spam DMZ Servers

8 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 Malware Analysis What types of Malware Analysis should you do? Malware Analysis Static Analysis SignatureHeuristics Dynamic Analysis Discrete Object analysis Contextual Analysis

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Case Study: Operation Aurora Infection Cycle Desktop antivirus Losing the threat arms race Malicious Web server Callback Server System gets exploited Social engineering Obfuscated JavaScript code Exploited IE 6 zero-day vulnerability Web server delivers malware Servers mapped by dynamic DNS XOR encoded malware EXE delivered No Signatures Malware calls home & long-term control established Complete control of infected system Further payloads downloaded C&C located in Taiwan Using outbound port 443 (SSL)

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Captured Aurora on Day Zero Signature-less detection of zero-day attack Decryption routine fora.exe Malicious binary download posing as JPG

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Captured Aurora on Day Zero Decryption complete. MD5 of Hydraq.Trojan Hydraq callback captured

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 Requirements for APT Detection / Protection 1. Dynamic defenses to stop targeted, zero-day attacks 2. Real-time protection to block data exfiltration attempts 3. Accurate, low false positive rates 4. Global intelligence on advanced threats to protect the local network

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 Who is Mission Critical Systems? Southeast based Information security solutions reseller & integrator in business for over 15 years. Headquarters in South Florida with additional offices in Atlanta and Tampa. Network and Data security solutions are our only focus Representing 20+ best-of-breed security products at either Platinum/Elite or Gold level partner status. Our relationships and status with the manufacturers allow us to leverage significant resources and hold manufacturers accountable. Sales consultants and engineers maintain manufacturer certifications to ensure we provide accurate information to help customers achieve their security goals and not purchase unnecessary technologies. We work on behalf of the customer to design the appropriate solution for their security needs, negotiate the best value, and ensure a successful project roll-out.

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Professional Services Installation, Configuration and Support Services Security Assessment and Audits Vulnerability Scanning / Penetration Testing Web Application Assessment Secure Network Design Telephone Support Contracts Training

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Thank You


Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager."

Similar presentations


Ads by Google