Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye.

Similar presentations


Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye."— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 3 Company Overview The leader in stopping advanced targeted attacks Marquee customers across every industry –Top banks, hi-tech, oil and gas, government –All major Internet search engines, top social networks, and auction sites One of the fastest growing enterprise technology companies in the world

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Manufacturing Hit Worst

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Dont Take Usual Vacations ( Attacks)

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7

8 8 Chinese Hacking Methodology

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Chinese Hacking Methodology - Translated

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Characteristics of Malware Stealth Level Ranges from High to Low Target Vulnerability Unpatched machines, plug-ins, browsers Intended victim(s) Specific victims - using Spearphishing Objectives Theft? Disruption? Fear?

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 High Profile APT Attacks Are Increasingly Common

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKAAdvanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 Traditional Defenses Dont Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Typical Enterprise Security Architecture Firewalls/ NGFW Block IP/port connections, application-level control, no visibility into exploits and ineffective vs. advanced targeted attacks IPS Attack-signature based detection, shallow application analysis, high- false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script-based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature-based detection (some behavioral); no true spear phishing protection Desktop AVDesktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing s Multi-Vector Delivered via Web or Blended attacks with containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

16 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

17 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 FireEye Malware-VM Filter Phase 1: Aggressive capture heuristics Deploys out-of-band/passive or inline Multi-protocol capture of HTML, files (e.g. PDF), & EXEs Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis Confirmation of malicious attacks Removal of false positives Phase 3: Block Call Back Stop data/asset theft XML/SNMP alerts on infections as well as C&C destinations Global loop sharing into MAX Cloud Intelligence Fast Path Real-time Blocking in Appliance Phase 3

18 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 The FireEye Difference Multi-Vector Protection Protection against Web attacks Protection against attacks Protection against file-based attacks Multi-Stage Protection Inbound zero-day exploit detection Outbound malware callback blocking Malware binary payload analysis Latent malware quarantine Multi- Vector Multi- Stage

19 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 Multi-Vector Protection Blended Web/ Threats Internal Lateral Movement of Threats Web Threats Threats CMS

20 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 LATERAL SPREAD Multi-Staged Attack Pieces Connected Point Products WEB EXPLOIT MALWARE EXECUTABLE DOWNLOAD CALLBACK WEB OR EXPLOIT MALWARE EXECUTABLE DOWNLOAD DATA EXFILTRATION CALLBACK LATERAL MOVEMENT DATA EXFILTRATION

21 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Inline blocking both inbound and outbound Advanced content analysis (PDF, JavaScript, URLs) Models up to 1 Gbps at microseconds latency FEATURES Web Malware Protection System Inline, real-time, signature-less malware protection at near-zero false positives Analyzes all web objects, e.g., web pages, flash, PDF, Office docs and executables Blocks malicious callbacks terminating data exfiltration across protocols Dynamically generates zero-day malware and malicious URL security content and shares through Malware Protection Cloud network Integration with and File MPS and MAS for real-time callback channel blocking

22 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 Supports large range of file types (PDF, Office formats, ZIP, etc.) Attachment analysis URL analysis Correlation of malicious URLs to s at the CMS FEATURES Malware Protection System Protection against spear phishing and blended attacks Analyzes all s for malicious attachments and URLs In-line MTA active security or SPAN/BCC for monitoring Brute-force analysis of all attachments in VX Engine Web MPS integration for malicious URL analysis/blocking Web MPS integration for blocking of newly discovered callback channels

23 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 File Malware Protection System Supports large range of file types (PDF, Office, ZIP, etc.) CIFS support Malicious file quarantine Integration via CMS FEATURES Protects file sharing servers from latent malware Addresses malware brought into the network via web or or file sharing as well as other manual means Detects the lateral spread of malware through network file shares Continuous and incremental network file share analysis Web MPS integration for blocking of newly discovered callback channels

24 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Multi-Layered Threat Intelligence Sharing Local Sharing Seconds Internal Feedback Loop Web MPS Cross-Enterprise Sharing Central Management System Global Sharing Cross-Enterprise Web MPS Deployment Many 3 rd party Feeds Validated by FireEye Technology

25 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Summary Pace of advanced targeted attacks is accelerating, affecting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and gateways) no longer stop these attacks Real-time, integrated signature- less solution is required across Web, and file attack vectors FireEye has engineered the most advanced threat protection to supplement traditional defenses and stop advanced targeted attacks Complete Protection Against Advanced Targeted Attacks Web Malware Protection System Malware Protection System File Malware Protection System

26 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Enjoy the rest of the show! Thank You!


Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye."

Similar presentations


Ads by Google