Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Prevention anno 2012: Widening the IPS concept.

Similar presentations


Presentation on theme: "Intrusion Prevention anno 2012: Widening the IPS concept."— Presentation transcript:

1 Intrusion Prevention anno 2012: Widening the IPS concept

2 2 Traditional IDS/IPS doesnt cut it anymore… Blended attacks Application-focused attacks Oldies but Goodies still exist Nothing goes away. Ever. Survival instinct of applications much higher than before Built-in evasion techniques Must assume malicious activity occurs within trusted applications Lets take a closer look at some examples…

3 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet - Phishing Employee has clicked a link in a spam and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the compromise of the integrity of the entire network.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. ZEUS/ZBOT contains link to false domain Credentials entered in to fake site BOT infection sent to user as a Facebook Security Update application User installs BOT and is now infected, all data is compromised Connection is then redirected to real Facebook site so user is not suspicious Prevalent today and sold as a crime kit. 3

4 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet – Legitimate Site Compromised Employee access a legitimate site, but it or one of its content providers has been compromised and is now hosting malicious code.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. FakeAV Botnet In 2009 the advertising network used by the New York Times was infected by a malicious flash advertisement Readers were accessing the NYT site but were provided with the infected advertisement This directed users to a site hosting the exploit code to install fake antivirus software.. 4

5 Threat Landscape-Blended Threat & Botnet Examples Targeted Attack – Spear Phishing Using social engineering to distribute s with links to malware, the s are relevant to the corporation being targeted. Infected documents (PDF, DOC, XLS) can use software exploits to infect systems. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. Kneber (Zeus) Botnet In 2010 a spear phishing attack on US.mil and.gov employees by a Zeus variant infected 50,000+ end systems Data stolen included: Corporate Login credentials and webmail access Online Banking sites Social Network credentials SSL Certificates 5

6 Threat Landscape-Blended Threat & Botnet Examples Ransomware Once installed is very difficult to reverse, files are encrypted, this isnt just based on the fear that something might happen, once you are reading the ransom note your data has already been encrypted. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. gpCode Ransomware Once installed searches hard drive for document and media files Files are encrypted with a 1024bit key which only the attacker has the decryption key Ransom note is displayed to user, system continues to operator but data is inaccessible Will encrypt xls, doc, pdf, txt, rar, zip, avi, jpg, mov, etc… 6

7 Addressing the Threat Landscape: Fortinets Next Generation Enterprise Security!

8 Beyond Application Identification Todays Network Security Requires Application Detection, Monitoring, and Control Allowing access to Web 2.0 applications has made enforcing data security policies far more complex User-created content embeds threats in content, pages, links, comments to blogs… Protection against effects of social media applications Data loss Threat propagation Bandwidth consumption Inappropriate use Endpoint to the Core Single pane of glass management for visibility & control 8

9 Life of a Packet with IPS enhancements DoS Policy Inspection addition Inspected first prior to firewall inspection DoS Policy Inspection Firewall Inspection IPS / App. Control AV / WF (Proxy) IN PASS Block (attack) Block (deny) Block (attack / disallowed application) Block (Virus / Web Content Block OUT 9 Fortinet Confidential **Internal view only**

10 Life of a Packet with IPS enhancements IPS & Application Control processing Then hand off to proxies engines DoS Policy Inspection Firewall Inspection IPS / App. Control AV / WF (Proxy) IN PASS Block (attack) Block (deny) Block (attack / disallowed application) Block (Virus / Web Content Block OUT 10 Fortinet Confidential **Internal view only**

11 Three Components Complete Content Protection Requires Identification Customizable list of approximately 2,000 apps, growing weekly Consolidated security: DLP, AV/AS, SSL Inspection, Endpoint protection Monitoring See whats in your network Control Granular control of behavior » Apps & features within apps » Users » Traffic 11

12 Identification Over 2,000 applications »More added every week »Category IM, P2P, Remote Access, Video, etc. »Ranked on popularity & risk »Independent of port, protocol, IP address »Decrypt encrypted traffic Including HTTPS, POP3S, SMTPS and IMAPS protocols 12

13 Identification - Application Botnet Category

14 Monitoring Understand whats in your network »Summary & detailed reports Application usage Behavior of user Bandwidth consumption »Visualization of trends, threats, and behaviors that put your network at risk 14

15 Control Granular control of behavior »Apps & features within apps Categories of apps Individual apps Actions within apps »Users Domain, groups, individual users »Traffic Prioritize Limit access by groups or users »Time of day »Day of week 15

16 Fortinet Confidential Real Threat Protection in Action Innocent Video Link: Redirects to malicious Website Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm Solution: Error message: Drops copy of itself on system and attempts to propagate Out of date Flash player error: Download malware file Problem:

17 17 Consolidated Security with Real Time Updates Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs. Application Control: Unwanted Services and P2P Limiting Botnet command channel, compromised Facebook applications, independent of port or protocol Web Filtering: Multiple categories and Malicious sites Botnet command, phishing, search poisoning, inappropriate content Antispam: Unsolicited messages Phishing, Malware, Social Engineering and Junk Antivirus: All malicious code Documents, macros, scripts, executables Delivered via Web, , USB, Instant messaging, social networks, etc Vulnerability Management: Real time exploit updates Multiple scanning points FortiGate, FortiAnalyzer, FortiWeb, FortiDB, and FortiScan

18 Thank You!


Download ppt "Intrusion Prevention anno 2012: Widening the IPS concept."

Similar presentations


Ads by Google