We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKayla MacGregor
Modified over 2 years ago
Modern Malware Mixer
Jul-10Jul-11 Palo Alto Networks at a Glance Corporate Highlights Disruptive Network Security Platform Safely Enabling Applications Able to Address All Network Security Needs Exceptional Growth and Global Presence Experienced Technology and Management Team 800+ Employees Revenue Enterprise Customers $MM FYE July Page 2 | © 2012 Palo Alto Networks. Proprietary and Confidential. Jul-12
Leading the Way in Next-Generation Firewalls © 2012 Palo Alto Networks. Proprietary and Confidential.Page 3 | Gartner Enterprise Network Firewall Magic Quadrant - Palo Alto Networks recognized as a Leader Forrester IPS Market Overview - Strong IPS solution; demonstrates effective consolidation NetworkWorld Test - Most stringent NGFW test to date; validated sustained performance NSS Tests - IPS: Palo Alto Networks NGFW tested against competitors standalone IPS devices; NSS Recommended - Firewall: traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended - NGFW: Palo Alto Networks best combination of protection, performance, and value; NSS Recommended (1 of only 3)
What Has Changed / What Is the Same The attacker changed - Nation-states - Criminal organizations - Political groups Attack strategy evolved - Patient, multi-step process - Compromise user, then expand Attack techniques evolved - New ways of delivering malware - Hiding malware communications - Signature avoidance The Sky is Not Falling - Not new, just more common - Solutions exist - Dont fall into the APT ate my homework trap Page 4 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Strategy: Patient Multi-Step Intrusions The Enterprise Infection Command and Control Escalation Exfiltration Organized Attackers Page 5 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Challenges to Traditional Security Threats coordinate multiple techniques, while security is segmented into silos - Social Engineering, Exploits, malware, spyware, obfuscation all part of a patient, multi-step intrusion Threats take advantage of security blind spots to keep from being seen - Patient attacks must repeatedly cross the perimeter without being detected Targeted and custom malware can bypass traditional signatures - The leading edge of an attack is increasingly malware that has never been seen before Page 6 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Regaining Control over Modern Threats New Requirements for Threat Prevention 1. Visibility into all traffic regardless of port, protocol, evasive tactic or SSL 2. Stop all types of known network threats (IPS, Anti-malware, URL, etc.) while maintaining multi-gigabit performance 3. Find and stop new and unknown threats even without a pre-existing signature Page 7 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Visibility © 2012 Palo Alto Networks. Proprietary and Confidential.Page 8 | Visibility is fundamental - You cant stop what you cant see - Virtually all threats other than DoS depend on avoiding security Full stack inspection of all traffic - All traffic, on all ports, all the time - Progressive decoding of traffic to find hidden, tunneled streams - Contextual decryption of SSL Control the applications that hide traffic - Limit traffic to approved proxies, remote desktop applications - Block bad applications like encrypted tunnels, circumventors
Control the Methods Threats Use to Hide Encrypted traffic SSL is the new standard Proxies Reverse proxies are hacker favorites Remote desktop Increasingly standard Compressed content ZIP files, compressed HTTP Encrypted tunnels Hamachi, Ultrasurf, Tor Purpose-built to avoid security Encryption (e.g. SSL) Compression (e.g. GZIP) Proxies (e.g. CGIProxy) Circumventors and Tunnels Outbound C&C Traffic If you cant see it, you cant stop it Page 9 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Block the Applications That Hide Traffic Block unneeded and high-risk applications Block (or limit) peer-to-peer applications Block unneeded applications that can tunnel other applications Review the need for applications known to be used by malware Block anonymizers such as Tor Block encrypted tunnel applications such as UltraSurf Limit use to approved proxies Limit use of remote desktop Page 10 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Control Known Threats Validated and proven IPS - 93.4% Block Rate at NSS Labs while maintaining data sheet performance Stream-based anti-malware - Millions of malware samples, 50,000 new samples analyzed daily - Stream-based analysis enables in- line analysis at line speeds Full context - Clear visibility into all URLs, users, applications and files connected to a particular threat Brute Force Code-Execution Denial of Service Data Leakage Overflow Scanning SQL Injection Botnets Browser Hijacks Adware Backdoors Keyloggers Net-Worms Peer-to-Peer Page 11 |© 2012 Palo Alto Networks. Proprietary and Confidential.
Add Protections without Sacrificing Performance Page 12 |© 2012 Palo Alto Networks. Proprietary and Confidential. Firewall + IPS Firewall + anti-spyware + antivirus Firewall + anti-spyware + antivirus + IPS 7000 6000 5000 4000 3000 2000 1000 0 Mixes HTTP 10KB HTTP512KB HTTP Source: Network World, August 2011
Single-Pass Parallel Processing (SP3) Architecture Single Pass Operations once per packet - Traffic classification (app identification) - User / group mapping - Content scanning – threats, URLs, confidential data One policy Parallel Processing Function-specific parallel processing hardware engines Separate data / control planes Up to 20Gbps, Low Latency © 2012 Palo Alto Networks. Proprietary and Confidential.Page 13 |
© 2012 Palo Alto Networks. Proprietary and Confidential.Page 14 | Okay, but what about unknown and targeted malware?
The Malware Window of Opportunity Time required to capture 1 st sample of malware in the wild Time required to create and verify malware signature Time before antivirus definitions are updated Days and weeks until users are protected by traditional signatures Total Time Exposed © 2012 Palo Alto Networks. Proprietary and Confidential.Page 15 |
Attackers Target the Window of Opportunity © 2012 Palo Alto Networks. Proprietary and Confidential.Page 16 | Refreshed Malware Malware Construction KitsTargeted Attacks
Controlling Unknown Malware Using the Next-Generation Firewall Introducing WildFire - New feature of the Palo Alto Networks NGFW - Captures unknown inbound files and analyzes them for 70+ malicious behaviors - Analysis performed in a cloud-based, virtual sandbox Automatically generates signatures for identified malware - Infecting files and command-and-control - Distributes signatures to all firewalls via regular threat updates Provides forensics and insight into malware behavior - Actions on the target machine - Applications, users and URLs involved with the malware © 2012 Palo Alto Networks. Proprietary and Confidential.Page 17 |
WildFire Architecture © 2012 Palo Alto Networks. Proprietary and Confidential.Page 18 | WildFire Analysis Center Potentially malicious files from Internet Protection delivered to all customer firewalls Policy-based forwarding to WildFire for analysis Sandbox-based analysis looks for over 80 malicious behaviors Generates detailed forensics report Creates antivirus and C&C signatures
Case Study - Password Stealing Botnets Overview Threat Type Botnet, similar to the notorious ZeuS banking botnet Target Targets end-users with the goal of stealing passwords Transmission Methods Heavy use of email, Some use of HTTP Key Actions Steals email and FTP credentials Steals cookies from browsers Decrypts and sniffs SSL sessions Uses anti-VM techniques File Name(s) American_Airlines_E-Ticket-printing-copy DHL-express-tracking-delivery-notification Initial Detection Rates Very low detection rates, sometimes for several days. Heavy use of packers. © 2012 Palo Alto Networks. Proprietary and Confidential.Page 20 |
Case Study: Re-emergence of Waledac Originally a spamming botnet, taken down by Microsoft in 2010 when the C2 servers were taken over On Feb 2nd 2012, WildFire detected new variant of Waledac code on customer networks Botnet has been enhanced to obtain credentials for FTP, SMTP, POP3, and more with full packet capture on the host Since initial discovery, WildFire has seen hundreds of unique samples of the botnet malware across 78 customer networks © 2012 Palo Alto Networks. Proprietary and Confidential.Page 21 | Antivirus signature distributed to Palo Alto Networks customers within 24 hours Sample went undetected by all major AV products for 2 weeks
Malware Analysis © 2012 Palo Alto Networks. Proprietary and Confidential.Page 22 |
Malware Analysis © 2012 Palo Alto Networks. Proprietary and Confidential.Page 23 |
Malware Analysis © 2012 Palo Alto Networks. Proprietary and Confidential.Page 24 |
Case Study - Enterprise Phishing Shipping and security are common topics for enterprise phishing - Fake DHL, USPS, UPS and FedEx delivery messages - Fake CERT notifications Ongoing phishing operations - Large volumes of malware – commonly in the top 3 of daily unknown malware seen in enterprises - Correlate new malware talking back to the same malware servers - Refreshed daily to avoid traditional AV signatures © 2012 Palo Alto Networks. Proprietary and Confidential.Page 25 | USPS Report DHL-international-shipping-ID DHL-international-shipping- notification DHL-Express-Notification-JAN United-Parcel-Service-Invoice US-CERT Operations Center Report USPS-Failed-Delivery_Notification Malware
Trusted Sources CNET / Download.com Strong reputation for providing safe downloads of shareware and freeware that are verified to be malware free In early December 2011 WildFire began identifying files from Download.com as containing spyware CNET had begun providing software downloads in a wrapper that installed subtle spyware designed to track shopping habits Changed a variety of client and browser security settings Changed security settings Changed proxy settings Changed Internet Explorer settings Installed a service to leak advertising and shopping data over HTTP POSTs © 2012 Palo Alto Networks. Proprietary and Confidential.Page 26 |
An Integrated Approach to Threat Prevention © 2012 Palo Alto Networks. Proprietary and Confidential.Page 27 | Reduce the attack surface Remove the ability to hide Prevent known threats Exploits, malware, C&C traffic Block known sources of threats Be wary of unclassified and new domains Pinpoint live infections and targeted attacks Decreasing Risk Applications All traffic, all ports, all the time Application signatures Heuristics Decryption Exploits & Malware Block threats on all ports NSS Labs Recommended IPS Millions of malware samples Dangerous URLs Malware hosting URLs Newly registered domains SSL decryption of high-risk sites Unknown & Targeted Threats WildFire control of unknown and targeted malware Unknown traffic analysis Anomalous network behaviors
© 2012 Palo Alto Networks. Proprietary and Confidential. Page 28 |
Grand Prize Drawing – Ignite User Conference © 2012 Palo Alto Networks. Proprietary and Confidential.Page 29 | Winners Selected Oct 15 – Fill out Survey to Qualify
Application Visibility Report (AVR) Report will include: - Top Applications and High Risk processes on your network - Applications that can use HTTP / Port 80 to communicate - Top URL destination categories being visited by your employees - Geographic distribution of your internet traffic – both inbound and outbound – sorted by country - Use of non-standard ports by ANY application – FTP, SSH, RDP, Telnet, etc… - Top Exploits – Intrusions, Virus, Spyware, Botnets, etc. - Top Attackers and Top Victims - Sensitive data leaving your network - Top File Types being transmitted on your network © 2012 Palo Alto Networks. Proprietary and Confidential.Page 30 | See Flyer in Modern Malware for Dummies book for details
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
Palo Alto Networks Jay Flanyak Channel Business Manager
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
What Are We Missing? Practical Use of the Next-Generation Firewall: Controlling Modern Malware and Threats Jason Wessel – Solutions Architect.
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
1 | © 2016, Palo Alto Networks. Confidential and Proprietary. P ALO A LTO N ETWORKS - N EXT G ENERATION S ECURITY P LATFORM Mikko Kuljukka Janne Volotinen.
Practical Use of the Next-Generation Firewall: Controlling Modern Malware and Threats.
Intrusion Prevention anno 2012: Widening the IPS concept.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
LittleOrange Internet Security an Endpoint Security Appliance.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Security fundamentals Topic 10 Securing the network perimeter.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Palo Alto Networks Product Overview Data Connectors March 7, 2013.
What Did You Do At School Today Junior? Ethan West – Palo Alto Networks Systems Engineer.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Detrick Robinson & Amris Treadwell. Computer viruses- are pieces of programs that are purposely made up to infect your computer. Examples: › Internet.
A l a d d i n. c o m eSafe 6 FR2 Product Overview.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Application Usage and Risk Report 7 th Edition, May 2011.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
Norman SecureSurf Protect your users when surfing the Internet.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES Establish secure topologies. Secure.
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
© 2017 SlidePlayer.com Inc. All rights reserved.