Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection Against Spear Phishing and the Modern Cyber Threats.

Similar presentations

Presentation on theme: "Protection Against Spear Phishing and the Modern Cyber Threats."— Presentation transcript:

1 Protection Against Spear Phishing and the Modern Cyber Threats

2 Notable 2011 Breaches

3 Hidden Executables Malware executables delivered within PDFs Vulnerabilities Backdoors in browsers and applications that malware can bypass Portable Storage Devices Malware delivered on portable flash drives and USB sticks Advanced Threat Vectors Advanced Persistent Threat

4 1.6M The amount of unique malicious code seen daily on average 1 55k The number of new malware signatures that are distributed daily 2 90% The number of companies in the US who fell victim to a cyber security breach at least once in the past 12 months 3 1. Source: Symantec. 2. Source: McAfee. 3. Source: Ponemon Institute By the Numbers 4

5 Acceleration of IP Loss 5

6 Criminal Enterprises Broad-based and targeted attacks Financially motivated Getting more sophisticated Hactivists Targeted and destructive attacks Unpredictable motivations Generally less sophisticated Nation-States Targeted and multi-stage attacks Motivated by information and IP Highly sophisticated, endless resources The Advanced Threat Landscape 6

7 The Advanced Threat Workday in Beijing LunchDinner

8 The Advanced Threat… 4 Steps … 4 STEPS Social engineering “email” Malware dropped Malware morphs & moves Data gathered & stolen MEASURE TRUST DETECTPROTECT 8

9 A new approach is required

10 The Solution 10

11 Trust is assigned by user/group/organization Trusted Publisher – Microsoft Trusted User – Trusted Directory – E:\sccm\packages Trusted Updater – WebEx Automatically Trust Software “Pushed” by IT Cloud-Driven Reputation IT sets trust policies for software “pulled” by end users Keylogger 0 Firefox 10 IT-Driven Reputation MarketingFinanceData Center Trust PROVIDE A TRUST RATING ON ALL SOFTWARE Excel.exe 10 Acroread.msi 10 Calc.exe 9 Excel.exe 10 Acroread.msi 10 Calc.exe 9 Firefox 10 Java.dll 10 Exchange 10 Sharepoint 10 VMware.exe 8 0 10 Java.dll 10 5 11

12 MarketingFinanceData Center Real-time Endpoint Sensors to Monitor File Integrity Devices Memory locations Registry Keys OS/application Tampering Security Ops Center SIEM Event correlation Forensic IR Team Track every executable Find out how software arrives Learn how software propagates See if file has executed View full audit trail Detect IDENTIFY RISK x CFS Keylogger Exchange 10 VMware.exe 8 Excel.exe 10 Acroread.msi 10 Calc.exe 9 Sharepoint 10 Excel.exe 10 Acroread.msi 10 Calc.exe 9 Firefox 10 Java.dll 10 Keylogger 12

13 MarketingFinanceData Center Enforcement Policies Protection for: Servers (file, application, SCADA, etc.) Virtualized environments Domain controllers Desktop/laptop endpoints Point-of-sale devices Protect STOP THE APT User & Context-based Trust Policies Microsoft Adobe WebEx Low Enforcement (Monitor unapproved) Med Enforcement (Prompt unapproved) High Enforcement (Block unapproved) Ban unauthorized software Perform emergency lockdown Excel.exe 10 Acroread.msi 10 Calc.exe 9 Excel.exe 10 Acroread.msi 10 Calc.exe 9 Firefox 10 Java.dll 10 Exchange 10 Sharepoint 10 VMware.exe 8 13

14 MarketingFinanceData Center Reports for ongoing security health Baseline drift Health dashboards Event categorization Live inventory SDK Analytics to assess, investigate, and fine-tune your security posture Find file Prevalence Device usage Alerts for unexpected threats or requests For file propagation For integrated helpdesk approval Sent to syslog Sent to email Measure ACTIONABLE SECURITY INTELLIGENCE Audit Governance Compliance SOC Incident Response Track Activity Required For Microsoft Adobe WebEx Excel.exe 10 Acroread.msi 10 Calc.exe 9 Excel.exe 10 Acroread.msi 10 Calc.exe 9 Firefox 10 Java.dll 10 Exchange 10 Sharepoint 10 VMware.exe 8 14

15 The Advanced Threat… 4 Steps … 4 STEPS Social engineering “email” Malware dropped Malware morphs & moves Data gathered & stolen MEASURE TRUST DETECTPROTECT 15

16 Global Software Registry At a Glance Records Indexed> 7.2 Billion Number of Packages> 15.3 Million Unique Hashes> 450 Million Unique Executables> 13 Million New Files Indexed Daily> 8 Million (Average) Archived Packages> 50 TBs File Hash Metadata Source Publisher/certificate First seen/last seen date Product, version AV scan results Vulnerability information Threat level Trust Factor Parity knowledge Forensics (CFS/Analyzer) File Advisor Publish Bit9 Global Software Registry Derive Normalize data Categorize Determine trust vs. threat Analyze AV scanners PE analysis Correlation Extract 140 un-packers 300+ variants Collect Crawlers Partner feeds Subscriptions

17 Servers Under Protection Domain controllers Web servers Application servers Database servers Server Challenges  Security Targeted malware and cyber attacks  Operations Unauthorized configuration changes  Compliance Lack of demonstrable change controls Bit9 Solution Security Application control Device control Memory and registry protection Operations File integrity monitor and control Baseline drift reports Find unplanned changes Compliance Server consistency reports Site integrity validation Advanced Server Protection SharePoint servers Internet Security and Acceleration (ISA) servers Virtual servers

18 Security Information and Event Management (SIEM) Advanced Network Protection Advanced Endpoint Protection Traditional Endpoint Protection (EPP) Traditional Network Protection (IDS/IPS, UTM) New Strategy for the Advanced Threat Incident Response/Forensics

19 Benefits Protect your core IP by stopping the Advanced Threat from critical servers and users Meet compliance requirements such as PCI DSS Improve operational efficiency by reducing IT helpdesk calls and time spent reimaging Reduce costs by understanding all software being used across the enterprise Reduce risk by improving incident response times to quickly and accurately identify high risk files

20 Situation: Gov’t funded facility with ~11,000 machines Critical research to nation’s defense Protect intellectual property, trade secrets Forensics located APTs on machines Client-based attacks identified as the “blind spot” Case Study Federally Funded Research and Development Center Bit9 Solution Stopped APTs and unauthorized software from executing Reduced number of re-images by 92 percent Prevented a non-trusted file “hiding” as Google Earth from executing 20

21 Case Study Situation: Struggling to keep up with advances in malware Breach in a data center highlighted the urgency of the situation Could not stop infection from spreading to thousands of servers Financial Technology Provider Bit9 Solution Mitigated risk on infected or “dirty” machines Delivered instant visibility into applications, utilities, and tools running on servers Locked down hundreds of servers in less than a day Easily scaled to ensure protection across entire data center 21

22 Situation: Improve performance during PCI DSS audits Operating 5,000 machines across 560 stores Must perform frequent/controlled software updates Found unauthorized software on store systems Grocery Retailer Bit9 Solution Achieved PCI DSS compliance Prevented targeted/insider attacks Managed configuration drift Monitored activity and provided alerts about unwanted activity Case Study 22

23 MICROSOFT SQL SERVER Laptops Point of Sale Kiosks ATMs Servers Desktops Clients BIT9 SERVER ACTIVE DIRECTORY SERVER CONSOLE Management ServerSoftware Reputation Service Corporate Endpoints

24 RetailGovernment Technology/ Services FinanceHealthcare Bit9 Confidential Information Industrial Sample Customer List 24


26 Bit9 Company Summary Founded in 2002 with a grant from NIST to build the next generation of Endpoint Security Gartner 2008 Cool Vendor in Infrastructure Protection InfoWorld Technology of the Year award – 2010 Only “10’s” ever given Common Criteria EAL2 Certified GSN “Best Anti-Malware Solution” 2010 PCI DSS - Compensating Control – Requirement 5

27 4 Steps to a Successful Implementation 27 Prepare Implement “We found Bit9 extremely easy to evaluate and implement. The other application control solutions we evaluated were not at all management-friendly.” – Will Bradshaw, Network Administrator, Jungle Jim’s International Market Operate Endpoints Servers Domain Controllers Implementation Plan Protection Compliance TCO Bit9 Training Scope

28 The Advanced Threat Workday in Beijing LunchDinner

29 Integrations include: -Software delivery Patch management systems: System Center, BigFix, LanDesk -Helpdesk trouble ticketing systems -SIEM & Log Management tools: Arcsight, q1labs, syslog -Open APIs: Custom integrations -Endpoint protection platforms -Forensic tools -Governance and compliance tools Support 100,000+ endpoints per Parity Server Scalable server DR/HA support Role-based access controls Approval request workflow Enterprise rules engine IPv6 support Enterprise-Ready Features

30 Parity Console

Download ppt "Protection Against Spear Phishing and the Modern Cyber Threats."

Similar presentations

Ads by Google