Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick.

Similar presentations


Presentation on theme: "Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick."— Presentation transcript:

1 Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick

2 About Invincea Heritage and Market Presence Recognition Spun out of a DARPA funded project focusing on advanced malware prevention Headquartered just outside Washington, D.C. Product in market just under 3 years Fortune 1,000 US Federal Government DELL OEM to 20+ MILLION machines annually Protecting nearly 10,000 organizations around the globe!! Management team with successful start-up track records and National Security credentials DARPA BAE Systems RipTech NetWitness ArcSight SINET “Innovator” Award 2010 Global Security Challenge Eastern Region Winner “Most Innovative Company of the Year” – RSA 2011 SINET “Best in Class” Award 2011 GOVTek “Top Company to Watch” in 2012 Governor’s Award 2012– Best Tech Transfer to Start-up GOVTek “Best Security Solution” 2013 Government Security News “Best Anti-Malware Solution” – 2012 & 2013 NVTC 3024 “Cyber-Innovators” Award Awarded $21.4 million research and development contract from DARPA to develop secure Android platform

3 A Four Letter Word… How does the adversary enter your network? Your New Perimeter

4 Incidental Contact How Breaches Happen… Targeted Attacks (APTs) Spear-phishing (95% of all APTs*) -Links to drive-by downloads -Weaponized document attachments Watering hole attacks -Hijacked, trusted sites - Poisoned Search Engine Results - Malicious Websites - Hijacked Legitimate Sites - 30,000 takeovers DAILY** - Social Networking Worms *Both Mandiant and Trend Micro – 2013 Reports ** Sophos – June 2013 Zero-days and New Malware Strains Targeting Browsers, Plug-ins, PDFs and Office Docs

5 ‘11, ‘12 and ’13 (so far) bloodiest years on record… “White House” eCard (spear-phishing) HBGary Federal (social engineering) Night Dragon (spear-phishing) London Stock Exchange Website (watering-hole) French Finance Ministry (spear-phishing) Dupont, J&J, GE (spear-phishing) Nasdaq (spear-phishing) Office of Australian Prime Minister (spear-phishing) RSA (spear-phishing) Epsilon (spear-phishing) Barracuda Networks (spear-phishing) Oak Ridge National Labs (spear-phishing) Lockheed Martin (spear-phishing) Northrup Grumman (spear-phishing) Gannet Military Publications (spear-phishing) PNNL (spear-phishing) ShadyRAT (spear-phishing) DIB and IC campaign (spear-phishing) ‘Voho’ campaign (watering-holes and spear-phishing) ‘Mirage’ campaign (spear-phishing) ‘Elderwood’ campaign (spear-phishing) White House Military Office (spear-phishing) Telvent’ compromise (spear-phishing) Council on Foreign Relations (watering hole) Capstone Turbine (watering hole) RedOctober (spear-phishing) DoE (spear-phishing) Federal Reserve (spear-phishing) NYT, WSJ, WaPO (spear-phishing) South Korea (spear-phishing) 11 Energy Firms (spear-phishing) QinetIQ (TBD) Apple, Microsoft, Facebook (watering-hole) Speedtest.net (gill netting) National Journal (watering hole) FemmeCorp (watering hole) Department of Labor / DoE (watering hole) WTOP and FedNewsRadio (gill netting) Retail - spear-phishing Energy – watering holes Microsoft – spear-phishing A Running Theme… 93-95% of all targeted attacks (APTs) involve the user… (amalgam of Mandiant,VBR,TrendMicro)

6 Results from Invincea Survey ‘Addressing APTs’ Firewalls/Web Proxies Network Controls Anti-Virus Forensics and IR User Training App Whitelisting In Use Confidence 85% 95% 10% 35%75% 85% 5% 65% 45% 65% 85%

7 The Elephant… Stop the insanity! “I’m right there in the room…and no one even acknowledges me.”

8 Protect the New Perimeter… Stop the insanity! “Its the endpoint bro…” Top 3 Reasons we avoid the endpoint… We don’t realize how bad legacy controls really are… We’ve already bogged it down with a bunch of agents… But they AREN’T stopping the threat We’re scared of user revolt But the user DOESN’T want to be your weakest link!

9 Invincea Use Case: Spear-Phishing… Attacks against South Korean banking system March 2013 Widespread attacks Banking system Broadcast networks Appear to have originated in China North Korea suspected Wiper virus similar to Shamoon which attacked Saudi Aramco an other targets Attacks targeted at Information Security professionals… February 2013 Took advantage of global media coverage of Mandiant APT-1 report Legitimate PDF renamed and weaponized Detected in the wild by Invincea – attack stopped at point of opening PDF $200 Billion market swing… April 2013 Spear-phishing attack against the Associated Press Stolen login credentials for AP Twitter account Fake tweet that White House had been bombed sent markets into a tail-spin

10 Invincea Use Case: Watering Hole Attacks… Small defense contractor serving the U.S. Intel community… March 2013 FemmeComp website serving up malware Detected in the wild by Invincea – attack stopped within secure virtual container 3 rd party software developer website used as watering- hole… February 2013 Software developer used by three major high tech companies Microsoft Apple Facebook Department of Labor website serving DoE Nuclear Researchers… May 2013 Hallmarks of known APT acting group Detected in the wild by Invincea – attack stopped within secure virtual container IE-8 zero-day

11 Endpoint Security Reborn! Protect the User Enterprise & Small Business Endpoint Application & Management Server Recommended System Specs: 512 MB RAM, 150 MB free disk space, Intel/AMD x-86 chipset Supported Operating Systems: Windows XP, Windows 7 32 and 64- bit Invincea Management Server Threat Data Server Optional integration to other technologies Config Management Track deployments Manage groups Maintain audit trail Schedule software updates Reporting Multiple deployment options Virtual appliance Physical appliance (1u rack-mounted) Cloud hosted Invincea FreeSpace Endpoint application Priced per seat Protection options: Browser (IE, Firefox, Chrome) PDF Office Suite PPT XLS DOC

12 Secure Virtual Container Hardware

13 Secure Virtual Container Operating System … Operating System …

14 Secure Virtual Container Web Browser

15 Secure Virtual Container Office Applications Excel, Word, PowerPoint Office Applications Excel, Word, PowerPoint

16 Secure Virtual Container Adobe Acrobat Reader … Adobe Acrobat Reader …

17 Secure Virtual Container Browser Toolbars & Widgets

18 Secure Virtual Container Browser Plugins

19 Secure Virtual Container Single Sign-on DLP Host Security Plug-ins Anti-Virus … Anti-Virus …

20 Secure Virtual Container Invincea Communications Interface Secure Virtual Container Virtual File System Behavioral sensors (process, file, network) Command and Control Forensic data capture Secure Virtual Container Virtual File System Behavioral sensors (process, file, network) Command and Control Forensic data capture Virtual Segregation Shim

21 Secure Virtual Container Contained Threats Attacks against the browser, PDF reader, Office suite are air-locked from the host operating system. Detection, kill and forensic capture occurs inside the secure virtual container. Contained Threats Attacks against the browser, PDF reader, Office suite are air-locked from the host operating system. Detection, kill and forensic capture occurs inside the secure virtual container.

22 Free the User | Contain the Threat Protect the mobile workforce left unprotected when they leave the four walls of the network Deliver exactly what the business needs! Unfettered access for the user – even giving things back Protect the network from the user and the user from himself Map the Adversary Real-time vs. post-facto forensics Intelligence fusing Mapping the M.O. and opening the attributional gold mine Reduce Operational Expenses Patching e.g. old/vulnerable versions of Java that can’t be patched due to legacy app incompatibility Incident response Endpoint reimaging Employee downtime Prevent the Breach! Brand protection Mission critical data protection Millions in breach related expenses The Power of Invincea FreeSpace

23 Blazing the Trail IDC Forecasts $1.17bn in Stand Alone spend on Invincea type services by 2017 Specialized Threat Analysis and Prevention market Additive to $10bn endpoint security market “Endpoint security. Don’t just rely upon network security based controls that detect delivery of malicious code. You should also use the new breed of endpoint solutions that detect exploitation of malicious code on the host.” Rick Holland @ Forrester SANS 20 Critical Controls Item 5: Malware Defenses 5.7. Quick wins: Deploy…products that provide sandboxing (e.g., run browsers in a VM), and other techniques that prevent malware exploitation. “By year-end 2016, 20% of enterprises will implement Windows containment mechanisms for end users handling untrusted content and code, up from less than 1% in 2013.” Neil MacDonald @ Gartner “Traditional defense-in-depth components are still necessary, but are no longer sufficient in protecting against advanced targeted attacks and advanced malware. Today's threats require an updated layered defense model that utilizes "lean forward" technologies at three levels: network, payload and endpoint. “ Lawrence Orens and Jeremy D’Hoinne @ Gartner “In what might be described as a sea change, Dell announced a new security suite for its Precision, Latitude and OptiPlex systems…” Wendy Nather @ 451 Group

24 Let’s Talk More… Stop the insanity! Let’s get moving today!!! Darin.dick@invincea.com http://www.invincea.com/get- protected/request-form/


Download ppt "Spear-Phishing, Watering Holes, Drive-by Downloads The Need for Rapid Endpoint Security Innovation Security without Limits Darin Dick."

Similar presentations


Ads by Google