Presentation is loading. Please wait.

Presentation is loading. Please wait.

Who is MANDIANT?  Engineers, consultants, authors, instructors & security experts  Chased criminals attacking the Fortune 500, govt. contractors, and.

Similar presentations


Presentation on theme: "Who is MANDIANT?  Engineers, consultants, authors, instructors & security experts  Chased criminals attacking the Fortune 500, govt. contractors, and."— Presentation transcript:

1 Who is MANDIANT?  Engineers, consultants, authors, instructors & security experts  Chased criminals attacking the Fortune 500, govt. contractors, and multi- national banks  Responded to over 1 million compromised systems in over 60 organizations  Find evil & solve crime through our products & services  Engineers, consultants, authors, instructors & security experts  Chased criminals attacking the Fortune 500, govt. contractors, and multi- national banks  Responded to over 1 million compromised systems in over 60 organizations  Find evil & solve crime through our products & services

2 2 Services  Incident Response  Incident Response Management  Malware Analysis  Program Development  Incident Response Exercises  Computer Forensics  Forensic Examination  Litigation Support  Expert Testimony  Application & Network Security  Application & Network Assessments  Secure SDLC  Product Testing  Wireless Assessments  Penetration Testing  Social Engineering  Architecture Design  Research & Development  High-Sensitivity  Emerging Issues  Cutting Edge

3 The threats

4 MIR (Host Interrogations)  Made expressly for incident responders − Based on years of IR knowledge − Built by experienced system developers  The right forensic features − Plus real scalability − Equals enterprise IR at speed  Faster, less disruptive, less expensive − Repeatable, more accurate investigations − Comprehensively evaluate the environment

5 Accelerating enterprise IR Investigate entire infrastructure or just a subset based on your needs. Use MANDIANT provided Indicator of Compromise DB or develop your own. MIR Controller and Agents deployed pervasively… or only to systems of interest. Remediation based on a more complete scope of the attack. Organization postured to re-scan with new IOCs or conduct deep- dive investigations on specific assets.

6 NTAP Service (Network Analysis)  Identify Intruder Activities in Near Real-Time − Detect and collect known malicious network traffic − Automatically perform post processing and decryption (when possible)  Describe Attackers Activities and Movement − Determine intent and process of compromise − Determine and understand intruders targeting and methodologies − Discover exfiltrated data from encrypted network streams (when possible)  Provide an Actual Damage Assessment of Attackers Activities

7 What’s an indicator? ANDAND File Path: File Path: \system32\mtxes.dll File Name: File Name: Ripsvc32.dll Service DLL: Service DLL: Ripsvc32.dll PE Time Stamp: PE Time Stamp: 2008/04/04 18:14:25 MD5: MD5: 88195C3B0B349C4EDBE2AA725D3CF6FF Registry Path: Registry Path: \Services\Iprip\Parameters\ServiceDll Registry Text: Registry Text: Ripsvc32.dll ANDAND File Size: File Size: 50,000 to 90,000 OROR File Name: File Name: SPBBCSvc.exe File Name: File Name: hinv32.exe File Name: File Name: vprosvc.exe File Name: File Name: wuser32.exe OROR

8  Washington, DC 675 N. Washington Street Suite 210 Alexandria, VA (703)  New York 24 West 40 th 9 th Floor New York, NY (212)  Los Angeles 400 Continental Blvd El Segundo, CA (310)


Download ppt "Who is MANDIANT?  Engineers, consultants, authors, instructors & security experts  Chased criminals attacking the Fortune 500, govt. contractors, and."

Similar presentations


Ads by Google