Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Published byGiovanna Haste Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine."— Presentation transcript:

1 Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine

2 Palo Alto Networks Modern Malware Elton Fontaine: CCIE, CNSE SE Manager – West Territory Palo Alto Networks

3 What are we seeing

4 Key Facts and Figures - Americas 4 | ©2014 Palo Alto Networks. Confidential and Proprietary. 2,200+ networks analyzed 1,600 applications detected 31 petabytes of bandwidth 4,600+ unique threats Billions of threat logs

5 Common Sharing Applications are Heavily Used 5 | ©2014 Palo Alto Networks. Confidential and Proprietary. Application Variants  How many video and filesharing applications are needed to run the business? Source: Palo Alto Networks, Application Usage and Threat Report. May 2014. Bandwidth Consumed  20% of all bandwidth consumed by file- sharing and video alone

6 High in Threat Delivery; Low in Activity 6 | ©2014 Palo Alto Networks. Confidential and Proprietary.  11% of all threats observed are code execution exploits within common sharing applications  Most commonly used applications: email (SMTP, Outlook Web, Yahoo! Mail), social media (Facebook, Twitter) and file-sharing (FTP) Source: Palo Alto Networks, Application Usage and Threat Report. May 2014.

7 Low Activity? Effective Security or Something Else? 7 | ©2014, Palo Alto Networks. Confidential and Proprietary.

8 Low Activity: Effective Security or Something Else? 8 | ©2014 Palo Alto Networks. Confidential and Proprietary. (7) Code execution exploits seen in SMTP, POP3, IMAP and web browsing. IMAPSMTPPOP3 Web browsing Twitter Facebook Smoke.loader botnet controller  Delivers and manages payload  Steals passwords  Encrypts payload  Posts to URLs  Anonymizes identity

9 Malware Activity Hiding in Plain Sight: UDP 9 | ©2014 Palo Alto Networks. Confidential and Proprietary. End Point Controlled Blackhole Exploit Kit ZeroAccess Delivered $$$ Bitcoin mining SPAM ClickFraud  Distributed computing = resilience  High number UDP ports mask its use  Multiple techniques to evade detection  Robs your network of processing power

10 Unknown UDP Hides Significant Threat Activity 10 | ©2014 Palo Alto Networks. Confidential and Proprietary.  1 application = 96% of all malware logs  ZeroAccess.Gen command & control traffic represents nearly all malware activity Source: Palo Alto Networks, Application Usage and Threat Report. May 2014.

11 Business Applications = Heaviest Exploit Activity 11 | ©2014 Palo Alto Networks. Confidential and Proprietary.  90% of the exploit activity was found in 10 applications  Primary source: Brute force attacks Source: Palo Alto Networks, Application Usage and Threat Report. May 2014.

12 Target data breach – APTs in action Maintain access Spearphishing third-party HVAC contractor Moved laterally within Target network and installed POS Malware Exfiltrated data command-and- control servers over FTP Recon on companies Target works with Breached Target network with stolen payment system credentials

13 Best Practices

14 Security from Policy to Application  What assumptions drive your security policy?  Does your current security implementation adequately reflect that policy?  Doss your current security implementation provide the visibility and insight needed to shape your policy? Assumptions Policy Implementation Visibility & Insight

15 Security Perimeter Paradigm The Enterprise Infection Command and Control Escalation Exfiltration Organized Attackers

16 Is there Malware inside your network today??? Applications provide exfiltration Threat communication Confidential data

17 Application Visibility  Reduce attack surface  Identify Applications that circumvent security policy.  Full traffic visibility that provides insight to drive policy  Identify and inspect unknown traffic

18 Identify All Users  Do NOT Trust, always verify all access  Base security policy on users and their roles, not IP addresses.  For groups of users, tie access to specific groups of applications  Limit the amount of exfiltration via network segmentation 18 | ©2012, Palo Alto Networks. Confidential and Proprietary.

19 Freegate SSL/Port 443: The Universal Firewall Bypass 19 | ©2013 Palo Alto Networks. Confidential and Proprietary. Challenge: Is SSL used to protect data and privacy, or to mask malicious actions? TDL-4 Poison IVY Rustock APT1 Ramnit Bot Citadel Aurora Gozi tcp/443

20 Evolution of Network Segmentation & Datacenter Security Port-hopping applications, Malware, Mobile Users – Different entry points into DC? Layer 7 “Next Generation” Appliance Packet Filtering, ACL’s, IP/Port-based firewalling for known traffic? Layer 1-4 Stateful Firewall

21 Platform Solution

22 Modern Attacks Are Coordinated Bait the end-user 1 End-user lured to a dangerous application or website containing malicious content Exploit 2 Infected content exploits the end-user, often without their knowledge Download Backdoor 3 Secondary payload is downloaded in the background. Malware installed Establish Back-Channel 4 Malware establishes an outbound connection to the attacker for ongoing control Explore & Steal 5 Remote attacker has control inside the network and escalates the attack

23 App-ID URL IPS THREAT PREVENTION Spyware AV Files WildFire Block high-risk apps Block known malware sites Block the exploit Prevent drive-by- downloads Detect unknown malware Block malware Bait the end-user Exploit Download Backdoor Establish Back-Channel Explore & Steal Block spyware, C&C traffic Block C&C on non-standard ports Block malware, fast-flux domains Block new C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Coordinated Threat Prevention An Integrated Approach to Threat Prevention Reduce Attack Surface

24 Adapt to Day-0 threats Threat Intelligence Sources WildFire Users Anti-C&C Signatures Malware URL Filtering DNS Signatures AV Signatures Cloud On-Prem WildFire Signatures ~30 Minutes Daily Constant 1 Week

25 Contextual Awareness

26 26 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Download ppt "Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine."

Similar presentations

Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.

Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Expose The Underground Advanced Persistent Threats

Expose The Underground Advanced Persistent Threats
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.

Similar presentations

Ads by Google