Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Similar presentations


Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye."— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2

3 3 Company Overview The leader in stopping advanced targeted attacks Marquee customers across every industry –Top banks, hi-tech, oil and gas, government –All major Internet search engines, top social networks, and auction sites One of the fastest growing enterprise technology companies in the world

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Manufacturing Hit Worst

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 Don’t Take Usual Vacations ( Attacks)

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7

8 8 Chinese Hacking Methodology

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Chinese Hacking Methodology - Translated

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Characteristics of Malware Stealth Level Ranges from High to Low Target Vulnerability Unpatched machines, plug-ins, browsers Intended victim(s) Specific victims - using Spearphishing Objectives Theft? Disruption? Fear?

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 High Profile APT Attacks Are Increasingly Common

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 We Are Only Seeing the Tip of the Iceberg HEADLINE GRABBING ATTACKS THOUSANDS MORE BELOW THE SURFACE APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKA—Advanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 The Enterprise Security Hole Web-based Attacks NGFW FW IPS SWG AV Attack Vector SECURITY HOLE Malicious Files Spear Phishing s

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Traditional Defenses Don’t Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

16 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 16 Typical Enterprise Security Architecture Firewalls/ NGFW Block IP/port connections, application-level control, no visibility into exploits and ineffective vs. advanced targeted attacks IPS Attack-signature based detection, shallow application analysis, high- false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script-based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature-based detection (some behavioral); no true spear phishing protection Desktop AVDesktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks

17 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 17 Attacks Increasingly Sophisticated Dynamic Web Attacks Malicious Exploits Spear Phishing s Multi-Vector Delivered via Web or Blended attacks with containing malicious URLs Uses application/OS exploits Multi-Stage Initial exploit stage followed by malware executable download, callbacks and exfiltration Lateral movement to infect other network assets

18 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 18 The Attack Lifecycle – Multiple Stages Exploitation of system 1 3 Callbacks and control established 2 Malware executable download Compromised Web server, or Web 2.0 site 1 Callback Server IPS 3 2 Malware spreads laterally 4 Data exfiltration 5 File Share 2 File Share 1 5 4

19 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 19 FireEye Malware-VM™ Filter Phase 1: Aggressive capture heuristics  Deploys out-of-band/passive or inline  Multi-protocol capture of HTML, files (e.g. PDF), & EXEs  Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis  Confirmation of malicious attacks  Removal of false positives Phase 3: Block Call Back  Stop data/asset theft XML/SNMP alerts on infections as well as C&C destinations Global loop sharing into MAX Cloud Intelligence Fast Path Real-time Blocking in Appliance Phase 3

20 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 20 The FireEye Difference Multi-Vector Protection Protection against Web attacks Protection against attacks Protection against file-based attacks Multi-Stage Protection Inbound zero-day exploit detection Outbound malware callback blocking Malware binary payload analysis Latent malware quarantine Multi- Vector Multi- Stage

21 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 21 Multi-Vector Protection Blended Web/ Threats Internal Lateral Movement of Threats Web Threats Threats CMS

22 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 22 LATERAL SPREAD Multi-Staged Attack Pieces Connected Point Products WEB EXPLOIT MALWARE EXECUTABLE DOWNLOAD CALLBACK WEB OR EXPLOIT MALWARE EXECUTABLE DOWNLOAD DATA EXFILTRATION CALLBACK LATERAL MOVEMENT DATA EXFILTRATION

23 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 23 Inline blocking both inbound and outbound Advanced content analysis (PDF, JavaScript, URLs) Models up to 1 Gbps at microseconds latency FEATURES Web Malware Protection System Inline, real-time, signature-less malware protection at near-zero false positives Analyzes all web objects, e.g., web pages, flash, PDF, Office docs and executables Blocks malicious callbacks terminating data exfiltration across protocols Dynamically generates zero-day malware and malicious URL security content and shares through Malware Protection Cloud network Integration with and File MPS and MAS for real-time callback channel blocking

24 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 24 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications

25 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 25 Supports large range of file types (PDF, Office formats, ZIP, etc.) Attachment analysis URL analysis Correlation of malicious URLs to s at the CMS FEATURES Malware Protection System Protection against spear phishing and blended attacks Analyzes all s for malicious attachments and URLs In-line MTA active security or SPAN/BCC for monitoring Brute-force analysis of all attachments in VX Engine Web MPS integration for malicious URL analysis/blocking Web MPS integration for blocking of newly discovered callback channels

26 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 26 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: MPS Attachments URL Analysis

27 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 27 Protecting Against Blended Threats Secures Against Attacks Using URLs in High priority URL analysis through Web MPS VX engine Web MPS integration for correlation of malicious URL with spear phished message Web MPS integration for blocking of newly discovered callback channels Central Management System Web MPS MPS

28 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 28 File Malware Protection System Supports large range of file types (PDF, Office, ZIP, etc.) CIFS support Malicious file quarantine Integration via CMS FEATURES Protects file sharing servers from latent malware Addresses malware brought into the network via web or or file sharing as well as other manual means Detects the lateral spread of malware through network file shares Continuous and incremental network file share analysis Web MPS integration for blocking of newly discovered callback channels

29 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 29 Multi-Protocol, Real-Time VX Engine PHASE 1PHASE 1 Multi-Protocol Object Capture PHASE 2PHASE 2 Virtual Execution Environments PHASE 1: WEB MPS Aggressive Capture Web Object Filter DYNAMIC, REAL-TIME ANALYSIS Exploit detection Malware executable analysis Cross-matrix of OS/apps Originating URL Subsequent URLs OS modification report C&C protocol descriptors Map to Target OS and Applications PHASE 1: MPS Attachments URL Analysis PHASE 1: FILE MPS Network File Shares

30 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 30 Multi-Layered Threat Intelligence Sharing Local Sharing Seconds Internal Feedback Loop Web MPS Cross-Enterprise Sharing Central Management System Global Sharing Cross-Enterprise Web MPS Deployment Many 3 rd party Feeds Validated by FireEye Technology

31 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 31 Summary Pace of advanced targeted attacks is accelerating, affecting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and gateways) no longer stop these attacks Real-time, integrated signature- less solution is required across Web, and file attack vectors FireEye has engineered the most advanced threat protection to supplement traditional defenses and stop advanced targeted attacks Complete Protection Against Advanced Targeted Attacks Web Malware Protection System Malware Protection System File Malware Protection System

32 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 32 Enjoy the rest of the show! Thank You!


Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye."

Similar presentations


Ads by Google