We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byGeoffrey Matthews
Modified about 1 year ago
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta
2© Copyright 2011 EMC Corporation. All rights reserved. Defining APT Evolution of threat models Intention of such threats How to gear up for such a threat Agenda
3© Copyright 2011 EMC Corporation. All rights reserved. What is APT Advanced –Sophisticated. –Targeted. –With a purpose. Persistent –Continued efforts to achieve the goal. –Month after month, even years. Threat –Are resourceful, capable. –Are determined to achieve the goals.
4© Copyright 2011 EMC Corporation. All rights reserved. Intrusion kill chain Different Stages ReconnaissanceResearch, identification and selection of targets. WeaponizationCoupling a remote access Trojan with an exploit into a deliverable payload. DeliveryTransmission of weapon into the target network. ExploitationOnce a weapon is delivered, the intruders code exploits a vulnerability of an application OR operating system. InstallationInstallation of remote access Trojan, allows backdoor entry. Command and ControlCompromised host forms a channel to controlled servers. Actions on objectivesOnce the above phases are complete, intruders take actions to achieve original goal. Chain is a series of process such as find, fix, track, target, engage and assess. So find the targets for engagement, fix their location, track and keep an eye, target with suitable weapon, engage, assess the effects. This is called a chain because any interruption breaks the entire process.
5© Copyright 2011 EMC Corporation. All rights reserved. Differentiator, evolution of threats Traditional Virus/MalwareAPT Target random networks/hosts.Target specific network/hosts. Probably of getting detected are high by AV as their signatures get detected. Combination of malware used, signatures go undetected because of this. The effects become visible over a period of time, as large network/hosts get infected. The idea is to lay low over a significant period of time. A good firewall OR intrusion detection system can prevent entry by signature checking. Carrier is mostly through content, which uses well known ports (80, 443 etc.) and known protocol http, https etc.
6© Copyright 2011 EMC Corporation. All rights reserved. Different techniques used in an APT Spear phishing emails Social engineering emails
7© Copyright 2011 EMC Corporation. All rights reserved. Different techniques used in an APT Zero Day exploits
8© Copyright 2011 EMC Corporation. All rights reserved. Am I a APT victim, how to gear up? How to figure out you are a victim of APT attack? What to look out for? May get unnoticed by a single AV/IDS. Analyzing network layered packets is good way to start. Log analyses from various sources with co-relation should help. Monitoring end points for suspicious behavior. Good asset management should be in place, guard critical systems. Monitoring critical asset’s is very important. Finding needle in a hay stack.
9© Copyright 2011 EMC Corporation. All rights reserved. Am I a APT victim, how to gear up? What to look out for? Multi layered defense is needed. We are moving towards intelligence driven security systems.
10© Copyright 2011 EMC Corporation. All rights reserved. RSA Security Analytics RSA Security Analytics gives security teams the ability to unleash their full potential and stand tall against today’s attackers by evolving from a traditional log-centric approach to one with better visibility, analysis, and workflow
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1 Telstra in Confidence Managing Security for our Mobile Technology.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Role Of Network IDS in Network Perimeter Defense.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain David Flournoy Bit9 Mid-Atlantic.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Network security Product Group 2 McAfee Network Security Platform.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Copyright © 2015 Juniper Networks, Inc. 1 Sky Advanced Threat Prevention.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
GSHRM CONFERENCE CYBER SECURITY EDUCATION SHRI COCKROFT, CISO PIEDMONT HEALTHCARE, INC. September 21, 2015.
Cyber Crime Tanmay S Dikshit. Stage 1 Reconnaissance Finding out about the target Scan a well known site and find the hosts around it (Port Scan) Use.
12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel.
Final Project: Advanced Security Blade IPS and DLP blades.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
ZERO-DAY ATTACKS By Hiranmayi Pai Neeraj Jain. Table of Contents Introduction Evolution of Vulnerabilities and Threats Propagation of Zero-Day Threats.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning Ping often is blocked by firewalls Send TCP SYN/ACK to generate RST segments.
BotNet Detection Techniques By Shreyas Sali Course: Network Security (CSCI – 5235) Instructor: Dr. T Andrew Yang.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Intrusion Detection Systems and Practices Chapter 13.
+ Secure C2 Systems Ali Alhamdan, PhD National Information Center Ministry of Interior April 28 th, 2015.
Chapter 15 Computer Crime and Information Technology Security Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
© 2017 SlidePlayer.com Inc. All rights reserved.