Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Published byIsabella Marsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel"— Presentation transcript:

1 Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
FireEye Overview Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

2 Sophisticated attacks are more common
You may have seen these headlines, but one key point is that all companies are at risk. Interestingly, many attacks are actually designed with the express purpose to enable further attacks on even more valuable targets. (RSA attack led to attacks on Lockheed, L3, and Northrup.) Net-net: Data breaches are increasingly common due to flaws in common applications/plug-ins like Adobe Reader. Persistent foes show that break-ins like the RSA data breach or theft of Symantec source code are straightforward given today’s traditional defenses. TRANSITION: Getting beyond the headlines

3 What the Analysts are Saying
“Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.” Gartner, 2011 “The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.” Forrester, 2011 “Incumbent defenses fall short…existing antimalware initiatives are no longer enough.” Forrester, 2011 “Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.” Forrester, 2011 ““There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time. The threat is real. You are compromised; you just don't know it yet.” – Gartner, January 2012 Analysts are re-affirming this new threat landscape and the relative ineffectiveness of traditional defenses. Note also that Gartner is calling this category ‘Advanced Threat Protection’. This is the term we will use as well. GARTNER: * “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.” * “Being online grows more dangerous by the day, and, for many exploits, the browser is the target of choice. In the last few years, enterprises have seen a parade of vulnerabilities through Adobe Acrobat, Microsoft Internet Explorer, and browser plug-ins. Often, the browser exploit is only the first stage of a more insidious attack, as in Operation Aurora.” FORRESTER: “The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.” “Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.” “Incumbent defenses fall short…existing antimalware initiatives are no longer enough.”

4 Hackers Evade Existing Defenses
Utilizes advanced techniques and/or malware Unknown Polymorphic Dynamic Multi-stage Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network Same techniques – whether mass crimeware or targeted APT The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted ADVANCED Stealthy Unknown and Zero Day Targeted Persistent Advanced Targeted Attack Advanced Targeted Attacks is the term we will use to describe the attacks in this market (it is also what Gartner has just coined and uses). What are advanced targeted attacks? They use advanced malware, zero-day and APT tactics to penetrate networks for the purpose of control, espionage and theft. Advanced Malware uses a variety of tactics like zero-day exploits, dynamism (e.g. fast flux DNS, polymorphism), and is often targeted / personalized. We are now in the age of the “Cyber Industrial Complex” in which criminals have commercial qualify toolkits to build the cyber weapons (malware) so effective at penetrating networks. Many in the IT security industry call these cyber criminal actors – Advanced, Persistent Threats TRANSITION: Why are advanced targeted attacks so effective? Open Known and Patchable Broad One Time TRADITIONAL

5 Multi-Protocol, Real-Time VX Engine
Global loop sharing into DTI Cloud Intelligence Phase 3 alerts on infections as well as C&C destinations Fast Path Real-time Blocking in Appliance Phase 1: Aggressive capture heuristics Deploys out-of-band/passive or inline Multi-protocol capture of HTML, files (e.g. PDF), & EXEs Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis Confirmation of malicious attacks Removal of false positives Phase 3: Block Call Back Stop data/asset theft Local, Enterprise Wide, Global (DTI Cloud)

6 Next-Gen Malware Protection System (MPS)
FireEye Hardware Platform 7000 Series: 1Gbps 4000 Series: 250 Mbps 2000 Series: 50 Mbps 1000 Series: 20 Mbps KEY FEATURES: Detects inbound 0-day & custom malware via virtual machine analysis Tracks outbound call-backs and subsequent malicious payloads Extremely accurate detection with near-zero false positive Copper and Fiber models 10-Gig native solution coming soon! 6

7 Advanced Malware Protection Architecture
Real-time Web, , & File Security to stop Advanced Targeted Attacks Centralized Management, Reporting Augments Zero-Day gaps traditional security misses Platform for sharing FireEye Intel with 3rd party products Automation ensures higher detection accuracy & low TCO Malware Protection Cloud provides unique, zero-day intelligence MALWARE PROTECTION CLOUD Firewall File MPS Proxy Anti-Spam Internet Facing SharePoint CMS Web MPS MPS Deployment architecture Real-time Web, , and file security to stop advanced targeted attacks Centralized reporting and management Integration into cyber incident response system MAS LAN Mail Servers

8 Technology Alliances - Moving Closer to the Breach
MSSP Host SIA Partner Member Gateway Network Monitoring SIEM Threat Attribution Partnerships: SIEM – ArcSight, Juniper/Q1 Labs, RSA enVision, NitroSecurity (now McAfee), Splunk (log management) Network Monitoring – Solera Networks Gateway – Blue Coat Systems GRC SSL Alliances subject to change. Integration levels vary based on purpose and investment.

9 Summary Pace of advanced threats accelerating, targeting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and Web gateways) no longer combat these attacks Real-time, proactive signature-less solution is required across Web and to solve issue FireEye has engineered the best threat protection solution to supplement traditional defenses and combat advanced attacks

Download ppt "Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel"

Similar presentations

Next Generation Threat Protection

Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
FireEye Architecture & Technology Full Spectrum Kill-chain Visibility

FireEye Architecture & Technology Full Spectrum Kill-chain Visibility
Tim Davidson System Engineer

Tim Davidson System Engineer
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection

Next Generation Threat Protection
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

Similar presentations

Ads by Google