Presentation on theme: "Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel"— Presentation transcript:
1 Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel FireEye OverviewJoshua Senzer, CISSPSr. Systems Engineer – North East Channel
2 Sophisticated attacks are more common You may have seen these headlines, but one key point is that all companies are at risk.Interestingly, many attacks are actually designed with the express purpose to enable further attacks on even more valuable targets. (RSA attack led to attacks on Lockheed, L3, and Northrup.)Net-net: Data breaches are increasingly common due to flaws in common applications/plug-ins like Adobe Reader. Persistent foes show that break-ins like the RSA data breach or theft of Symantec source code are straightforward given today’s traditional defenses.TRANSITION: Getting beyond the headlines
3 What the Analysts are Saying “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.”Gartner, 2011“The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.”Forrester, 2011“Incumbent defenses fall short…existing antimalware initiatives are no longer enough.”Forrester, 2011“Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.”Forrester, 2011““There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time.The threat is real. You are compromised; you just don't know it yet.”– Gartner, January 2012Analysts are re-affirming this new threat landscape and the relative ineffectiveness of traditional defenses. Note also that Gartner is calling this category ‘Advanced Threat Protection’. This is the term we will use as well.GARTNER:* “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.”* “Being online grows more dangerous by the day, and, for many exploits, the browser is the target of choice. In the last few years, enterprises have seen a parade of vulnerabilities through Adobe Acrobat, Microsoft Internet Explorer, and browser plug-ins. Often, the browser exploit is only the first stage of a more insidious attack, as in Operation Aurora.”FORRESTER:“The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.”“Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.”“Incumbent defenses fall short…existing antimalware initiatives are no longer enough.”
4 Hackers Evade Existing Defenses Utilizes advanced techniques and/or malwareUnknownPolymorphicDynamicMulti-stagePersonalizedUses zero-day exploits, commercial quality toolkits, and social engineeringOften targets IP, credentials and often spreads laterally throughout networkSame techniques – whether mass crimeware or targeted APTThe New Threat LandscapeThere is a new breed of attacks that are advanced, zero-day, and targetedADVANCEDStealthyUnknown and Zero DayTargetedPersistentAdvanced Targeted AttackAdvanced Targeted Attacks is the term we will use to describe the attacks in this market (it is also what Gartner has just coined and uses). What are advanced targeted attacks? They use advanced malware, zero-day and APT tactics to penetrate networks for the purpose of control, espionage and theft.Advanced Malware uses a variety of tactics like zero-day exploits, dynamism (e.g. fast flux DNS, polymorphism), and is often targeted / personalized.We are now in the age of the “Cyber Industrial Complex” in which criminals have commercial qualify toolkits to build the cyber weapons (malware) so effective at penetrating networks.Many in the IT security industry call these cyber criminal actors – Advanced, Persistent ThreatsTRANSITION: Why are advanced targeted attacks so effective?OpenKnown and PatchableBroadOne TimeTRADITIONAL
5 Multi-Protocol, Real-Time VX Engine Global loop sharing into DTI Cloud IntelligencePhase 3alerts on infections as well as C&C destinationsFast Path Real-time Blocking in AppliancePhase 1: Aggressive capture heuristicsDeploys out-of-band/passive or inlineMulti-protocol capture of HTML, files (e.g. PDF), & EXEsMaximizes capture of potential zero-day attacksPhase 2: Virtual machine analysisConfirmation of malicious attacksRemoval of false positivesPhase 3: Block Call BackStop data/asset theftLocal, Enterprise Wide, Global (DTI Cloud)
6 Next-Gen Malware Protection System (MPS) FireEye Hardware Platform7000 Series: 1Gbps4000 Series: 250 Mbps2000 Series: 50 Mbps1000 Series: 20 MbpsKEY FEATURES:Detects inbound 0-day & custom malware via virtual machine analysisTracks outbound call-backs and subsequent malicious payloadsExtremely accurate detection with near-zero false positiveCopper and Fiber models10-Gig native solution coming soon!6
7 Advanced Malware Protection Architecture Real-time Web, , & File Security to stop Advanced Targeted AttacksCentralized Management, ReportingAugments Zero-Day gaps traditional security missesPlatform for sharing FireEye Intel with 3rd party productsAutomation ensures higher detection accuracy & low TCOMalware Protection Cloud provides unique, zero-day intelligenceMALWARE PROTECTION CLOUDFirewallFile MPSProxyAnti-SpamInternet Facing SharePointCMSWeb MPSMPSDeployment architectureReal-time Web, , and file security to stop advanced targeted attacksCentralized reporting and managementIntegration into cyber incident response systemMASLANMail Servers
8 Technology Alliances - Moving Closer to the Breach MSSPHostSIA Partner MemberGatewayNetwork MonitoringSIEMThreatAttributionPartnerships:SIEM – ArcSight, Juniper/Q1 Labs, RSA enVision, NitroSecurity (now McAfee), Splunk (log management)Network Monitoring – Solera NetworksGateway – Blue Coat SystemsGRCSSLAlliances subject to change. Integration levels vary based on purpose and investment.
9 SummaryPace of advanced threats accelerating, targeting all verticals and all segmentsTraditional defenses (NGFW, IPS, AV, and Web gateways) no longer combat these attacksReal-time, proactive signature-less solution is required across Web and to solve issueFireEye has engineered the best threat protection solution to supplement traditional defenses and combat advanced attacks
Your consent to our cookies if you continue to use this website.