Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager.

Published byStanley Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager."— Presentation transcript:

1 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager

2 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 The Acceleration of Advanced Targeted Attacks # of threats are up 5X Nature of threats changing –From broad, scattershot to advanced, targeted, persistent Advanced attacks accelerating –High profile victims common (e.g., RSA, Symantec, Google) –Numerous APT attacks like Operation Aurora, Shady RAT, GhostNet, Night Dragon, Nitro “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 20042006200820102012 Advanced Persistent Threats Zero-day Targeted Attacks Dynamic Trojans Stealth Bots Worms Viruses Disruption Spyware/ Bots Cybercrime Cyber-espionage and Cybercrime Damage of Attacks

3 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 High Profile Attacks are Increasingly Common By Ben Elgin, Dune Lawrence & Michael Riley - Nov 4, 2012 6:01 PM ET Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time. Coke Gets Hacked And Doesn’t Tell Anyone

4 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 We are Only Seeing the Tip of the Iceberg Headline Grabbing Attacks Thousands More Below the Surface APT Attacks Zero-Day Attacks Polymorphic Attacks Targeted Attacks

5 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Traditional Defenses Don’t Work Advanced attacks bypass both signature and heuristics-based technologies in existing IT security defenses Networks Are Being Compromised as APTs Easily Bypass Traditional Signature-Based Defenses Like NGFW, IPS, AV, and Gateways

6 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 ADVANCED TRADITIONAL Advanced Targeted Attack Defining Advanced Targeted Attacks Utilizes advanced techniques and/or malware –Unknown –Targeted –Polymorphic –Dynamic –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network AKA—Advanced Persistent Threat (APT) Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted

7 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Malware Infection Lifecycle Desktop antivirus Losing the threat arms race Compromised Web server, or Web 2.0 site Callback Server Perimeter Security Signature, rule-based Other gateway List-based, signatures System gets exploited  Drive-by attacks in casual browsing  Links in Targeted Emails  Attachments in Targeted Emails Dropper malware installs  First step to establish control  Calls back out to criminal servers  Found on compromised sites, and Web 2.0, user-created content sites Malicious data theft & long- term control established  Uploads data stolen via keyloggers, Trojans, bots, & file grabbers  One exploit leads to dozens of infections on same system  Criminals have built long-term control mechanisms into system 33 22 11 Anti- spam DMZ Email Servers

8 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 Malware Analysis What types of Malware Analysis should you do? Malware Analysis Static Analysis SignatureHeuristics Dynamic Analysis Discrete Object analysis Contextual Analysis

9 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Case Study: Operation Aurora Infection Cycle Desktop antivirus Losing the threat arms race Malicious Web server Callback Server System gets exploited  Social engineering  Obfuscated JavaScript code  Exploited IE 6 zero-day vulnerability Web server delivers malware  Servers mapped by dynamic DNS  XOR encoded malware EXE delivered  No Signatures Malware calls home & long-term control established  Complete control of infected system  Further payloads downloaded  C&C located in Taiwan  Using outbound port 443 (SSL) 33 22 11

10 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 10 Captured Aurora on Day Zero Signature-less detection of zero-day attack Decryption routine for “a.exe” Malicious binary download posing as JPG

11 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 11 Captured Aurora on Day Zero Decryption complete. MD5 of Hydraq.Trojan Hydraq callback captured

12 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 12 Requirements for APT Detection / Protection 1. Dynamic defenses to stop targeted, zero-day attacks 2. Real-time protection to block data exfiltration attempts 3. Accurate, low false positive rates 4. Global intelligence on advanced threats to protect the local network

13 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 13 CORPORATE Over $825M in Revenue HQ in Chantilly, VA National Sales and Engineering Presence IS0 9001:2008 Certified for the Chantilly, VA, Largo, MD, and Kent, WA locations PEOPLE 350+ Employees More than 85% of Services Delivery Personnel Possess Government Clearances PMP and ITIL Professionals Skilled Pre-sales and Post-sales Engineers with Top-tier Certifications TECHNOLOGY MARKETS Commercial Department of Defense Federal Civilian Intelligence Strategic Manufacturer Partnerships Practice Disciplines Cloud Computing Collaboration Data Center Information Security Secure Mobility Network Infrastructure 13 Who is Iron Bow Technologies

14 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 14 Past Performance Customer/ProjectIron Bow Technologies Activities Delivered a multi-vendor solution supporting the Army Top Layer Architecture (TLA). Solution provides IPS, firewall, web content filtering, and real-time forensic monitoring capabilities in a single integrated architecture. Architected and deployed a multi-factor authentication pilot to support worldwide access to critical business applications and information. The pilot involved critical integration points to core network services and expert knowledge transfer to enable local customer resources to expand the program subsequent to the pilot saving thousands in future services. Developed a solution to secure more than 2,000 mobile computing devices. Solution provided local device security hardening and centralized management across multiple computing tablet devices. Designed a solution to address web content filtering, application whitelisting, antivirus, and end-point security throughout the 128 site enterprise. The solution included centralized management of the entire security platform from a single console. Black Entertainment Television Booz Allen Hamilton U.S. Army NETCOM 14 Job Corps

15 Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 15 Thank You

Download ppt "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Next Generation Threat Protection Randy Lee– Sr. SE Manager."

Similar presentations

Next Generation Threat Protection

Next Generation Threat Protection
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Tim Davidson System Engineer

Tim Davidson System Engineer
1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.

1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Top 5 Modern Malware Trends Data Connectors – September 12, 2013 Frank Salvatore,
Next Generation Threat Protection

Next Generation Threat Protection
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM

Similar presentations

Ads by Google