Download presentation
Presentation is loading. Please wait.
Published byMarilynn Davis Modified over 8 years ago
1
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Top of Content Box Line Subtitle Line Title Line Advanced Threat Defense and Next Generation Security Joe Metzler, Network Security Architect, Intel Security
2
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 2 Source: McAfee Labs Threats Report: First Quarter 2014 Threat Landscape New threats every minute, or almost 4 every second Increase in malicious signed binaries in Q1 2014 Increase in new threats attacking the master boot record in Q1 2014 Increase in the amount of mobile malware samples in the past year Number of new ransomware samples in 2013 New malicious URLs in Q1 2014 – a 19% increase over the previous quarter Unique malware samples contained in the McAfee “Zoo” as of Q1 2014 236 46% 49% 167% 1,000,000 18,000,000 200,000,000+
3
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 3 Source: Strategies for Dealing With Advanced Targeted Attacks ( Published 6 June 2013) What Is Advanced Malware? Evades Legacy-based Defenses Typically Criminal Discovered After the Fact Key Challenges The major advance in new threats has been the level of tailoring and targeting. Advanced threats are using targeted attacks to get past standard levels of security controls. Poor security practices and unmonitored employee behaviors can undermine the efficiency of advanced threat detection technologies. Theft Sabotage Espionage Stealthy Targeted Unknown Data loss Costly clean-up Long-term damage
4
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 4 Advanced Malware Market Wisdom Identified However, Sandboxing by Itself Should Not be Your Only Defense Resource Intensive Not Real Time Lacks Scalability ??? Because of Behavior Analysis Because No Signature Match ??? Safe ? Malware ? ? Sandboxing
5
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Dynamic and Static Real-time Emulation Comprehensive Layered Approach Number of Samples You Can Process Known Good Known Bad File ExecutionEmulation Compute Cycles Needed White/ Black Listing AV GTI
6
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 6 Source: McAfee Q4 2012 Quarterly Threat Report The Packing Challenge Custom packers used in targeted attacks Packing or protecting changes the composition of the code or obfuscates it to evade detection and reverse engineering Need to unpack to get to original executable code for analysis Packed malware can hide: Delayed execution Alternative execution paths
7
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 7 Understand Your Adversary Advanced Threat Defense immediately identifies the file as malicious with 14 specific classifications Note, that static code analysis also shows the 43% of the code did not execute in the sandbox So what else is missed if only dynamic analysis is used?
8
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 8 Static Code Analysis Advanced Threat Defense unpacks and reverse engineers the file to expose the actual code for analysis Advanced Threat Defense is able to compare this code to known malicious code, identifying this relatively unknown file as part of the Voter_1 malware family Note that static code analysis finds more than 71% similarity to known malware family
9
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Dynamic And Static Analysis Analyze Static AnalysisDynamic Analysis Analyze Unpacking Disassembly of Code Calculate Latent Code Familial Resemblance Run Time DLLs Network Operations File Operations Process Operations Delayed execution
10
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 10 Broadest OS Support Target-specific analysis: Analyze threats under the exact conditions of the actual host profile within the organization Reducing the chances of missed malware or false positives Faster results: scales sandboxing capacity Customer-defined sandbox images Broad support covers corporate environments, including server and mobile traffic Windows XP 32/64bit Windows 8 32/64 bit Windows 7 32/64 bit Windows Server 2000-2008 Android Custom Image McAfee
11
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential AV-TEST Results 11 Sample Size: Malicious Files 7,616 Microsoft Office docs 4,752 PDF docs 131,871 Zoo Malware 12,132 Prevalent malware Sample Size: Clean Files 96,722 clean files “The appliance showed great performance detecting 99.96% overall and no less than 99.5% in any single tested malware category. It also had a minimum of false positive detections at 0.01%.”
12
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 12 Advanced Threat Defense Key Differentiators Comprehensive Approach High-detection Accuracy Centralized Deployment Advanced Threat Defense
13
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Firewall 13 Protocol-Specific Deployment Numerous Appliances Data Center Servers End-user Endpoints DMZ Management And Forensics Email/DNS/App Web Gateway Email Gateway IPS SIEM ePO Malware Analysis/ Forensics Central Manager Web Malware Analysis Email Malware Analysis Files Server Malware Analysis Centralized Deployment Lower Cost of Ownership and Scalability Advanced Threat Defense
14
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 14 Advanced Threat Defense Better Detection, Better Protection Lower Total Cost of Ownership Faster Time to Malware Conviction, Containment, and Remediation
15
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential “Connected” NGFW Firewall Evolution 15 Connected to endpoint security Connected to real-time global threat database Connected to advanced threat detection Connected to security information and event mgmt. Performance Enhanced NGFWs Central management for large networks High availability Advanced evasion protection First NGFWs Inspection Application and user awareness Traditional FWs time Completeness of security 2012 20142013 2008 1988
16
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Building An Advanced Security Connected Ecosystem Endpoint Management SIEM McAfee Advanced Threat Defense 16 GTI Reputation in the Cloud Integrates network, endpoint and global threat information for superior protection Next Generation Firewall & SMC
17
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Security Connected Ecosystem 17 17 McAfee ePO (Endpoint Management) Endpoint Intelligence Integration IP addresses Ports Login credentials, etc. Discover and take action on dangerous or malicious endpoint behaviors Direct links to endpoint log events ePO SMC admin
18
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Security Connected Ecosystem 18 18 McAfee ESM (SIEM) SIEM Integration Quickly respond to alerts and unusual patterns on your network 18 Alerts based on deviations Sum events and track averages Unusual user behavior Suspicious network activity spikes Anomalous communication patterns } ID Anomalies }
19
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Security Connected Ecosystem 19 Advanced Threat Integration McAfee Advanced Threat Defense Deep analysis of suspect files exposes zero-day and advanced threats 19
20
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Security Connected Ecosystem 20 GTI Integration McAfee GTI Reputation in the Cloud Respond to real-time global threat information including insights from McAfee Labs 20 File reputation URL reputation Web categorization Message reputation IP reputation Certification reputation
21
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential logs 21 McAfee SIEM New File McAfee Advanced Threat Defense McAfee Next Generation Firewall McAfee Global Threat Intelligence (GTI) Malware Warning! McAfee ePolicy Orchestrator AV Scan Less Time to Find, Freeze and Fix advanced threats FIND FREEZE FIX Intel Security Connected Ecosystem How it Works
22
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Internal Additions 22
23
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential McAfee NGFW Features Landscape The First “Connected” Next Generation Firewall of the Market Leader in Advanced Evasions Protection The Most Productive Centralized Management on the Market Leader and Pioneer in High Availability Adaptable Unified Software Core Strong Inspection capabilities Increased Performance with Clustering 23 5.8 addition 5.7 addition
24
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Palo Alto Check Point FortinetCisco McAfee provides adaptable security with competitive TCO …Comparing to the industry 24 Malware protection: Wildfire has limited file type and decryption support VPN: Complicated, non-scalable VPN management, no SSL VPN Portal Security Connected: Limited portfolio compared to McAfee Malware protection: Limited threat intelligence sources, unproven FortiSandbox VPN: Poor, non-scalable VPN management Security Connected: As UTM focused company lacks integrations between security systems and broad portfolio Malware protection: Lack of in-system malware protection system VPN: Poor VPN and management capabilities Security Connected: Not a security focused company with no strong security vision Malware protection: Lack of true sandboxing solution VPN: Requires extra licensing – TCO impact Security Connected: Weak end-point security and lack of SIEM solutions
25
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential Strong in all aspects – superior as an integration solution The Most Advanced Anti-Malware Protection 25 NSS Labs Protection & Evasion Test 2013 TestResult Detection rate99.96% False positives 0.01% July 2014 Most comprehensive threat Intelligence on the market McAfee Anti-VirusMcAfee ATDMcAfee GTI
26
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 26 Delivering ADAPTIVE THREAT PREVENTION Apply the POWER of KNOWLEDGE Advanced Targeted Attack ENCOUNTER to CONTAINMENT in milliseconds
27
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle Line Title Line Right Margin LineLeft Margin Line. McAfee Confidential 27
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.