Detect & Remediate Malware & Advanced Targeted Attacks

2,035 views
1,774 views

Published on

Despite huge investments in anti-virus software, next-gen firewalls, and IPS platforms, companies are still getting hacked. The new generation of advanced targeted attacks bypasses traditional defenses and put sensitive data at risk. It takes just minutes from the time an organization is compromised to the exfiltration of sensitive data. What's needed is a security solution that can detect and block data center threats while allowing easy, appropriate access to the assets essential to running your business. This presentation from Imperva and FireEye addresses data center security requirements and solutions.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,035
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
90
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Detect & Remediate Malware & Advanced Targeted Attacks

  1. 1. Detect and Remediate Advanced Targeted Attacks Raphael Reich - Senior Director, Product Marketing, Imperva Ruby Sharma - Manager, WW Strategic Alliances, FireEye 1 © 2013 Imperva, Inc. All rights reserved. Confidential
  2. 2. Agenda §  The threat landscape §  Traditional defenses fall short §  Securing high-value applications and data assets §  FireEye and Imperva: focused defense for targeted attacks 2 © 2013 Imperva, Inc. All rights reserved. Confidential
  3. 3. Raphael Reich Senior Director, Product Marketing , Imperva §  Expertise •  20+ years in product marketing, product management, and software engineering §  Professional Experience •  Cisco, Check Point, Network General §  Academics •  Bachelor’s degree in Computer Science from UC Santa Cruz •  MBA from UCLA 3 © 2013 Imperva, Inc. All rights reserved. Confidential
  4. 4. Ruby Sharma Manager, WW Strategic Alliances, FireEye §  Expertise •  10+ years in strategic alliances, product management, and software engineering §  Professional Experience •  FireEye, Microsoft §  Academics •  Masters in Computer Science from Illinois Institute of Technology 4 © 2013 Imperva, Inc. All rights reserved. Confidential
  5. 5. Threat Landscape 5 © 2013 Imperva, Inc. All rights reserved. Confidential
  6. 6. Attackers Turn Your Data Into Their Money 6 © 2013 Imperva, Inc. All rights reserved. Confidential
  7. 7. Target Your Users and Your Data Center Source: Verizon Data Breach Report, 2013 7 © 2013 Imperva, Inc. All rights reserved. Confidential
  8. 8. Who’s Doing It and Why Governments Stealing Intellectual Property (IP) and raw data, and spying §  Motivated by: Policy, politics, and nationalism §  Preferred Methods: Targeted attacks Organized Crime Stealing IP and data §  Motivated by: Profit §  Preferred Methods: Targeted attacks, fraud Hacktivists Exposing IP and data, and compromising the infrastructure §  Motivated by: Political causes, ideology, personal agendas §  Preferred Methods: Targeted attacks, Denial of Service attacks 8 © 2013 Imperva, Inc. All rights reserved. Confidential
  9. 9. Some Examples Hackers stole sensitive data related to a planned $2.4B acquisition of China Huiyuan Juice Group Hackers raided troves of sensitive data from the $21B company, but it was never made public Hackers gained access to privileged user accounts regarding electric vehicle drive train technology Hackers had full system access with the ability to modify, copy and delete sensitive data 9 © 2013 Imperva, Inc. All rights reserved. Confidential
  10. 10. Anatomy of a Targeted Attack Records lost: 4M Population: 5M = 80% Attack Timeline: Targeted, Efficient, and Undetected Attacker steals login credentials via phishing email & malware Attacker logs in remotely and accesses the database Aug 13, 2012 Aug 27, 2012 10 © 2013 Imperva, Inc. All rights reserved. Confidential Additional reconnaissance, more credentials stolen Aug 29 – Sept 12, 2012 Attacker steals the entire database Sept 12 - 14, 2012
  11. 11. Current Controls Won’t the NGFW/IPS/AV Stop It? 11 © 2013 Imperva, Inc. All rights reserved. Confidential
  12. 12. Protect and Monitor Your Assets Applications and data are the main focus of modern cyber attacks. However, existing identity, endpoint, and network security solutions are insufficient for their protection. Application Security Roadmap Beyond 2012: Breaking Silos, Increasing Intelligence, Enabling Mass Adoption Joseph Feiman and Neil MacDonald; June 22, 2012 Gartner, Inc. 12 © 2013 Imperva, Inc. All rights reserved. Confidential
  13. 13. Typical Defenses Ineffective Against Modern Malware “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 13 © 2013 Imperva, Inc. All rights reserved. Confidential
  14. 14. Traditional Defenses Don’t Work The new breed of attacks evade signature-based defenses Anti-Spam Gateways IPS " Firewalls/ NGFW 14 © 2013 Imperva, Inc. All rights reserved. Secure Web Gateways Confidential Desktop AV
  15. 15. The Spending Disconnect The Threats Have Changed Security Spending Hasn’t 2012 2001 Cyber Espionage Organized Criminals Industrialized Hackers Anti-virus Anti-virus Backdoors Firewall / VPN Firewall / VPN “Digital Graffiti” Content Filtering Secure Email/Web Script Kiddies IDS / IPS IPS Threats Security Spend Threats Security Spend Sources: Gartner, Imperva analysis 15 © 2013 Imperva, Inc. All rights reserved. Confidential
  16. 16. Rebalance Your Security Portfolio 16 © 2013 Imperva, Inc. All rights reserved. Confidential
  17. 17. Security Redefined Forward Thinking 17 © 2013 Imperva, Inc. All rights reserved. Confidential
  18. 18. New Threat Landscape Coordinated Persistent Threat Actors Dynamic, Polymorphic Malware Advanced attacks go undetected! Multi-Vector Attacks 18 © 2013 Imperva, Inc. All rights reserved. Confidential Multi-Stage Attacks
  19. 19. Targeting an Organization’s Valuable Assets Spear Phishing CFO Financial Information Web-Based Attack Director of Engineering Intellectual Property File-Based Attack Government Employee National Security Information 19 © 2013 Imperva, Inc. All rights reserved. Confidential
  20. 20. A New Approach Required Legacy Security Devices Pattern-Matching Detection Model •  Signature-based •  Reactive •  Only known threats •  False positives 20 © 2013 Imperva, Inc. All rights reserved. Confidential New Virtual MachineBased Detection Model •  •  •  •  Signature-less Dynamic, real time Known/unknown threats Minimal false positives
  21. 21. FireEye’s Multi-Flow, Stateful Attack Analysis Infection Server Callback Server •  FireEye uses multi-flow analysis to understand the full context of today’s cyber attacks Exploit Callbacks Malware Executable Data Exfiltration •  Stateful attack analysis shows the entire attack life cycle •  Enables FireEye to disrupt each stage and neutralize attack •  Point products focus only on objects (e.g., executable, files) and can be easily bypassed Downloads 21 © 2013 Imperva, Inc. All rights reserved. Confidential
  22. 22. FireEye Multi Vector Protection Platform Network based based appliances see wide range of network traffic Web Email File Malwar e Multi-Vector Virtual Execution™ Central Management System Dynamic Threat Intelligence™ 22 © 2013 Imperva, Inc. All rights reserved. Confidential Installs within an hour on most networks with no need for rules and policies Integrates with common network architectures Additional specialized malware analyst tools Leverage of detection experience across entire customer base
  23. 23. Attacks Discovered and Stopped by FireEye FireEye claims protection against Internet Explorer zero-day attack, Operation Aurora Attackers Target Internet Explorer Zero-Day Flaw December 28, 2012 Researcher – Darien Kindlund January 18, 2010 Java Zero-Day Attack Could Hit Enterprises Hard August 28, 2012 Researcher – Atif Mushdaq South Korea network attack 'a computer virus' March 20, 2013 Researcher – Vinay Pidathala Operation Beebus Attacks Discovered by FireEye February 4, 2013 Researchers – Vinay Pidathala, Darien Kindlund 2010 Command and Control Used in Sanny APT Attacks Shut Down March 22, 2013 Researchers – Ali Islam, Alex Lanstein 2013 2012 Researchers Say They Took Down World’s Third-Largest Botnet July 18, 2012 Researcher – Atif Mushdaq APT Attacks FireEye is Designed to Combat 23 Russian space research org targeted by mystery malware attack December 12, 2012 Researchers – Ali Islam, Alex Lanstein Stuxnet © 2013 Imperva, Inc. All rights reserved. Adobe reviews report of another security bug in its software February 13, 2013 Researcher – Zheng Bu Duqu South Korea Confidential Researchers: Zero-day PDF exploit affects Adobe Reader 11, earlier versions February 13, 2013 Researcher – Yichong Lin
  24. 24. Protecting the Data Center From Advanced Targeted Attacks 24 © 2013 Imperva, Inc. All rights reserved. Confidential
  25. 25. What is Needed Advanced Detection: identify zero-day attacks Immediate Mitigation: block/report compromise insiders attempt to… •  Access business critical applications •  Access sensitive data – databases, intellectual property, deal data, etc. •  Conduct administrative actions or privileged operations Non-disruptive: mitigation enables business to continue Full Forensics: logs all activity originating from infected hosts 25 © 2013 Imperva, Inc. All rights reserved. Confidential
  26. 26. Reduce Risk §  Identify sensitive data §  Build policies to protect that data §  Review and rationalize access rights §  Audit, analyze and alert on access activity 26 © 2013 Imperva, Inc. All rights reserved. Confidential
  27. 27. Detect Advanced Attacks §  Detect advanced malware on network •  Detect in-bound malware exploits and out-bound data exfiltration to C&C sites §  Identify compromised endpoints/users •  Prevent them from accessing business critical data 27 © 2013 Imperva, Inc. All rights reserved. Confidential
  28. 28. Insulate Critical Applications and Data §  Stop compromised users and devices from accessing sensitive applications and data 28 © 2013 Imperva, Inc. All rights reserved. Confidential
  29. 29. Post-incident Analysis §  Leverage audit trail and forensics to improve the incident response process •  Identify trends and patterns that indicate security risk 29 © 2013 Imperva, Inc. All rights reserved. Confidential
  30. 30. Protect Data From Advanced Targeted Attacks +   1.  Identify insiders/endpoint compromised by malware 2.  Prevent compromised hosts from accessing critical business data 3.  Provide business continuity without business risk 30 © 2013 Imperva, Inc. All rights reserved. Confidential
  31. 31. Case Study: PSCU - Financial Services BLOCK Protecting regulated data in databases with Imperva and FireEye PCI Imperva Database Firewall 31 © 2013 Imperva, Inc. All rights reserved. Confidential
  32. 32. Integration and Data Flow Data set SecureSphere MX Data   Descrip,on   IP   Compromised  device  IP  address   Hostname   Compromised  device  hostname     FireEye  ID   Unique  FireEye  ID  for  mapping   Source   FireEye  MPS  source  device   Etc.   Etc.   32 © 2013 Imperva, Inc. All rights reserved. SecureSphere Gateways Confidential
  33. 33. Additional Resources – White Paper Download Now 33 © 2013 Imperva, Inc. All rights reserved. Confidential
  34. 34. Additional Resources – eBook Download Now 34 © 2013 Imperva, Inc. All rights reserved. Confidential
  35. 35. www.imperva.com 35 © 2013 Imperva, Inc. All rights reserved. Confidential

×