Real World
Defense Strategies
- for -

Targeted Endpoint
Threats

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Agenda

•
•
•
•
•

Advanced Persistent Threats (APTs)
Targeted Threats Trends
Targeted Threats Framework
Defense in Depth
...
Advanced Persistent Threats
Real? Or vender hype?
What’s your perspective …
» Something new?
» Merely marketing hype?
» Li...
Targeted Threat Concerns
Ponemon Research: 2013 State of the Endpoint
Figure 4: IT security risks of most concern since 20...
Targeted Threat Trends
Targeted Attacks by Organization Size

93%

2%
3%
5%
50%
In 2012
31%
In 2012

Source: Symantec
6
PROPRIETARY & CONFIDENTIA...
External Actors Responsible for Majority of Attacks

Source: Verizon 2013 databreach

7
PROPRIETARY & CONFIDENTIAL - NOT F...
Healthcare – Most frequent data breaches

8
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Threats - Top 10 Industries Attacked in 2012

Source: Symantec

9
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DIS...
Threat Environment – Threat Trends
• User endpoints are consistently targeted
» 71% of attacks targeted user devices – Sou...
Common APT Characteristics
• Highly targeted and endpoint-focused
• Uses both sophisticated and low-tech techniques
» Deli...
Targeted Threat
Framework
Targeted Threat Framework

13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Discover
Essentially “casing the joint”

» Identify the Target
» Plan for Penetration
» Probe the Perimeter

14
PROPRIETAR...
Distribute
Design and develop not only the
payload but delivery vehicle

» Package the Payload
» Deliver the Payload

15
P...
Exploit
Activation may not be immediate,
and may involve multiple
vulnerabilities

» Trigger the Payload
» Exploit the Vul...
Control
Often involves encrypted
communications channel and
manual interaction

» Install Malware on
System
» Connect Back...
Execute
Taking action against
planned objectives

» Upset the CIA Triad
• Confidentiality
• Integrity
• Availability

» Ob...
Targeted Threat Framework
Phase

Detect

Deny

Discover

Web analytics

Firewall ACL

Distribute

Vigilant end user Web fi...
Defense-in-Depth
Defense-in-Depth Strategy

AV
Device
Control

Successful risk mitigation starts with a solid
vulnerability management foun...
Endpoint Defense-in-Depth

Port / Device Control

Physical Access
Anti-Malware

Patch Management

Configuration Management...
Additional Information
• For End User Education
» “Be Aware of What You Share” at
www.lumension.com/be-aware
• For Securit...
Q&A
Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog....
Upcoming SlideShare
Loading in...5
×

Real World Defense Strategies for Targeted Endpoint Threats

239

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
239
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Real World Defense Strategies for Targeted Endpoint Threats

  1. 1. Real World Defense Strategies - for - Targeted Endpoint Threats PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  2. 2. Agenda • • • • • Advanced Persistent Threats (APTs) Targeted Threats Trends Targeted Threats Framework Defense in Depth Q&A 2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  3. 3. Advanced Persistent Threats Real? Or vender hype? What’s your perspective … » Something new? » Merely marketing hype? » Limited to large companies? » All about China? » APT = Malware? 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  4. 4. Targeted Threat Concerns Ponemon Research: 2013 State of the Endpoint Figure 4: IT security risks of most concern since 2010 More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012 47% 36% Increased use of mobile platforms * 36% 24% 24% Advanced persistent threats Intrusion and data loss within a virtual environment 22% 23% 13% 2012 2011 2010 * This choice was not available in all fiscal years ISACA Research: Advanced Persistent Threats Are Real » » » » 93.6% feel APTs are a serious threat 63% think it is only a matter of time 79% feel this is the largest gap in APT prevention 1 in 5 have experienced an APT attack 4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  5. 5. Targeted Threat Trends
  6. 6. Targeted Attacks by Organization Size 93% 2% 3% 5% 50% In 2012 31% In 2012 Source: Symantec 6 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  7. 7. External Actors Responsible for Majority of Attacks Source: Verizon 2013 databreach 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  8. 8. Healthcare – Most frequent data breaches 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  9. 9. Targeted Threats - Top 10 Industries Attacked in 2012 Source: Symantec 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  10. 10. Threat Environment – Threat Trends • User endpoints are consistently targeted » 71% of attacks targeted user devices – Source Verizon
  11. 11. Common APT Characteristics • Highly targeted and endpoint-focused • Uses both sophisticated and low-tech techniques » Delivery: USB keys, social engineering, watering hole, etc. » Zero-day vs. “known” vulnerabilities » Fraudulent certificates • Centralized Command and Control • Undetected for prolonged periods » Exfiltration masking » “Hiding in plain sight” 11 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  12. 12. Targeted Threat Framework
  13. 13. Targeted Threat Framework 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  14. 14. Discover Essentially “casing the joint” » Identify the Target » Plan for Penetration » Probe the Perimeter 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  15. 15. Distribute Design and develop not only the payload but delivery vehicle » Package the Payload » Deliver the Payload 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  16. 16. Exploit Activation may not be immediate, and may involve multiple vulnerabilities » Trigger the Payload » Exploit the Vulnerability 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  17. 17. Control Often involves encrypted communications channel and manual interaction » Install Malware on System » Connect Back to Attacker » Command & Control 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  18. 18. Execute Taking action against planned objectives » Upset the CIA Triad • Confidentiality • Integrity • Availability » Obfuscate and Extend 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  19. 19. Targeted Threat Framework Phase Detect Deny Discover Web analytics Firewall ACL Distribute Vigilant end user Web filtering Spearfish detection AV Exploit Vigilant end user White listing Memory protection Patch Management Sandboxing Control Next gen FW NIPS DNS Execute SIEM Audit Logs FW ACL NIDS 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Disrupt
  20. 20. Defense-in-Depth
  21. 21. Defense-in-Depth Strategy AV Device Control Successful risk mitigation starts with a solid vulnerability management foundation, augmented by additional layered defenses which include: » Configuration Control » Application Whitelisting Hard Drive and Media Encryption » Memory Protection » Data Encryption » Port / Device Control Application Control Memory Protection Patch and Configuration Management 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION » Antivirus
  22. 22. Endpoint Defense-in-Depth Port / Device Control Physical Access Anti-Malware Patch Management Configuration Management Network Access Data Encryption 22 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  23. 23. Additional Information • For End User Education » “Be Aware of What You Share” at www.lumension.com/be-aware • For Security Pros (www.lumension.com/Resources) » Whitepaper “The State of APT Preparedness” from UBM Tech at ~/WhitePapers/The-State-of-APT-Preparedness » On-Demand Webcast “Top 9 Mistakes of APT Victims” by Ultimate Windows Security at ~/Webcasts/Top-9-Mistakes-of-APT-Victims • More on APT issues and solutions in Optimal Security blog at blog.lumension.com/tag/advanced-persistent-threat/ 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  24. 24. Q&A
  25. 25. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×