Your SlideShare is downloading. ×
0
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Mc afee conectando las piezas
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mc afee conectando las piezas

449

Published on

En la actualidad el crecimiento exponencial del malware sofisticado y los métodos de evasión utilizados por cibercriminales se han convertido en una combinación letal para las organizaciones. Los …

En la actualidad el crecimiento exponencial del malware sofisticado y los métodos de evasión utilizados por cibercriminales se han convertido en una combinación letal para las organizaciones. Los silos de información y la carencia de automatización entre ellos, convierte a las empresas en foco fácil de los atacantes. Hoy las empresas no solo buscan llenar el “check” de Compliance, sino realmente mitigar sus riesgos de seguridad de manera más eficiente y proactiva. Una seguridad conectada, a través de diferentes componentes tecnológicos mediante los cuales se “comparte” la información para tomar conciencia y reaccionar de manera inmediata hace la diferencia entre ser uno más de las estadísticas de incidentes de seguridad o no serlo.

Dirigido a: Jefes o Coordinadores de TI, Gerentes de Sistemas o TI, CIO, CISO, CTO

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
449
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Conectando las piezas para mitigar el riesgo Jorge Herrerías, CISSP Sales System Engineer
  • 2. Malware Continues to Grow… 128M Total Malware Samples in the McAfee Labs Database New Malware Samples 14,000,000 New malware samples grew 22% from Q4’12 to Q1‘13 12,000,000 10,000,000 2012 new malware sample discoveries increased 50% over 2011. 8,000,000 6,000,000 4,000,000 2,000,000 0 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 2010 2010 2010 2010 2011 2011 2011 2011 2012 2012 2012 2012 2013 Malware continues to grow, and getting more sophisticated… 2 Source: McAfee Labs ,2013
  • 3. Ransomware The number of new, unique samples this quarter is greater than 320,000, more than twice as many as in the first quarter of 2013. During the past two quarters, McAfee Labs has catalogued more ransomware samples than in all previous periods combined. 350,000 New Ransomware Samples 300,000 250,000 200,000 150,000 100,000 50,000 0 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 3
  • 4. Total Malware Samples The McAfee “zoo” now contains more than 140 million unique malware samples. Total Malware Samples 160,000,000 140,000,000 120,000,000 100,000,000 80,000,000 60,000,000 40,000,000 20,000,000 0 4 Jul-12 Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13
  • 5. Suspicious Internet (MX) As of December 31, 2012, nearly 1,100 suspicious Internet addresses hosted in Mexico were analyzed by McAfee. There were only 800 in late 2011. 62 percent of the current ones are assigned with a maximum risk. Nearly 51 percent of these URLs hide malware. About 26 percent of them are used in phishing campaigns and 13 percent in spam campaigns. 5
  • 6. Comprehensive Malware Protection First Layer of Defense: Global Visibility and Situational Awareness
  • 7. Comprehensive Malware Protection Second Layer of Defense: McAfee Advanced Threat Defense Network Anti Malware
  • 8. Comprehensive Malware Protection Third Layer of Defense: Network Threat Protection IPS Web IPS IPS
  • 9. Comprehensive Malware Protection Fourth Layer of Defense: Comprehensive Endpoint Threat Defense
  • 10. Comprehensive Malware Protection Fifth layer of defense: Real Time Endpoint Awareness
  • 11. Comprehensive Malware Protection Sixth Layer of Defense: Heal Endpoints
  • 12. Comprehensive Malware Protection Seventh Layer of Defense: Global Threat Intelligence GTI
  • 13. Multi-Layering Defense | Interconnected Firewall Enterprise Web Protection Intrusion Prevention System Security for Microsoft Exchange VirusScan Email Protection Network Anti Malware Site Advisor Database Security Application Control Data Center Security MOVE AV SIEM Host IPS Unified Administration Device Control Mobilty Deep Defender Device Control
  • 14. Escena 1
  • 15. Escena 2
  • 16. Escena 3
  • 17. Escena 4
  • 18. Escena 5
  • 19. Escena 6
  • 20. Escena 7 Result: https://www.virustotal.com/en/file/59c878b9daa887167c1857edf1d121dddfa0fb30031058e0d87f46890e7456ad/analysis/
  • 21. McAfee Comprehensive Malware Protection Solution Overview McAfee Endpoint Agent* McAfee Global Threat Intelligence FREEZE FIND NSP Gateways McAfee Network IPS GTI/LTI Efficient AV Signatures McAfee Web Gateway Emulation Engine Target-Specific Sandboxing (ValidEdge) McAfee Email Gateway FIX GTI Reputation Automated Host Cleaning (ePO) McAfee Advanced Threat Defense McAfee ePO Malware Fingerprint Query (Real Time ePO)
  • 22. Discovering ZeroDay and Targeted Attacks Live Walkthrough YOU FIND ON-PREM LIVE E-MAIL RECEIVED 08-27-2013 Advanced Threat Defense McAfee Global Threat Intelligence Target-Specific Sandboxing (MATD) Emulation Engine Efficient AV Signatures GTI Reputation 3rd Party Threat Data JAR Analysis .exe Analysis PDF Analysis Network Threat Response MFE FINDS VIA CLOUD URL REDIRECT TO MALWARE SITE
  • 23. Discovering ZeroDay and Targeted Attacks Live Walkthrough YOU FIND ON-PREM REPUTATION CHECK OF THE URL PASSES Advanced Threat Defense McAfee Global Threat Intelligence Target-Specific Sandboxing (MATD) Emulation Engine Efficient AV Signatures GTI Reputation 3rd Party Threat Data JAR Analysis .exe Analysis PDF Analysis Network Threat Response MFE FINDS VIA CLOUD PAYLOAD APPEARS TO BE A .SCR INSIDE A .ZIP
  • 24. Discovering ZeroDay and Targeted Attacks Live Walkthrough YOU FIND ON-PREM Advanced Threat Defense McAfee Global Threat Intelligence Target-Specific Sandboxing (MATD) Emulation Engine Efficient AV Signatures GTI Reputation 3rd Party Threat Data JAR Analysis .exe Analysis PDF Analysis Network Threat Response MFE FINDS VIA CLOUD DUE TO ZERO DAY, FEW A/V SIGNATURE CATCHES
  • 25. Discovering ZeroDay and Targeted Attacks Live Walkthrough YOU FIND ON-PREM Advanced Threat Defense McAfee Global Threat Intelligence Target-Specific Sandboxing (MATD) Emulation Engine Efficient AV Signatures GTI Reputation 3rd Party Threat Data JAR Analysis .exe Analysis PDF Analysis Network Threat Response MFE FINDS VIA CLOUD MATD OR NTR EXECUTION DEMONSTRATES:
  • 26. Discovering ZeroDay and Targeted Attacks Live Walkthrough WHAT’S LEARNED THROUGH EXECUTION: YOU FIND ON-PREM Advanced Threat Defense McAfee Global Threat Intelligence Target-Specific Sandboxing (MATD) Emulation Engine Efficient AV Signatures GTI Reputation 3rd Party Threat Data JAR Analysis .exe Analysis PDF Analysis Network Threat Response MFE FINDS VIA CLOUD
  • 27. Escena 8 (Malware)
  • 28. Usar los controles adecuados… 29 October 18, 2013
  • 29. Defending Against Targeted Attacks Requires Lean-Forward Technologies and Processes
  • 30. Global Threat Intelligence and SIEM IP REPUTATION CHECK GOOD SUSPECT AUTOMATIC RISK ANALYSIS VIA ADVANCED CORRELATION ENGINE BAD Medium Risk High Risk EVENT AUTOMATIC IDENTIFICATION McAfee Labs IP Reputation Updates Botnet/ DDos Mail/ Spam Sending Web Access Malware Hosting Network Probing Network Probing Presence of Malware DNS Hosting Activity Intrusion Attacks
  • 31. Manejo de Eventos…
  • 32. Priorizar los eventos de seguridad
  • 33. De arriba hacia abajo…
  • 34. Si bueno, con quién hablo?
  • 35. User on WinXPHost01 downloads “Windows update” from fake site. Executes it, nothing sinister appears. D
  • 36. Meanwhile, we start to see a number of potentially malicious events related to this host on McAfee ESM. 37 October 18, 2013
  • 37. Step 1: This external host looks suspicious. Let's blacklist him. 38 October 18, 2013
  • 38. 39 October 18, 2013
  • 39. 40 October 18, 2013
  • 40. 41 October 18, 2013
  • 41. 42 October 18, 2013
  • 42. Quarantine successfully implemented through the McAfee NSM. Link to C&C host blocked. 43 October 18, 2013
  • 43. Step 2: This internal endpoint appears to have been compromised. From McAfee ESM we can lock it down and scan it immediately through ePO.
  • 44. Looking at the endpoint, we see that the firewall started off disabled.
  • 45. ePO enables the firewall with a restrictive policy. The Trojan is contained on the endpoint.
  • 46. Simultaneously, ePO launches an aggressive scan.
  • 47. Additional malware on the infected host discovered and cleaned.
  • 48. • ESM Screeenshot to show remediation was successful in SIEM. Confirmation back in the SIEM. Remediation complete. 50 October 18, 2013
  • 49. Comprehensive malware protection, , is an orchestrated approach to protect against malware.
  • 50. Referencias de reportes de consumo 52 October 18, 2013

×