FireEye

FireEye Network Malware Control System Chad Harrington VP of Marketing

Overview Crimeware’s rise to prominence Traditional security barriers collapsing FireEye Network Malware Control System

Understanding Crimeware

Targeted malware for profit

Funded by criminal orgs & online markets

Allows remote control by external parties

Cybercrime now ranks among the FBI’s top priorities behind terrorism & espionage. Computer-based crimes caused $14.2 billion in damages to businesses around the globe in 2005

The Crimeware Economy

Impact of Crimeware Attacks

Bottom line losses

Product/service theft

Intellectual property stolen

PC & bandwidth exploited

Liability & clean-up

Customer notifications & lawsuits

Data restoration & downtime

Brand erosion & loss of customers

20% of notified customers have ended business relationship due to breach

How Does Targeted Malware Infiltrate?

Common vectors

Mobile laptop

Employee home machine

3 rd party, guest PC

Enterprise desktop

1 Customized attack

How Does Targeted Malware Infiltrate? 2 Customized attack Command & control

Remote Control Established

Begin probing network

Identify high-value victims

Install additional malware

Steal data & information

How Does Targeted Malware Infiltrate? Targeted infiltration 3 Customized attack Command & control

How Does Targeted Malware Infiltrate?

Keyloggers

Password crackers

Trojans

Spam/Phishbots

4 Customized attack Command & control

Traditional Security Barriers Collapsing

Crimeware is designed to escape attention

Exploits bypass traditional security, such as

Firewalls – use open ports

Antivirus – be slightly new & different

Anomaly detectors – remain calm & look normal

“ Botnet worm infections can occur even when the impacted organization has the very latest antivirus signatures and is automatically pushing out OS and application patches .” US-CERT whitepaper

Targeted Malware Simply Undetectable by Traditional Security Techniques Targeted malware has 2 to 6 year window Window of Exploitability Signature or Patch Released Vulnerable Software Released Vulnerability Discovered/ Disclosed

Fire FireEye Network Malware Control System

Stops botnet & malware infiltration others do not

Ensures only compliant PCs gain network access

Continuous network traffic analysis

Automatic prevention & enforcement

What is Network Malware Control? Ensure Compliance On-connect network access controls ensures only compliant machines gain network access Continuous Analysis Continuous analysis of network activities for botnet transmissions & infection attempts Automatic Enforcement Automatically filter out malicious packets, botnet transmissions, and block infected machines

Ensure Compliant Network Access Remote & Wireless users LAN users WAN/VPN Internet Wireless Network access controls - Limit network access to machines with updated AV signatures & OS patches

Continuous Analysis using the FireEye Attack Confirmation Technology (FACT) An infinite supply of virtual victim machines analyzes network traffic flows for targeted attacks Mirrored network traffic flows

Automated Prevention & Enforcement Switches Close off / restrict network access to infected machines to protect customer data and company resources Mobility controllers MAC exclusion, VLAN re-assignment to block infected machines from network Packet filtering Productive traffic can continue to flow, but malicious traffic is blocked Internet

Typical FireEye Deployments Backbone WAN Internet Data Center Eliminate Network Borne Crimeware from Wireless Users Protect Data Center Windows Servers from Crimeware Eliminate Crimeware From Infiltrating from Internet Eliminate Network Borne Crimeware From Remote Branch Offices and Stores

The FireEye Ecosystem