Gigamon U - Eye Of The Fire, Network Malware Control System


Published on

FireEye, Inc. is the leader in network malware control, dedicated to eradicating malware from the world's networks. FireEye provides the world's only malware control system designed to secure networks from targeted malware. Our solutions bring advanced network security together with state-of-the-art virtualization technology to combat crimeware and protect customer data, intellectual property and company resources, solving critical business needs without taxing your IT administration. FireEye is based in Menlo Park, CA and backed by Sequoia Capital & Norwest Venture Partners.

Published in: Economy & Finance, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Gigamon U - Eye Of The Fire, Network Malware Control System

  1. 1. FireEye Network Malware Control System Chad Harrington VP of Marketing FireEye, Inc. Proprietary
  2. 2. Overview Crimeware’s rise to prominence Traditional security barriers collapsing FireEye Network Malware Control System FireEye, Inc. Proprietary 2
  3. 3. Understanding Crimeware  Targeted malware for profit  Funded by criminal orgs & online markets  Allows remote control by external parties Computer-based crimes caused $14.2 billion in damages to businesses around the globe in 2005 Cybercrime now ranks among the FBI’s top priorities behind terrorism & espionage. FireEye, Inc. Proprietary 3
  4. 4. The Crimeware Economy FireEye, Inc. Proprietary 4
  5. 5. Impact of Crimeware Attacks  Bottom line losses 20% of notified  Product/service theft customers have  Intellectual property stolen ended business  PC & bandwidth exploited relationship due to breach  Liability & clean-up  Customer notifications & lawsuits  Data restoration & downtime  Brand erosion & loss of customers FireEye, Inc. Proprietary 5
  6. 6. How Does Targeted Malware Infiltrate? 1 Customized attack Common vectors  Mobile laptop  Employee home machine  3rd party, guest PC  Enterprise desktop FireEye, Inc. Proprietary 6
  7. 7. How Does Targeted Malware Infiltrate? 2 Command & control Customized attack Remote Control Established  Begin probing network  Identify high-value victims  Install additional malware  Steal data & information FireEye, Inc. Proprietary 7
  8. 8. How Does Targeted Malware Infiltrate? 3 Command & control Customized attack Targeted infiltration FireEye, Inc. Proprietary 8
  9. 9. How Does Targeted Malware Infiltrate? 4 Command Keyloggers & control Customized  Password crackers attack  Trojans  Spam/Phishbots FireEye, Inc. Proprietary 9
  10. 10. Traditional Security Barriers Collapsing “Botnet worm infections can occur even when the impacted organization has the very latest antivirus signatures and is automatically pushing out OS and application patches.” US-CERT whitepaper  Crimeware is designed to escape attention  Exploits bypass traditional security, such as  Firewalls – use open ports  Antivirus – be slightly new & different  Anomaly detectors – remain calm & look normal FireEye, Inc. Proprietary 10
  11. 11. Targeted Malware Simply Undetectable by Traditional Security Techniques Vulnerable Vulnerability Signature Software Discovered/ or Patch Released Disclosed Released Window of Exploitability Targeted malware has 2 to 6 year window FireEye, Inc. Proprietary 11
  12. 12. FireEye Network Malware Control System Fire  Stops botnet & malware infiltration others do not  Ensures only compliant PCs gain network access  Continuous network traffic analysis  Automatic prevention & enforcement FireEye, Inc. Proprietary 12
  13. 13. What is Network Malware Control? Ensure On-connect network access controls ensures only Compliance compliant machines gain network access Continuous Continuous analysis of network activities for botnet Analysis transmissions & infection attempts Automatic Automatically filter out malicious packets, botnet Enforcement transmissions, and block infected machines FireEye, Inc. Proprietary 13
  14. 14. Ensure Compliant Network Access Network access controls - Limit network access to machines with updated AV signatures & OS patches Remote & LAN users Wireless users WAN/VPN Internet Wireless FireEye, Inc. Proprietary 14
  15. 15. Continuous Analysis using the FireEye Attack Confirmation Technology (FACT) An infinite supply of virtual victim machines analyzes network traffic flows for targeted attacks Mirrored network traffic flows FireEye, Inc. Proprietary 15
  16. 16. Automated Prevention & Enforcement Mobility controllers MAC exclusion, VLAN re- assignment to block infected machines from network et Switches ern Close off / restrict network Int access to infected machines to protect customer data and company resources Packet filtering Productive traffic can continue to flow, but malicious traffic is blocked FireEye, Inc. Proprietary 16
  17. 17. Typical FireEye Deployments Eliminate Network Borne Crimeware from Wireless Users Eliminate Network Borne Crimeware From Remote Branch Offices and Stores WAN Data Center Protect Data Center Windows Eliminate Crimeware Servers from Crimeware From Infiltrating from Internet Backbone Internet FireEye, Inc. Proprietary 17
  18. 18. The FireEye Ecosystem Active collaboration with law enforcement, industry, & security researchers to root out crimeware  Law enforcement & Military  Research institutions  Industry participants  Enterprise customers  Internet Service Providers FireEye, Inc. Proprietary 18
  19. 19. About FireEye, Inc. Dedicated to eradicating malware from the world’s networks  Based in Menlo Park, CA  Led by an experienced team from Sun, Cisco, Aruba, Symantec, Check Point, & McAfee  Online at FireEye, Inc. Proprietary 19
  20. 20. FireEye, Inc. Proprietary 20