Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threats (APT) - Webinar 28/1/2016

378 views

Published on

Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site

Published in: Software
  • Be the first to comment

  • Be the first to like this

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threats (APT) - Webinar 28/1/2016

  1. 1. © 2015 IBM Corporation IBM ridefinisce la strategia e l'approccio verso gli Advanced Persistent Threat (APT) Webinar - 28 Gennaio 2016 Luigi Del Grosso, Endpoint & Threat Fabrizio Patriarca, Security Architect Nel caso il collegamento in streaming web non funzioni correttamente, usare i seguenti collegamenti telefonici tradizionali: 800-975100, 02-00621263 - Meeting 80326520 IBM Security Advanced Persistent Threat IBM Security
  2. 2. 2© 2015 IBM Corporation APT and Targeted Attack Methods Evolve Quickly 1. Advanced evasive malware bypasses security controls 2. Credentials are exposed through phishing and 3rd party breach 3. Compromised endpoints and stolen credentials enable access to enterprise networks, systems and data Despite existing controls, employee endpoints are compromised and are used as pivot points into the enterprise network. Compromised Credentials Vulnerability Exploit Malware Infection Malicious Activity Data Access Malicious Communication A $1Billion APT Attack – Carbanak May Just Be the Biggest Cyber Heist Ever
  3. 3. 3© 2015 IBM Corporation Criminals attack the weak link Customer Data and Intellectual Property Employees / Contractors / Partners Easy Easy Cyber Criminals Difficult
  4. 4. 4© 2015 IBM Corporation APTs and Targeted Attacks Credentials Theft **** Phishing Site WWW APTs and Targeted Attacks WWW Exploit Site Malware Infection Weaponized Attachment Malicious Link Credentials Theft Watering Hole Attack Spear Phishing Exploit Data Exfiltration 1:500 PCs infected with Advanced Evasive APT malware! IBM Trusteer Research
  5. 5. 5© 2015 IBM Corporation IBM Security Trusteer Apex Advanced Malware Protection Preemptive, multi-layered protection against advanced malware and credentials theft Effective Real-Time Protection Using multiple layers of defense to break the threat lifecycle Security Analysis and Management Services provided by IBM Trusteer security experts Zero-day Threat Protection Leveraging a positive behavior- based model of trusted application execution Trusteer Apex
  6. 6. 6© 2015 IBM Corporation Dynamic intelligence Crowd-sourced expertise in threat research and dynamic intelligence Global Threat Research and Intelligence • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities,17B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Real-time sharing of Trusteer intelligence NEW Threat Intelligence Malware Analysis Exploit Research Exploit Triage Malware Tracking Zero-day Research
  7. 7. 7© 2015 IBM Corporation Apex multi-layered defense architecture KB to create icon Threat and Risk Reporting Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Exploit Chain Disruption Advanced Malware Detection and Mitigation Malicious Communication Prevention Lockdown for Java Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud • Alert and prevent phishing and reuse on non- corporate sites • Prevent infections via exploits • Zero-day defense by controlling exploit-chain choke point • Mitigates mass- distributed advanced malware infections • Cloud based file inspection for legacy threats • Block malware communication • Disrupt C&C control • Prevent data exfiltration • Prevent high-risk actions by malicious Java applications
  8. 8. 8© 2015 IBM Corporation Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101
  9. 9. 9© 2015 IBM Corporation No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101 Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs)
  10. 10. 10© 2015 IBM Corporation No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
  11. 11. 11© 2015 IBM Corporation No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Breaking the Threat LifeCycle Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint Advanced Malware Prevention Endpoint Vulnerability Reporting Credential Protection Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
  12. 12. 12© 2015 IBM Corporation Exploit chain disruption Disrupt zero day attacks without prior knowledge of the exploit or vulnerability • Correlate application state with post-exploit actions • Apply allow / block controls across the exploit chain Write files Breach other programs Alter registry Other breach methods Monitor post- exploit actions Evaluate application states Exploit propagationApplication states Indicators
  13. 13. 13© 2015 IBM Corporation Lockdown for Java Monitor and control high risk Java application actions • Malicious activity is blocked while legitimate Java applications are allowed • Trust for specific Java apps is granted by Trusteer / IT administrator Monitor and control high-risk activities Malicious app Rogue Java app bypasses Java’s internal controls e.g., Display, local calculation Trusted app Untrusted app Allow low-risk activities e.g., Write to file system, registry change Trusted app Untrusted app Trusted app
  14. 14. 14© 2015 IBM Corporation Malicious communication blocking Block suspicious executables that attempt to compromise other applications or open malicious communication channels 1. Assess process trust level 2. Identify process breach 3. Allow / block external communication Malicious site Legitimate site used as C&C Direct user download Pre-existing infection External Network Zombie process COMMUNICATION PASS-THROUGH DIRECT Identify application breach Allow / blockAssess trust level
  15. 15. 15© 2015 IBM Corporation Corporate Credentials Protection WWW Credential theft via phishing Corporate credential reuse Legitimate corporate site Enter Password Submit: Allow • Detect submission • Validate destination Phishing site Unauthorized legitimate site ******* Authorized site
  16. 16. 16© 2015 IBM Corporation Threat and risk reporting, vulnerability mapping and critical event reporting Identify risks from vulnerabilities and user behavior, help ensure compliance Vulnerability reports Detailed reporting to visualize and understand which endpoints and apps are vulnerable to exploits Corporate credential reports Reporting on which users are re-using credentials and out of security policy guidelines Incident reports Reporting on security incidents – exploits, suspicious communication, infections
  17. 17. 17© 2015 IBM Corporation IBM is uniquely positioned to offer integrated protection  A dynamic, integrated system to disrupt the lifecycle of advanced attacks and prevent loss Open Integrations Global Threat Intelligence Ready for IBM Security Intelligence Ecosystem IBM Security Network Protection XGS Smarter Prevention Security Intelligence IBM Emergency Response Services Continuous Response IBM X-Force Threat Intelligence • Leverage threat intelligence from multiple expert sources • Prevent malware installation and disrupt malware communications • Prevent remote network exploits and limit the use of risky web applications • Discover and prioritize vulnerabilities • Correlate enterprise-wide threats and detect suspicious behavior • Retrace full attack activity, Search for breach indicators and guide defense hardening • Assess impact and plan strategically and leverage experts to analyze data and contain threats • Share security context across multiple products • 100+ vendors, 400+ products Trusteer Apex Endpoint Malware Protection IBM Security QRadar Security Intelligence IBM Security QRadar Incident Forensics IBM Guardium Data Activity Monitoring • Prevent remote network exploits and limit the use of risky web applications IBM Endpoint Manager • Automate and manage continuous security configuration policy compliance
  18. 18. 18© 2015 IBM Corporation Apex integration with the customer SIEM The integration enables organizations to gain full end-to-end visibility into targeted attack, consolidating security event information from targeted endpoints with data gathered from multiple enterprise security controls.  Correlate endpoint security events with multiple enterprise events for end-to-end visibility  Automate endpoint security event notification and response  Integrate with enterprise security controls for wide- spread protection  Enable integration with additional log management/SIEM solutions that support generic Syslog messages
  19. 19. 19© 2015 IBM Corporation IBM Trusteer Apex and IBM BigFix  Extend BigFix ROI by stopping exploits before patches are available  Continuously monitor and protect endpoints – Enforce secure configurations – Deploy security patches – Detect and mitigate advanced malware infections  Effectively respond to security incidents Create the most robust enterprise endpoint security solution available! IBM Trusteer Apex and IBM BigFix Apex– continuously protects in the window between threat and fix Maintenance Patch: BigFix ensures it is quickly deployed on all endpoints Apex identifies and mitigates malware infections in real-time stops zero-day exploits BigFix Incident Response quarantines infected machines BigFix enforces secure configurations Everyone goes back to work on higher value projects Unscheduled Patch: BigFix ensures it is quickly deployed on all endpoints
  20. 20. 20© 2015 IBM Corporation Why Apex  Credential protection  Exploit chain disruption  Malware detection and mitigation  Lockdown for Java  Malicious communication blocking  Low impact to IT security team  Low-footprint threat prevention  Exceptional turnkey service  Combines the renowned expertise of X-Force with Trusteer malware research  100,000,000+ endpoints collecting intelligence  Protection dynamically updated near real-time Apex is redefining endpoint protection against advanced threats with a holistic approach Advanced Multi-Layered Defense Low Operational Impact Dynamic Intelligence
  21. 21. 21© 2015 IBM Corporation www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. IBM Internal and Business Partner Use Only

×