Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Evolving Cybersecurity Threats

103 views

Published on

Drawing from CrowdStrike's work, Cayce Beames will present evolving cybersecurity threats, discussed her thoughts on why traditional security is failing and shared a bit on what this "next generation endpoint protection" is about.

Cayce has been working in technology for over 25 years. From IT Systems Administration to Network Engineering and Internet Security, Risk Management and Compliance Auditing, Cayce has consulted with many Global corporations and traveled extensively. Cayce is currently a governance, risk and compliance analyst at CrowdStrike and founder of the not for profit, public benefit, education for kids organization called "The Computer Club" where she works to inspire kids and adults to address their fear of the unknown and make something awesome with technology.

Published in: Internet
  • Be the first to comment

Evolving Cybersecurity Threats

  1. 1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CYBERSECURITY THREATS & NEXT-GEN ENDPOINT PROTECTION
  2. 2. Cayce Beames  Sr Analyst, GRC at CrowdStrike  25 Years in IT and Security  Really rather technical  Co-founded a kids club to teach electronics, programming and robotics: www.thecomputerclub.org 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  3. 3. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 Cybersecurity Threats 2 Attack Vectors 3 Ransomware 4 Why Traditional Security is Failing 5 What is “Next Gen Endpoint Protection?” 6 Questions / Discussion
  4. 4. CYBERSECURITY THREATS The 100,000ft view 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  5. 5. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DATA BREACHES SINCE 2004 WHAT DO THEY ALL HAVE IN COMMON?
  6. 6. FW AV Sandbox IPS White Listing TO STOP THE BREACH Existing Point Solutions FAILED 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  7. 7. “Legitimate user credentials were used in most hacking related data breaches, with some 81% of them using weak, default, or stolen passwords” 2017 Verizon Data Breach Investigations Report (DBIR) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  8. 8. MALWARE 51% THREAT SOPHISTICATION MALWARE STOPPING MALWARE IS NOT ENOUGH HARDERTOPREVENT &DETECT LOW HIGH HIGH LOW 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  9. 9. THREAT SOPHISTICATION MALWARE NON-MALWARE ATTACKS MALWARE 51% NATION- STATES 49% NON-MALWARE ATTACKS ORGANIZED CRIMINAL GANGS HACKTIVISTS/ VIGILANTES TERRORISTS CYBER- CRIMINALS YOU NEED COMPLETE BREACH PREVENTION HARDERTOPREVENT &DETECT LOW HIGH HIGH LOW 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  10. 10. CYBERSECURITY THREATS A Closer-up View 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  11. 11. CYBERSECURITY THREATS - ADVERSARIES  Adversaries are:  Better funded  More sophisticated  More patient  Attacks are  Well planned  Quietly executed  Often malware free  Encrypted  Cleaned up  leaving less evidence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  12. 12. IRAN RUSSIA 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NATION STATE ADVERSARY GROUPS INDIA NORTH KOREA CHINA ‘PANDA’ ‘BEAR’ ‘CHOLLIMA’ ‘TIGER’ ‘KITTEN’
  13. 13. ADVERSARY PROFILE: ROCKET KITTEN OPERATIONAL WINDOW April 2014 - Present OBJECTIVES Recon Lateral movement Data Theft TARGETING Aerospace Defense Government TOOLS Word Macros Core Impact Gmail C2 FireMalv credential stealer MPK post-exploitation toolkit 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  14. 14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. OTHER ADVERSARY GROUPS SINGING SPIDER UNION SPIDER ANDROMEDA SPIDER CRIMINAL HACKTIVIST/ ACTIVIST/ TERRORIST DEADEYE JACKAL GHOST JACKAL CORSAIR JACKAL EXTREME JACKAL FRATERNAL JACKAL
  15. 15. ATTACK VECTORS A look into a recent case 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  16. 16. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ATTACK: DEMOCRATIC NATIONAL COMMITTEE Suspected Large Scale Phishing Campaign WMI, Powershell and known malware SeaDaddy used. Malware fully modular for command and control IOC’s indicated variation of known adversary, Fancy Bear CrowdStrike observed malicious activity in real time “hands on keyboard” Data was exfiltrated prior to our investigation, but ShimCache showed clear targeting DNC IT team reimages infected systems and builds new domain infrastructure
  17. 17. RANSOMWARE  Propagates through unpatched/unknown ( “0-day” ) vulnerability  Steals credentials  Propagates further with valid credentials and built-in (aka malware free) tools such as WMI and psexec  Encrypts data or master boot record  Asks for ransom to be submitted in bitcoin  Provides multi-language call center for support  May, or may not decrypt your data, may also destroy your data as well  If email/domains are disabled, decryption keys may not be obtained 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  18. 18. WHY TRADITIONAL SECURITY IS FAILING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  19. 19. UNDERTRAINED, UNDEREQUIPPED, UNDERSTAFFED, OVERWORKED  Threats are more complex.  Executives are not the security zealots that the security team is. Security is a steep learning curve for them.  Employees and contractors are pushed harder.  Every budget dollar is scrutinized  Tools are poorly used or are the wrong ones. Drowning in data. 27% of breaches were reported by a 3rd party!  Processes are poorly executed and poorly automated  Training … How does your company train? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  20. 20. Comparative Analysis WHY TRADITIONAL SECURITY IS FAILING Adversary  Well Funded  State vs Corporation  Organized Crime vs Individual  More Sophisticated  Better Tooling  Better Trained  More Patient Organization Security Teams  Funding is up, but to what benefit?  Is it making a difference?  Not very sophisticated  Too much to do  Not enough time  Wrong, or poorly understood tools  Poorly trained  Less patient, too much stress! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  21. 21. WISDOM FROM SUN TZU 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
  22. 22. Do you know if your endpoints are currently compromised by a sophisticated actor? Are you protecting your remote users and compute environments against ransomware and other polymorphic threats? Do your existing security tools stop malware-free breaches? ? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  23. 23. WHAT IS THIS “NEXT GENERATION ENDPOINT PROTECTION” BUSINESS?! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  24. 24. NEXT-GEN ENDPOINT PROTECTION  The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities:  Anti-malware  Personal firewall  Port and device control  EPP solutions will also often include:  Vulnerability assessment  Application control and application sandboxing  Enterprise mobility management (EMM)  Memory protection  Endpoint detection and response (EDR) technology (see "Market Guide for Endpoint Detection and Response Solutions" )  Data protection such as full disk and file encryption  Endpoint data loss prevention (DLP) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  25. 25. Next-Generation Endpoint Protection Cloud Delivered. Enriched by Threat Intelligence MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  26. 26. OLD ENTERPRISE ARCHITECTURE O N P R E M I S E S E C U R I T Y 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  27. 27. MODERN ENTERPRISE ARCHITECTURE CS SecurityCloud MobileWorkerPublicCloud PrivateCloud RemoteWorkerBranchOffice 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  28. 28. PublicCloud PrivateCloud MobileWorkerRemoteWorkerBranchOffice CS SecurityCloud PROTECT ALL OF YOUR ASSETS Nohardwareto deploy andmanage Protectendpointsoutside of the Firewall Real-timeupdates Crowdsourcedintelligence BUSINESS VALUE MODERN ENTERPRISE ARCHITECTURE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  29. 29. NEXT-GEN AVFEATURES Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  30. 30. NEXT-GEN AVBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impact—Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  31. 31. TELEMETRY 170Countries/ 18BEvents per day CORRELATION Real-timeandRetrospective CAPABILITIES Detection/Prevention/Forensics TM Createsa BehavioralIOATimeline FIND THE UNKNOWN UNKNOWNS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  32. 32. ENDPOINT DETECTION AND RESPONSEFEATURES ! PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  33. 33. PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS ENDPOINT DETECTION AND RESPONSE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  34. 34. MANAGED HUNTING BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 FEATURES FINDING THE ADVERSARY So You Don’t Have To 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  35. 35. FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the “Mega” Breach MANAGED HUNTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  36. 36. FALCON ENDPOINT PROTECTION PLATFORM Cloud Delivered SERVICES ENRICHED BY POWERED BY API CROWDSTRIKE THREAT GRAPHTM CROWDSTRIKE INTELLIGENCE CROWDSOURCED INTELLIGENCE THIRD-PARTY INTELLIGENCE FALCON OVERWATCH Managed Hunting FALCON HOST Endpoint Protection FALCON INTELLIGENCE Threat Intelligence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  37. 37. SUGGESTED READING/VIEWING  Gartner Magic Quadrant for Endpoint Protection Platforms 2017 (public web listing)  http://branden.biz/wp-content/uploads/2017/03/Magic-Quadrant-for-Endpoint-Protection-Platforms-2017.pdf  CrowdStrike Cyber Intrusion Services Casebook  https://www.crowdstrike.com/resources/reports/crowdstrike-cyber-intrusion-services-casebook-2016/  CrowdStrike Global Threat Report  https://www.crowdstrike.com/resources/reports/2015-global-threat-report/  FireEye M-Trends Report  https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html  Verizon Data Breach Investigation Report  http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/  George Kurtz presenting at Evolve 2017  https://youtu.be/WtmX-a-cayQ  Abusing WMI, BlackHat 2015, Matt Graeber  https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A- Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  38. 38. THANK YOU Please enjoy some refreshments Cayce Beames Cayce.Beames@crowdstrike.com https://www.linkedin.com/in/caycebeames/ 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

×