Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Malware detection how to spot infections early with alien vault usm


Published on

Learn about common type of malware such as rootkit, backdoor/RAT and ransomware and how to detect them with AlienVault USM.

Published in: Technology
  • Be the first to comment

Malware detection how to spot infections early with alien vault usm

  1. 1. Agenda • The changing threat landscape • Malware 101 • Evasion Tactics • Demo: Using USM to Detect Malware • Correlation directives • Detecting communications with a C&C server • Incident investigation Malware Detection: How to Spot Infections Early
  2. 2. • More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons. • The number of organizations experiencing high profile breaches is unprecedented. • The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical. Threat landscape: Our new reality 60% In 60% of cases, attackers are able to compromise an organization within minutes. Source: Verizon Data Breach Report, 2015 Malware Detection: How to Spot Infections Early
  3. 3. @AlienVault “There are two types of companies that use computers. Victims of crime that know they are victims of crime and victims of crime that don’t have a clue yet.” - Jim Routh CISO, Aetna
  4. 4. Prevent Detect & Respond Prevention is elusive vs Malware Detection: How to Spot Infections Early
  5. 5. Malware 101 – Terminology mal·ware Portmanteau of ‘malicious software’ and is a general term for any software used to gain unauthorized access, steal data, or disrupt normal operation Common ‘types’ include: • Virus: malware that spreads once it establishes a foothold • Trojan horse: malware disguised as normal or innocuous Malware Detection: How to Spot Infections Early
  6. 6. Malware 101 – Terminology • Rootkit: designed to run with elevated privileges, either via admin install or privilege escalation • Backdoor/RAT: persistent remote access tool that allows attackers access after their initial breach • Ransomware: encrypts a user’s file system (targeted or complete) and then demands a ransom for their decryption Malware Detection: How to Spot Infections Early
  7. 7. Evasion tactics • Hibernation: allows malware to remain dormant for a period after a breach for execution later • Polymorphic code: used to evade signature-based detection methods by changing the makeup of the software itself • Service control: starting/stopping/halting services and processes to confuse detection methods or render them inoperable • Domain Generation Algorithm (DGA): randomizes the command and control (C&C) server domain; reduces chance of domain blacklisted, listed on OTX, etc. • Plugins: ability to modify/update code, download second stage malware easily Malware Detection: How to Spot Infections Early
  8. 8. Firewalls/Antivirus are not enough • Firewalls are usually not the target – too difficult to effectively penetrate • Endpoints are the target, usually via email, url redirects, misc malicious files, etc. • With 160,000 new malware samples seen every day, antivirus apps will not find every threat • Needs to be bolstered by regular and comprehensive monitoring Malware Detection: How to Spot Infections Early
  9. 9. Unified Security Management Unified Security Management Platform A single platform for simplified, accelerated threat detection, incident response & policy compliance AlienVault Labs Threat Intelligence Correlation rules and directives written by our AlienVault Labs team and displayed through the USM interface Open Threat Exchange The world’s largest repository of crowd-sourced threat data providing a continuous view of real time threats that may have penetrated the company’s defenses. Malware Detection: How to Spot Infections Early
  10. 10. AlienVault Labs Threat Intelligence Weekly updates to correlation directives to detect emerging threats, like: • Exploitation & Installation, Malicious website - Exploit Kit, Java Rhino • Exploitation & Installation, Suspicious File, Document with macros • System Compromise, Trojan infection, Zeus • System Compromise, Trojan infection, Sc-Keylog Keylogger • System Compromise, Malware infection, SpeedingUpMyPC.Rootkit • System Compromise, Trojan infection, Cryptolocker • System Compromise, Malware RAT, FF-RAT Malware Detection: How to Spot Infections Early
  11. 11. WWW.ALIENVAULT.COM 888.613.6023 HELLO@ALIENVAULT.COM Now for some Questions.. Download a Free 30-Day Trial of USM Check out our 15-Day Trial of USM for AWS Try our Interactive Demo Site Join OTX: Malware Detection: How to Spot Infections Early