ciso-platform-annual-summit-2013-defending-against-APT

169 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
169
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • APTs, like other advanced threats occur in “kill chains” of up to seven stages. Not all threats need to use every stage, and stages may loop back to prior stages extending the 7 Stage process significantly. These steps provide cybercriminals with hundreds or even thousands of ways to create and execute APTs over extended periods of time.Stage 01: Recon - In the RECON stage, cybercriminals research their intended victims using personal, professional and social media websites. They’re looking for information to help them create seemingly trustworthy “lures” that contain links to compromised websites under their control. Some lures use recent disasters, social drama or celebrity deaths to draw on human curiosity.   Stage 02: Lure - Using information collected in the RECON stage, cybercriminals create innocuous-looking “lures” designed to fool users into clicking links which lead to compromised websites. The lures are dangled via email, social media posts or other content that appear to come from trustworthy sources.Stage 03: Redirect - In their lures, cybercriminals may use links that “redirect” users to safe-looking or hidden web pages that contain exploit kits, exploit code or obfuscated scripts. A redirect can analyze a target system or openly prompt a user to make a software update. Stage 04: Exploit Kit - Once a user has clicked on a link to a compromised website, software known as an exploit kit scans the victim’s system to find open vulnerabilities.These weaknesses can become open doors for delivering malware, key loggers or other advanced tools that enable cybercriminals to further infiltrate networks. Stage 05: Dropper File - Once the exploit kit has found a path for delivering malware, the cybercriminal delivers a “dropper file,” typically from another compromised server, to infect the victim’s system. The dropper file may contain software that executes on the victim’s system to begin the process of finding and extracting valuable data. Some dropper files remain dormant for up to a week to avoid detection, and may include downloaders to deliver malware in the future.Stage 06: Call Home - Once the dropper file infects the target system, it “calls home” to a command-and-control server to download additional programs, tools or instructions. This is the first point at which a direct connection is made between the attacker and the infected system. Stage 07: Data Theft - The end-game of most modern cyber attacks, the data theft stage completes the threat kill chain. Cybercriminals steal intellectual property, personally identifiable information or other valuable data for financial gain or for use in other attacks.
  • ciso-platform-annual-summit-2013-defending-against-APT

    1. 1. TRITON STOPS MORE THREATS. WE CAN PROVE IT. © 2013 Websense, Inc. Page 1
    2. 2. TRITON STOPS MORE THREATS. WE CAN PROVE IT. DEFENDING AGAINST ADVANCED PERSISTENT THREATS Ajay Dubey National Manager © 2013 Websense, Inc. Page 2
    3. 3. Agenda • Where is it? • What is it? • Solution © 2013 Websense, Inc. Page 3
    4. 4. Oct 2013 © 2013 Websense, Inc. Page 4
    5. 5. 15 Worst Data Breaches © 2013 Websense, Inc. Page 5 5
    6. 6. Indian Scenario © 2013 Websense, Inc. Page 6
    7. 7. Emerging Target Attack © 2013 Websense, Inc. Page 7
    8. 8. The Seven Stages of Advanced Threats © 2013 Websense, Inc. Page 8
    9. 9. The Threat Landscape has Changed Advanced Threats THEN Attack & Malware Forensics Data Theft NOW THEN NOW Signature Based Zero Day Goal: Damage Goal: Financial gain Hands-Off Hands-on High Volume Low Volume Inbound focus was enough Assume holes in security Reactive Proactive Mass Distribution Trusted Entry Data was easily identifiable Theft can easily be hidden Focus on intrusion prevention Holistic View © 2013 Websense, Inc. THEN NOW Page 9
    10. 10. Some Questions © 2013 Websense, Inc. Page 10
    11. 11. Traditional systems ?? • Traditional Signature-based technology • Zero day – Zero hour – Zero Minute? The Answer Real time Content and Context aware Unified threat analytics © 2013 Websense, Inc. Page 11
    12. 12. TRITON STOPS MORE THREATS. WE CAN PROVE IT. THANK YOU © 2013 Websense, Inc. Page 12

    ×