Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Solutions for Demanding Business
solutions for demanding business FireEye – Advance Threat Protection Dane Hinić Senior Consultant dane.hinic@asseco-see.rs
solutions for demanding business 3 Traditional Security Solutions IPS Attack-signature based detection, shallow applicatio...
solutions for demanding business Multi-Staged Cyber Attack Exploit Detection is Critical All Subsequent Stages can be Hidd...
solutions for demanding business What Is An Exploit? Compromised webpage with exploit object 1. Exploit object rendered by...
solutions for demanding business Structure of a Multi-Flow APT Attack Exploit Server Embedded Exploit Alters Endpoint 1 6
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Embedded Exploit Alter...
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Embe...
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Comm...
solutions for demanding business FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E...
solutions for demanding business Who detected the attack first? (Detections by month) 0 5000 10000 15000 20000 25000 30000...
Industry: Government (Federal) Top APT Business Impact Backdoor.APT. Houdini(25%) Loss of sensitive information. Houdini i...
Industry: High-Tech Top APT Business Impact Backdoor.APT. Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of in...
Industry: Financial Top APT Business Impact Backdoor.APT.Houdini (29%) Loss of sensitive information. Houdini is believed ...
Industry: Services / Consulting / VAR Top APT Business Impact Backdoor.APT.XtremeRA T (50%) Being victim of common RATs ca...
solutions for demanding business FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat ...
Dane Hinić dane.hinic@asseco-see.rs
Upcoming SlideShare
Loading in …5
×

Zlatibor asseco-fire eye

907 views

Published on

Published in: Education, Technology
no profile picture user

  • Be the first to comment

  • Be the first to like this

Zlatibor asseco-fire eye

  1. 1. Solutions for Demanding Business
  2. 2. solutions for demanding business FireEye – Advance Threat Protection Dane Hinić Senior Consultant dane.hinic@asseco-see.rs
  3. 3. solutions for demanding business 3 Traditional Security Solutions IPS Attack-signature based detection, shallow application analysis, high-false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script- based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Desktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature- based detection (some behavioral); no true spear phishing protection Firewalls/NGFW Block IP/port connections, applicatio n-level control, no visibility Despite all this technology 95% of organizations are compromised
  4. 4. solutions for demanding business Multi-Staged Cyber Attack Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated 1 Callback Server IPSFile Share 2 File Share 1 Exploit Server 5 32 4 1. Exploitation of System 2. Malware Executable Download 3. Callbacks and Control Established 4. Lateral Spread 5. Data Exfiltration Firewall 4
  5. 5. solutions for demanding business What Is An Exploit? Compromised webpage with exploit object 1. Exploit object rendered by vulnerable software 2. Exploit injects code into running program memory 3. Control transfers to exploit code Exploit object can be in ANY web page An exploit is NOT the same as the malware executable file! 5
  6. 6. solutions for demanding business Structure of a Multi-Flow APT Attack Exploit Server Embedded Exploit Alters Endpoint 1 6
  7. 7. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Embedded Exploit Alters Endpoint 1 Callback2 7
  8. 8. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 8
  9. 9. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Command and Control Server Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 Callback and data exfiltration 4 9
  10. 10. solutions for demanding business FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE 10
  11. 11. solutions for demanding business Who detected the attack first? (Detections by month) 0 5000 10000 15000 20000 25000 30000 07/13 08/13 09/13 10/13 11/13 12/13 FireEye found First Detected by vendor in VirusTotal 11
  12. 12. Industry: Government (Federal) Top APT Business Impact Backdoor.APT. Houdini(25%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Malware.Archive (68%) Malware is discovered inside archive file (ZIP, RAR) Malware.Binary (52%) Loss of sensitive financial information, e.g. credit card, banking login FireEye PoV Customers Compromised HadAPT 31 100% 39% 0.39 2.63 11058.1 11046.3 303.06 4939 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 164.75 13.95 350.44 352.55 MaxAverage(Per Week)
  13. 13. Industry: High-Tech Top APT Business Impact Backdoor.APT. Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of intellectual property, trade secret, and sensitive internal communication.Backdoor.APT. DarkComet (40%) Top Crimeware Business Impact Malware.Binary (67%) Never-seen-before malware. Signature based protection defenseless. Exploit.Kit.Neutrino (67%) Infection with several types of malware that steal credentials or restrict access to computer and demands ransom. FireEye PoV Customers Compromised HadAPT 18 100% 28% 1.46 8.66 41486.9 43022.5 86.92 3011.14 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 198.9 12.9 2708.9 2629.8 MaxAverage(Per Week)
  14. 14. Industry: Financial Top APT Business Impact Backdoor.APT.Houdini (29%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Exploit.Browser (66%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Exploit.Kit.Neutrino (54%) Infection with several types of malware that steal credentials or restrict access to computer and demand ransom. FireEye PoV Customers Compromised HadAPT 71 99% 10% 0.78 5.68 1602.83 1405.78 174.1 3183.1 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 90.48 6.26 24.21 34.85 MaxAverage(Per Week)
  15. 15. Industry: Services / Consulting / VAR Top APT Business Impact Backdoor.APT.XtremeRA T (50%) Being victim of common RATs capabilities including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. Top Crimeware Business Impact Exploit.Browser (53%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Malware.Archive (53%) Malware is discovered inside archive file (ZIP, RAR) FireEye PoV Customers Compromised HadAPT 19 100% 11% 1.75 20.77 83.06 52.15 151.15 187.85 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 18.05 12.23 5.57 13.34 MaxAverage(Per Week)
  16. 16. solutions for demanding business FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention DynamicThreat Intelligence NetworkThreat Prevention ContentThreat Prevention MobileThreat Prevention EndpointThreat Prevention EmailThreat Prevention
  17. 17. Dane Hinić dane.hinic@asseco-see.rs

×