Zlatibor asseco-fire eye

763 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
763
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Note:Threats @ perimeter – Network Threat Prevention PlatformData Center – Content Threat Prevention Platform for latent malwareObviously many people are now bringing in mobile devices… with Mobile Threat Prevention, we are able to leverage MVX to now analyze the new class of threats – threats via mobile apps. E.g. apps stealing contacts via mobile apps, which provides the attacker the email information (and legally valid sources) for the next stage of attackOn the endpoint, Mandiant brings us the MSO product, which will be rebranded into the FireEye platform as the Endpoint Threat Prevention PlatformFinally, we have the Email threat Prevention Platform for the spearphishing attacks that attackers use to penetrate organizations.The Threat Analytics Platform is a new product for analyzing advanced threats using a combination of of event logs and security device logs with homegrown threat intelligence from FireEye.
  • Zlatibor asseco-fire eye

    1. 1. Solutions for Demanding Business
    2. 2. solutions for demanding business FireEye – Advance Threat Protection Dane Hinić Senior Consultant dane.hinic@asseco-see.rs
    3. 3. solutions for demanding business 3 Traditional Security Solutions IPS Attack-signature based detection, shallow application analysis, high-false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script- based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Desktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature- based detection (some behavioral); no true spear phishing protection Firewalls/NGFW Block IP/port connections, applicatio n-level control, no visibility Despite all this technology 95% of organizations are compromised
    4. 4. solutions for demanding business Multi-Staged Cyber Attack Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated 1 Callback Server IPSFile Share 2 File Share 1 Exploit Server 5 32 4 1. Exploitation of System 2. Malware Executable Download 3. Callbacks and Control Established 4. Lateral Spread 5. Data Exfiltration Firewall 4
    5. 5. solutions for demanding business What Is An Exploit? Compromised webpage with exploit object 1. Exploit object rendered by vulnerable software 2. Exploit injects code into running program memory 3. Control transfers to exploit code Exploit object can be in ANY web page An exploit is NOT the same as the malware executable file! 5
    6. 6. solutions for demanding business Structure of a Multi-Flow APT Attack Exploit Server Embedded Exploit Alters Endpoint 1 6
    7. 7. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Embedded Exploit Alters Endpoint 1 Callback2 7
    8. 8. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 8
    9. 9. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Command and Control Server Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 Callback and data exfiltration 4 9
    10. 10. solutions for demanding business FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE 10
    11. 11. solutions for demanding business Who detected the attack first? (Detections by month) 0 5000 10000 15000 20000 25000 30000 07/13 08/13 09/13 10/13 11/13 12/13 FireEye found First Detected by vendor in VirusTotal 11
    12. 12. Industry: Government (Federal) Top APT Business Impact Backdoor.APT. Houdini(25%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Malware.Archive (68%) Malware is discovered inside archive file (ZIP, RAR) Malware.Binary (52%) Loss of sensitive financial information, e.g. credit card, banking login FireEye PoV Customers Compromised HadAPT 31 100% 39% 0.39 2.63 11058.1 11046.3 303.06 4939 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 164.75 13.95 350.44 352.55 MaxAverage(Per Week)
    13. 13. Industry: High-Tech Top APT Business Impact Backdoor.APT. Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of intellectual property, trade secret, and sensitive internal communication.Backdoor.APT. DarkComet (40%) Top Crimeware Business Impact Malware.Binary (67%) Never-seen-before malware. Signature based protection defenseless. Exploit.Kit.Neutrino (67%) Infection with several types of malware that steal credentials or restrict access to computer and demands ransom. FireEye PoV Customers Compromised HadAPT 18 100% 28% 1.46 8.66 41486.9 43022.5 86.92 3011.14 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 198.9 12.9 2708.9 2629.8 MaxAverage(Per Week)
    14. 14. Industry: Financial Top APT Business Impact Backdoor.APT.Houdini (29%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Exploit.Browser (66%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Exploit.Kit.Neutrino (54%) Infection with several types of malware that steal credentials or restrict access to computer and demand ransom. FireEye PoV Customers Compromised HadAPT 71 99% 10% 0.78 5.68 1602.83 1405.78 174.1 3183.1 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 90.48 6.26 24.21 34.85 MaxAverage(Per Week)
    15. 15. Industry: Services / Consulting / VAR Top APT Business Impact Backdoor.APT.XtremeRA T (50%) Being victim of common RATs capabilities including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. Top Crimeware Business Impact Exploit.Browser (53%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Malware.Archive (53%) Malware is discovered inside archive file (ZIP, RAR) FireEye PoV Customers Compromised HadAPT 19 100% 11% 1.75 20.77 83.06 52.15 151.15 187.85 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 18.05 12.23 5.57 13.34 MaxAverage(Per Week)
    16. 16. solutions for demanding business FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention DynamicThreat Intelligence NetworkThreat Prevention ContentThreat Prevention MobileThreat Prevention EndpointThreat Prevention EmailThreat Prevention
    17. 17. Dane Hinić dane.hinic@asseco-see.rs

    ×