This document discusses advanced threat protection and FortiSandbox. It notes that prevention techniques sometimes fail, so detection and response tools are needed to reduce the time it takes to find, investigate, and remediate incidents. Sandboxing is introduced as an effective technique that runs suspicious objects in a contained virtual environment to analyze behavior and uncover threats. FortiSandbox is highlighted as a solution that integrates with FortiGate and other Fortinet products to provide detection, analysis, and sharing of threat intelligence across the network to improve security.
OPSWAT CEO, Benny Czarny discusses the data security challenge. How can organizations determine whether data is helpful or harmful? How can they create good security policies based on this information? How can this be accomplished while making sure all users can access the tools and information they need to accomplish their goals?
Understanding the Cyber Security Vendor LandscapeSounil Yu
We are often inundated with vendors offering their products and services to solve our various information security problems. How can you make sense of the wide range of technologies and ensure that your control gaps are being covered? Where are opportunities for technology disruption? Where are you overly reliant on technology? This is a framework for understanding security technologies so that you can align vendors in the right bucket to ensure that you have the suite of technologies that you need to execute your information security mission.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
Tony Berning, Senior Product Manager at OPSWAT, gave a talk on Securing Critical Infrastructure, using multiple anti-malware engines and other methods, to an audience of academic researchers, operators of power plants and other workers in critical infrastructure. The presentation introduced the basics of multi-scanning and the benefits of utilizing multiple anti-malware engines to scan files. The presentation also covered topics related to defining and setting appropriate security policies for various user groups and outlining common security architectures.
OPSWAT CEO, Benny Czarny discusses the data security challenge. How can organizations determine whether data is helpful or harmful? How can they create good security policies based on this information? How can this be accomplished while making sure all users can access the tools and information they need to accomplish their goals?
Understanding the Cyber Security Vendor LandscapeSounil Yu
We are often inundated with vendors offering their products and services to solve our various information security problems. How can you make sense of the wide range of technologies and ensure that your control gaps are being covered? Where are opportunities for technology disruption? Where are you overly reliant on technology? This is a framework for understanding security technologies so that you can align vendors in the right bucket to ensure that you have the suite of technologies that you need to execute your information security mission.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
Tony Berning, Senior Product Manager at OPSWAT, gave a talk on Securing Critical Infrastructure, using multiple anti-malware engines and other methods, to an audience of academic researchers, operators of power plants and other workers in critical infrastructure. The presentation introduced the basics of multi-scanning and the benefits of utilizing multiple anti-malware engines to scan files. The presentation also covered topics related to defining and setting appropriate security policies for various user groups and outlining common security architectures.
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
As we get to know what life in the digital domain is like, one of the revelations we've had is that many large and plenty of smaller organisations are targets of espionage, of the nefarious APT.
During the last decade, it has become gospel to wait, watch, analyse and learn if you detect such an attacker in your infrastructure. Why? Because you get one chance to do the eviction of the attacker right. And if you fail, all your efforts will eventually have been for nothing.
But for how long should you wait and watch? When have you watched long enough? When have you learned enough? And how do you make that decision?
That is the challenge I hope the Cyber Threat Intelligence Matrix can help you face in a more structured manner.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
As we get to know what life in the digital domain is like, one of the revelations we've had is that many large and plenty of smaller organisations are targets of espionage, of the nefarious APT.
During the last decade, it has become gospel to wait, watch, analyse and learn if you detect such an attacker in your infrastructure. Why? Because you get one chance to do the eviction of the attacker right. And if you fail, all your efforts will eventually have been for nothing.
But for how long should you wait and watch? When have you watched long enough? When have you learned enough? And how do you make that decision?
That is the challenge I hope the Cyber Threat Intelligence Matrix can help you face in a more structured manner.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
Targeted attacks need targeted Defense
What protocol should we use for CTI information exchange?
How should we describe our indicators of compromise
Structured threat information expression (STIX)
How we can keep information within our defined trust boundaries?
Where to store IOCs?
Threat Intelligence Feeds Lifecycle
How to measure the CTI process?
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
How to protect your corporate from advanced attacksMicrosoft
Cybersecurity is a top priority for CSO/CISO and the budget allocated, especially in a large organization, is growing. The complexity and sophistication
of cyber threats are increasing. What are these current threats and how can Microsoft help your organization in their efforts to eliminate cyber threats?
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Despite billions spent on enterprise cyber security, breaches from advanced attacks, costing millions, are occurring on a daily basis.
Our Solution: Complete Near Real-time Network Security Visibility and Awareness: If security analysts could see everything occurring on their network in real-time, breaches would occur but there would never be catastrophic damage – breach reaction would be almost instantaneous. Novetta Cyber Analytics is a linchpin enterprise security solution that enables security analysts, for the first time, to see a complete, near real-time, uncorrupted picture of their entire network. Security analysts then ask and receive answers to subtle questions – at the speed of thought – to enable detection, triage and response to breaches as they occur.
The Benefits: Increase events-responded-to an estimated 30X over.
Substantially reduce or eliminate damage from breaches.
Create a dramatically more effective and efficient security team.
Maximize current security infrastructure investment.
Be far more confident that your network is actually secure.
OUR DIFFERENTIATORS:
Understands the truth of what is happening on your network.
Detects advanced attacks that have breached perimeter defenses.
Develops a complete, near real-time understanding of suspicious behaviour.
Develops a battleground understanding of your entire security situation.
Augments current security solutions.
Proven speed, scale and effectiveness on the largest, most attacked networks on earth.
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together. Presented at SplunkLive! Stockholm October 2015 for more information please visit http://live.splunk.com/stockholm
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunk
Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together.
a brief introduction of cyber war and its methods, may be called "cyber warfare introduction" . i have good knowledge on this domain and i practically follow this method. in this presentation i explain the reference 50% and it will complete on my next upload. please give your feedback if any suggestions to help me. thank you.
Defending Against the Dark Arts of LOLBINS Brent Muir
Copy of my slides from my 2020 Poland Confidence presentation...
This talk will provide an overview of the LOLBIN/LOLBAS estate, why they are a preferred attack tool over malware, and how organisations can better secure their estate against their abuse.
Core Web Vitals SEO Workshop - improve your performance [pdf]Peter Mead
Core Web Vitals to improve your website performance for better SEO results with CWV.
CWV Topics include:
- Understanding the latest Core Web Vitals including the significance of LCP, INP and CLS + their impact on SEO
- Optimisation techniques from our experts on how to improve your CWV on platforms like WordPress and WP Engine
- The impact of user experience and SEO
SMM Cheap - No. 1 SMM panel in the worldsmmpanel567
Boost your social media marketing with our SMM Panel services offering SMM Cheap services! Get cost-effective services for your business and increase followers, likes, and engagement across all social media platforms. Get affordable services perfect for businesses and influencers looking to increase their social proof. See how cheap SMM strategies can help improve your social media presence and be a pro at the social media game.
Digital marketing is the art and science of promoting products or services using digital channels to reach and engage with potential customers. It encompasses a wide range of online tactics and strategies aimed at increasing brand visibility, driving website traffic, generating leads, and ultimately, converting those leads into customers.
https://nidmindia.com/
Financial curveballs sent many American families reeling in 2023. Household budgets were squeezed by rising interest rates, surging prices on everyday goods, and a stagnating housing market. Consumers were feeling strapped. That sentiment, however, appears to be waning. The question is, to what extent?
To take the pulse of consumers’ feelings about their financial well-being ahead of a highly anticipated election, ThinkNow conducted a nationally representative quantitative survey. The survey highlights consumers’ hopes and anxieties as we move into 2024. Let's unpack the key findings to gain insights about where we stand.
Is AI-Generated Content the Future of Content Creation?Cut-the-SaaS
Discover the transformative power of AI in content creation with our presentation, "Is AI-Generated Content the Future of Content Creation?" by Puran Parsani, CEO & Editor of Cut-The-SaaS. Learn how AI-generated content is revolutionizing marketing, publishing, education, healthcare, and finance by offering unprecedented efficiency, creativity, and scalability.
Understanding
AI-Generated Content:
AI-generated content includes text, images, videos, and audio produced by AI without direct human involvement. This technology leverages large datasets to create contextually relevant and coherent material, streamlining content production.
Key Benefits:
Content Creation: Rapidly generate high-quality content for blogs, articles, and social media.
Brainstorming: AI simulates conversations to inspire creative ideas.
Research Assistance: Efficiently summarize and research information.
Market Insights:
The content marketing industry is projected to grow to $17.6 billion by 2032, with AI-generated content expected to dominate over 55% of the market.
Case Study: CNET’s AI Content Controversy:
CNET’s use of AI for news articles led to public scrutiny due to factual inaccuracies, highlighting the need for transparency and human oversight.
Benefits Across Industries:
Marketing: Personalize content at scale and optimize engagement with predictive analytics.
Publishing: Automate content creation for faster publication cycles.
Education: Efficiently generate educational materials.
Healthcare: Create accurate content for patients and professionals.
Finance: Produce timely financial content for decision-making.
Challenges and Ethical Considerations:
Transparency: Disclose AI use to maintain trust.
Bias: Address potential AI biases with diverse datasets.
SEO: Ensure AI content meets SEO standards.
Quality: Maintain high standards to prevent misinformation.
Conclusion:
AI-generated content offers significant benefits in efficiency, personalization, and scalability. However, ethical considerations and quality assurance are crucial for responsible use. Explore the future of content creation with us and see how AI is transforming various industries.
Connect with Us:
Follow Cut-The-SaaS on LinkedIn, Instagram, YouTube, Twitter, and Medium. Visit cut-the-saas.com for more insights and resources.
When most people in the industry talk about online or digital reputation management, what they're really saying is Google search and PPC. And it's usually reactive, left dealing with the aftermath of negative information published somewhere online. That's outdated. It leaves executives, organizations and other high-profile individuals at a high risk of a digital reputation attack that spans channels and tactics. But the tools needed to safeguard against an attack are more cybersecurity-oriented than most marketing and communications professionals can manage. Business leaders Leaders grasp the importance; 83% of executives place reputation in their top five areas of risk, yet only 23% are confident in their ability to address it. To succeed in 2024 and beyond, you need to turn online reputation on its axis and think like an attacker.
Key Takeaways:
- New framework for examining and safeguarding an online reputation
- Tools and techniques to keep you a step ahead
- Practical examples that demonstrate when to act, how to act and how to recover
Top 3 Ways to Align Sales and Marketing Teams for Rapid GrowthDemandbase
In this session, Demandbase’s Stephanie Quinn, Sr. Director of Integrated and Digital Marketing, Devin Rosenberg, Director of Sales, and Kevin Rooney, Senior Director of Sales Development will share how sales and marketing shapes their day-to-day and what key areas are needed for true alignment.
5 big bets to drive growth in 2024 without one additional marketing dollar AND how to adapt to the biggest shifting eCommerce trend- AI.
1) Romance Your Customers - Retention
2) ‘Alternative’ Lead Gen - Advocacy
3) The Beautiful Basics - Conversion Rate Optimization
4) Land that Bottom Line - Profitability
5) Roll the Dice - New Business Models
In this presentation, Danny Leibrandt explains the impact of AI on SEO and what Google has been doing about it. Learn how to take your SEO game to the next level and win over Google with his new strategy anyone can use. Get actionable steps to rank your name, your business, and your clients on Google - the right way.
Key Takeaways:
1. Real content is king
2. Find ways to show EEAT
3. Repurpose across all platforms
10 Video Ideas Any Business Can Make RIGHT NOW!
You'll never draw a blank again on what kind of video to make for your business. Go beyond the basic categories and truly reimagine a brand new advanced way to brainstorm video content creation. During this masterclass you'll be challenged to think creatively and outside of the box and view your videos through lenses you may have never thought of previously. It's guaranteed that you'll leave with more than 10 video ideas, but I like to under-promise and over-deliver. Don't miss this session.
Key Takeaways:
How to use the Video Matrix
How to use additional "Lenses"
Where to source original video ideas
Come learn how YOU can Animate and Illuminate the World with Generative AI's Explosive Power. Come sit in the driver's seat and learn to harness this great technology.
The Forgotten Secret Weapon of Digital Marketing: Email
Digital marketing is a rapidly changing, ever evolving industry--Influencers, Threads, X, AI, etc. But one of the most effective digital marketing tools is also one of the oldest: Email. Find out from two Houston-based digital experts how to maximize your results from email.
Key Takeaways:
Email has the best ROI of any digital tactic
It can be used at any stage of the customer journey
It is increasingly important as the cookie-less future gets closer and closer
Most small businesses struggle to see marketing results. In this session, we will eliminate any confusion about what to do next, solving your marketing problems so your business can thrive. You’ll learn how to create a foundational marketing OS (operating system) based on neuroscience and backed by real-world results. You’ll be taught how to develop deep customer connections, and how to have your CRM dynamically segment and sell at any stage in the customer’s journey. By the end of the session, you’ll remove confusion and chaos and replace it with clarity and confidence for long-term marketing success.
Key Takeaways:
• Uncover the power of a foundational marketing system that dynamically communicates with prospects and customers on autopilot.
• Harness neuroscience and Tribal Alignment to transform your communication strategies, turning potential clients into fans and those fans into loyal customers.
• Discover the art of automated segmentation, pinpointing your most lucrative customers and identifying the optimal moments for successful conversions.
• Streamline your business with a content production plan that eliminates guesswork, wasted time, and money.
How to Use AI to Write a High-Quality Article that Ranksminatamang0021
In the world of content creation, many AI bloggers have drifted away from their original vision, resulting in low-quality articles that search engines overlook. Don't let that happen to you! Join us to discover how to leverage AI tools effectively to craft high-quality content that not only captures your audience's attention but also ranks well on search engines.
Disclaimer: Some of the prompts mentioned here are the examples of Matt Diggity. Please use it as reference and make your own custom prompts.
The digital marketing industry is changing faster than ever and those who don’t adapt with the times are losing market share. Where should marketers be focusing their efforts? What strategies are the experts seeing get the best results? Get up-to-speed with the latest industry insights, trends and predictions for the future in this panel discussion with some leading digital marketing experts.
First Things First: Building and Effective Marketing Strategy
Too many companies (and marketers) jump straight into activation planning without formalizing a marketing strategy. It may seem tedious, but analyzing the mindset of your targeted audiences and identifying the messaging points most likely to resonate with them is time well spent. That process is also a great opportunity for marketers to collaborate with sales leaders and account managers on a galvanized go-to-market approach. I’ll walk you through the methods and tools we use with our clients to ensure campaign success.
Key Takeaways:
-Recognize the critical role of strategy in marketing
-Learn our approach for building an actionable, effective marketing strategy
-Receive templates and guides for developing a marketing strategy
2. 2
Why Talk about Advanced Threat Protection
“New Studies Reveal Companies are Attacked an
Average of 17,000 Times a Year.”
“Companies like J.P. Morgan Plan to Double
Spending on Cyber security…”
“Cybercrime Will Remain a Growth Industry for the
Foreseeable Future.”
“The Reality of the Internet of Things is the
Creation of More Vulnerabilities.”
“43% of firms in the United States have experienced
a data breach in the past year.”
3. 3
Companies should be concerned
Prevention techniques sometimes fail, so detection and response tools,
processes, & teams must be added
FACT:
GOAL: Reduce time to Find/Detect incidents
Reduce time to Investigate incidents
Reduce time to Remediate incidents
229days
Average time attackers were on a network before detection
67%
Victims were notified by an external entity
5. 5
Kill Chain of an Advanced Attack
Spam
Malicious
Email
Malicious
Web Site
Exploit
Malware
Command &
Control Center
Bots leverage legitimate IPs to pass
filters. Social engineering fools recipient.
Malicious
Link
Bot Commands
& Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Control/
IP Reputation
Fast flux stays ahead
of web ratings
Zero-days pass IPS
Compression passes
static inspection
Encrypted communication
passes controls
6. 6
Idon’tknowware Is A Big Part of Problem
Known
Good
Known
Bad
Probably
Good
Very
Suspicious
Somewhat
Suspicious
Might be
Good
Completely
Unknown
Whitelists Reputation:
File, IP, App, Email
App Signatures
Digitally signed files
Blacklists
Signatures
Heuristics
Reputation:
File, IP,
App, Email
Generic Signatures
Code
Continuum
Security
Technologies
Sandboxing
Sources:
Verizon 2015 Data Breach Investigations Report, April 2015
8. 8
Random Detection
(average 200 days,
prior to response)
DURATION
IMPACT
Sandbox Only
Detection &
Response (days)
A Good Sandbox Reduces Dwell Time, Risk, Impact
9. 9
Introducing FortiSandbox
Flags objects within traffic for more inspection
Runs objects in a contained environment,
analyzing activity
Provides a malicious or low/medium/
high risk rating
Uncovers and distributes threat
intelligence for remediation/protection
Detects call back attempts related
to sophisticated attacks
3 modes of operation
» Sniffer: span port mode to capture all packets
» On-demand: manual submission & analysis of files
» Integrated: with FortiGate, FortiMail, FortiWeb, FortiSwitch and/or FortiClient
Network Traffic
Cloud
File Query
AV
Prefilter
Code
Emulation
Full
Sandbox
Callback
Detection
10. 10
VMs NA 2+ 8 28
Form
Cloud service integrated
with FortiGate
Virtual appliance Physical appliance Physical appliance
FortiSandbox 1000D
FortiSandbox Platform Options
FortiSandbox VM
FortiSandbox 3000D
FortiSandbox Cloud
11. 11
FortiSandbox – 5 Steps to Better Performance
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
• Quickly simulate intended activity – Fortinet patented CPRL
• OS independent & immune to evasion – high catch rate
• Apply top-rated anti-malware engine
• Examine real-time, full lifecycle activity in the sandbox
to get the threat to expose itself
• Check community intelligence & file reputation
• Identify the ultimate aim, call back & exfiltration
• Mitigate w/ analytics & FortiGuard updates
12. 12
Top-rated Breach Detection (NSS
Labs Recommended)
» 99% detection
» Results delivered w/in 1 min most of
the time
Top Rated Sandbox
Independent third-party
tested & validated!
14. 14
ATP Framework in Action
Unknown URLs and Files
submission to FortiSandbox
FortiSandbox
FortiGate
FortiWeb
FortiMail
FortiClient
Web
Server
Mail
Server
Extended and fast protection
Internet
Full NGFW inspection performed on FortiGate.
At risk objects sent to FortiSandbox Reputation, behavior and other
analysis performed by FortiMail.
At risk messages held for
additional FortiSandbox analysis.
15. 15
Detect to Mitigate to Prevent
Updates to
Preventative Security
Updated IP sender
reputations
New web site ratings
used for web filtering
New IPS rules and
botnet detection to
block command and
control traffic
Updated anti-malware
detection for this and
similar attachments
Detection and analysis
Sandbox object behavior analysis
& details
Suspicious activity: privilege
modification, file creation,
modification & deletion
Malicious activity: initiated traffic,
encrypted traffic, DNS query
File names, URLs, IP addresses
Immediate Remediation
Block email sender IP from delivering any other messages to employees.
Prevent communication with this command & control
Quarantine recipient devices
Confirm compromise and remove malicious files
16. 16
How To Move From Detection/Response To Prevention?
Random Detection
(average 229 days,
prior to response)
DURATION
IMPACT
Sandbox
Only
Detection &
Response (days)
Sandbox +
FortiMail/
FortiClient
Prevention
(0-second)
Sandbox +
FortiGate/FortiWe
b Detect & Respond
(minutes)
Hello. Today we are going to talk about advanced attacks and advanced threat protection from Fortinet. We’ll also go into some detail on FortiSandbox, a key element of Fortinet’s complete advanced threat protection solution.
The threat landscape just keeps escalating and these days there is a lot of scrutiny over IT security because a successful data breach can be headline news. Certainly we’ve seen many very high profile companies and brands in the news with massive data breaches.
The risk environment has made a lot of organizations start to pay more attention to their security measures.
Viruses and hackers are not new, so what’s changed?
There are many more different types of devices attacked to the network than ever before. And this Internet of Things includes many devices that do not have the ability to maintain regular security updates and it includes many devices and applications made for consumer use that are now being used within the enterprise.
The cybercrime economy has matured and is a profitable industry that is more accessible than ever to black hat entrepreneurs.
There is much higher awareness of the risk due to laws requiring public disclosure of a breach and the subsequent press coverage some breaches get.
Hackers are getting even more sophisticated in how they orchestrate attacks in order to get around existing security coverage.
You may have any number of excellent security technologies in place already in your organization – things such as firewalls, VPNs, authentication, antivirus, web filtering, IPS, and antispam. This is good and these solutions will prevent a lot of threats from ever impacting your organization. However, nothing is 100% and sometimes advanced attacks will find a way to get through these prevention techniques. You need to be ready to deal with these types of advanced targeted attacks.
In recent breaches it took 229 days on average to detect an attack that’s gotten on the network if it has managed to slip past existing defenses. And in 67% of the time the victim organizations only learned about the breach from an external entity.
Clearly no organization wants to be part of this statistic.
The goal behind advanced threat detection is to prevent what attacks you can and then, accepting that some things will get through, to reduce the time to find and detect an attack. And once youv’e identified an attack, reduce the time it takes to investigate and analyze the threat. Finally, with this intelligence in hand you can more quickly remediate any impact on your organization.
So how does an advanced attack work? Here’s a snapshot of a typical kill chain for an advanced attack and the typical security technologies that are in play in order to block that attack and break the kill chain.
The number one, most popular method for initiating an advanced attack is to send a malicious email to the target. This email may have a malicious file attachment or a URL that connects to a malicious web site. You hope your anti-spam will stop this email from ever reaching an end user target. However there are ways to get around antispam and other email gateway security techniques. For example Bots may leverage legitimate (but compromised) IPs from which to send the email or they may use targeted spear phishing techniques and social engineering to get through filters and to entice an end users to click on a URL. They may encrypt a malicious attachment to hide it from AV scanning.
If an email with a malicious URL gets through and an end user clicks on that URL link, you hope your web filtering protection will stop the user from ever connecting to that malicious web site and in many cases this will work. However, some attackers use a fast flux approach, only using a site for a few days or a few hours – harvesting what they can before moving on to another URL.
If the end user connects with the malicious web site, that site will launch exploits at the user and you hope your Intrusion prevention will block the attack. However exploits can slip through by taking advantage of zero-day vulnerabilities, new variants, and encryption.
If an exploit gets through, you hope you will catch any malware it tries to deliver with your antivirus. And many times this will work but sometimes it doesn’t. Malware can use file compression, encryption, and new malware variants to get through an AV filter.
If that malware gets into the organization, it will try to proliferate and it will look for valuable data to collect. Eventually it will try to exfiltrate stolen data or simply go out to try to pull more threats into the organization and here’s where your application control and IP reputation controls may be able to identify and stop a connection to a command & control center. But if it doesn’t (maybe because the traffic was encrypted) your organization is breached.
Here’s how the addition of sandboxing changes the protection game in an enterprise.
It’s still a very good idea to have all those traditional preventative techniques in place. They are the fastest, most efficient way to prevent attacks from ever getting into your organization. However, by adding sandbox to back up these techniques you now have the chance to catch all those threats that can slip by because it is unknown by your preventative techniques such as antispam, IPS, AV, etc.
And once your sandbox has analyzed a threat, you get useful insights that can be used to mitigate the threat. Both by remediating any exposure to it you may have had and by using that new threat intelligence to improve the preventative technologies you have in place.
Flags suspicious (or high risk) objects within network traffic for more inspection
Runs objects in a secure virtual environment, analyzing system, site, communication and download activity
Provides a low, medium or high risk rating, leveraging packaged FortiGuard expertise
Uncovers threat lifecycle information for remediation and updated protection
Allows for information sharing with FortiGuard experts and global intelligence network
Fortinet’s FortiOS network security platform provides the foundation for the Advanced Threat Protection Framework, while the deep security expertise of its FortiGuard Labs pervades the framework:
Highlights
Top performance (Ixia, NSS Labs) firewall appliance platforms for access control of high performance networks
Top-rated (NSS Labs, Virus Bulletin, AV Comparatives), real-world threat prevention
Top-rated (NSS Labs), real-world threat detection- 99% effectiveness for breach detection
Leading security expertise (140+ zero-day discovers) to speed incident response and underpin the entire Framework
A broad range of partners who contribute to the continuous monitoring and improvement of security
You have your choice of platform for FortiSandbox. It is available as a physical or virtual appliance. There are two physical appliance options, the 1000D with 8 VMs and the 3000D with 28 VMs, and the highly flexible virtual appliance that scales from a few as 2 VMs up to 56 VMs.
For organization that may not want to manage an on-premise solution, there is the FortiSandbox Cloud service available as an integrated option on the FortiGate.
There are pros and cons for both the cloud and appliance options.
FortiSandbox Cloud may easier to add to an existing FortiGate installation. It can process an unlimited number of files/hour but because it is a cloud service it may introduce some latency. The cloud service is only available as an integrated solution with FortiGate.
FortiSandbox Appliances may deliver results faster and they don’t send files to the cloud for analysis but they also require some additional hardware management and have limits on the number of files they can process per hour. Appliances can be deployed as standalone solutions, in a lab for on-demand analysis or as an integrated solution with FortiGate.
Fortinet believes it benefits customers to give them the flexibility to choose the platform they want.
However, sandboxing is resource and time intensive. It takes time to let a file run so you can analyze its behavior.
Fortinet’s FortiSandbox solution is architected to optimize both security effectiveness and speed to results. It is not simply a sandbox, it uses a multi step approach to evaluate and analyze objects, starting with the most efficient technologies and stepping up to more resource intensive approaches as needed.
FortiSandbox goes through 5 steps.
Step 1: objects are run though Fortinet’s top-rated AV engine. This AV prefilter uses a larger, more extended threat database from FortiGuard Labs in order to catch more variants and older variants of malware.
Step 2: FortiSandbox performs a cloud query to see if this file has been previously identified (in some systems this is referred to as a file reputation check)
Step 3: the code is put through a simulator and Fortinet’s patented Compact Pattern Recognition Language is used to analyze the code to see if any malicious or suspicious patterns can be identified
Steps 1 through 3 are typically performed in just a few seconds. On average these three steps are able to identify over 60% of threats.
Step 4: the code is placed in a full virtual sandbox environment and allowed to run. The behavior lifecycle of the code is observed and if the object is malicious, it will expose itself.
Step 5: The activity in the sandbox is analyzed to identify if it is malicious or suspicious and the activity is documented. The object is assigned a risk rating and is then reported out. New findings from this analysis can be shared with FortiGuard Labs in order to create new security updates in order to improve the extended FortiGuard security ecosystem.
Fortinet also participates in NSS Labs testing for NGFW and Breach Detection Systems. These are the results of the Breach Detection Systems industry tests in 2014. As you can see in the chart, Fortinet tested high for effectiveness and well for performance and value, detecting 99% of threats and delivering results in under 1 minute the majority of the time. The vertical axis shows the security effectiveness results from the test and the horizontal axis shows the performance/value results. Fortinet’s FortiSandbox fell into the upper right quadrant in results and thus earned a Recommended rating from NSS Labs.
Left box
Label FortiClient
Label the different sandbox icons Physical Virtual Cloud and leave ‘FortiSandbox’ below them
Delete “All modules communicate” and related icon. Make TimeToProtect bigger, centered more
By implementing an Advanced Threat Protection Framework the process of learning, remediating and improving security follows a natural flow.
In the Detection and Analysis phase the sandbox identifies suspicious threat activities such as privilege modification and file creation or deletion as well as known malicious behavior such as initiated network traffic or DNS queries. The sandbox can learn details from its analysis in form of file names, URLs, IP addresses and more that can be used in remediation and added to security updates.
With the details of a threat attack, including its source and destination from FortiSandbox, it is much easier to instigate immediate remediation activities such as blocking an email sender IP from sending more messages to employees, preventing communications with known command & control addresses, and to quarantine compromised devices within the network to prevent the spread of malware.
Finally, the threat information learned by the sandbox has multiple uses. Malicious IP addresses and URLs identified can be added to web filtering and IP reputation lists. File characteristics can be used to create new IPS rules and anti-malware signatures. All this feeds into security updates to improve the protection delivered by all the solutions in the framework.
In fact, organizations looking to take a coordinate approach to combating advanced threats benefit from NSS Labs Recommended components including:
FortiGate as NGFW and NGIPS in the data center and at the edge
FortiWeb in front of external-facing web servers that often serve as entry points to the network
FortiClient for Enterprise Endpoint Protection covering users on and off the network
FortiSandbox for continuous analysis of seemingly benign objects and sites to detect the most sophisticated attacks that might slip through your defenses.