Despite huge investments in anti-virus software, next-gen firewalls, and IPS platforms, companies are still getting hacked. The new generation of advanced targeted attacks bypasses traditional defenses and put sensitive data at risk. It takes just minutes from the time an organization is compromised to the exfiltration of sensitive data. What's needed is a security solution that can detect and block data center threats while allowing easy, appropriate access to the assets essential to running your business. This presentation from Imperva and FireEye addresses data center security requirements and solutions.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
FireEye, Inc. is the leader in network malware control, dedicated to eradicating malware from the world's networks. FireEye provides the world's only malware control system designed to secure networks from targeted malware. Our solutions bring advanced network security together with state-of-the-art virtualization technology to combat crimeware and protect customer data, intellectual property and company resources, solving critical business needs without taxing your IT administration. FireEye is based in Menlo Park, CA and backed by Sequoia Capital and Norwest Venture Partners. For more details, visit http://www.fireeye.com.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Despite huge investments in anti-virus software, next-gen firewalls, and IPS platforms, companies are still getting hacked. The new generation of advanced targeted attacks bypasses traditional defenses and put sensitive data at risk. It takes just minutes from the time an organization is compromised to the exfiltration of sensitive data. What's needed is a security solution that can detect and block data center threats while allowing easy, appropriate access to the assets essential to running your business. This presentation from Imperva and FireEye addresses data center security requirements and solutions.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
Get an overview the threat groups targeting the legal and professional services industries, as well as the top 5 malware and crimewave families detected.
FireEye, Inc. is the leader in network malware control, dedicated to eradicating malware from the world's networks. FireEye provides the world's only malware control system designed to secure networks from targeted malware. Our solutions bring advanced network security together with state-of-the-art virtualization technology to combat crimeware and protect customer data, intellectual property and company resources, solving critical business needs without taxing your IT administration. FireEye is based in Menlo Park, CA and backed by Sequoia Capital and Norwest Venture Partners. For more details, visit http://www.fireeye.com.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Thousands of Security Operations Teams (SOCs) and Computer Incident Response Teams (CIRTs) use Splunk and FireEye. But many of them don't know that Splunk can be used in conjunction with FireEye’s TAP Detect offering. This session will explain how to integrate FireEye's industry-leading threat intelligence with your Splunk deployment for supercharged threat detection.
This webinar is focused on the comparison between traditional and next generation security solutions. And cover following -
• Traditional Antivirus vs. Next-Gen Security Products
• Busting Security Myths
• VirusTotal & Next-Gen AVs
• Comparison of Next-Gen Security Products
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
In 2016 alone, over 4000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them. This session will explore how a connected approach to security, one where vendors are joining forces to specifically address the data breach problem, will eliminate the silos that make it possible for breaches to happen.
“CCM Iamspe: muito mais que 2%” é o título do livro que o jornalista Sylvio Micelli lançou na abertura do VII Encontro Estadual da Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual. O evento aconteceu nos dias 24, 25 e 26 de novembro de 2010 no Anfiteatro “A” – Nemésio Bailão do Hospital do Servidor Público Estadual (HSPE) – Francisco Morato de Oliveira, no bairro do Ibirapuera, São Paulo.
Ele destaca que a publicação é um resgate histórico da CCM, ao longo de seus quase 27 anos de lutas e conquistas. “Pesquisei atas e documentos da Comissão, reuniões, seminários, encontros, conversei com representantes que me antecederam na CCM, analisei fotos e juntei tudo isso ao contexto histórico em que a Comissão foi criada e conduzida em todos estes anos”, opina.
Micelli acredita que o livro, que terá uma pequena tiragem pela Casa do Novo Autor Editora, é uma contribuição humilde com o mero intuito de preservar a memória da CCM Iamspe e de representantes que lutaram pela saúde do funcionalismo. “Não me considero um escritor. Sou apenas um jornalista que deixa este registro para que os futuros representantes saibam que, ao pisar o chão em que são realizadas nossas reuniões mensais, muita luta, dedicação e suor já passaram por ali. Não dá para termos uma visão de futuro se não respeitarmos aquilo que já foi feito. O trabalho foi desgastante, mas não menos gratificante”, analisa.
O jornalista, que preside a Comissão desde 2007, é diretor de Comunicação e vice-presidente da Associação dos Servidores Públicos do Estado de São Paulo (Assetj), além de participar de outras entidades estaduais e nacionais.
Serviço:
ISBN: 978-85-7712-185-4
TÍTULO: CCM IAMSPE: muito mais que 2%
AUTOR: Sylvio Micelli
EDIÇÃO: 1
ANO DE EDIÇÃO: 2010
LOCAL DE EDIÇÃO: SÃO PAULO
TIPO DE SUPORTE: PAPEL
PÁGINAS: 120
EDITORA: CASA DO NOVO AUTOR
Dados Internacionais de Catalogação na Publicação (CIP)
(Câmara Brasileira do Livro, SP, Brasil)
Micelli, Sylvio
CCM IAMSPE : muito mais que 2% / Sylvio Micelli. — São Paulo : Casa do Novo Autor Editora, 2010.
1. Assistência médica – São Paulo (SP)
2. Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual (CCM IAMSPE) – História
3. Servidores públicos – São Paulo (SP)
I. Título.10-11622 CDD-362.1209
Índices para catálogo sistemático:
1. CCM IAMSPE : Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual : História 362.1209
Thousands of Security Operations Teams (SOCs) and Computer Incident Response Teams (CIRTs) use Splunk and FireEye. But many of them don't know that Splunk can be used in conjunction with FireEye’s TAP Detect offering. This session will explain how to integrate FireEye's industry-leading threat intelligence with your Splunk deployment for supercharged threat detection.
This webinar is focused on the comparison between traditional and next generation security solutions. And cover following -
• Traditional Antivirus vs. Next-Gen Security Products
• Busting Security Myths
• VirusTotal & Next-Gen AVs
• Comparison of Next-Gen Security Products
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
In 2016 alone, over 4000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them. This session will explore how a connected approach to security, one where vendors are joining forces to specifically address the data breach problem, will eliminate the silos that make it possible for breaches to happen.
“CCM Iamspe: muito mais que 2%” é o título do livro que o jornalista Sylvio Micelli lançou na abertura do VII Encontro Estadual da Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual. O evento aconteceu nos dias 24, 25 e 26 de novembro de 2010 no Anfiteatro “A” – Nemésio Bailão do Hospital do Servidor Público Estadual (HSPE) – Francisco Morato de Oliveira, no bairro do Ibirapuera, São Paulo.
Ele destaca que a publicação é um resgate histórico da CCM, ao longo de seus quase 27 anos de lutas e conquistas. “Pesquisei atas e documentos da Comissão, reuniões, seminários, encontros, conversei com representantes que me antecederam na CCM, analisei fotos e juntei tudo isso ao contexto histórico em que a Comissão foi criada e conduzida em todos estes anos”, opina.
Micelli acredita que o livro, que terá uma pequena tiragem pela Casa do Novo Autor Editora, é uma contribuição humilde com o mero intuito de preservar a memória da CCM Iamspe e de representantes que lutaram pela saúde do funcionalismo. “Não me considero um escritor. Sou apenas um jornalista que deixa este registro para que os futuros representantes saibam que, ao pisar o chão em que são realizadas nossas reuniões mensais, muita luta, dedicação e suor já passaram por ali. Não dá para termos uma visão de futuro se não respeitarmos aquilo que já foi feito. O trabalho foi desgastante, mas não menos gratificante”, analisa.
O jornalista, que preside a Comissão desde 2007, é diretor de Comunicação e vice-presidente da Associação dos Servidores Públicos do Estado de São Paulo (Assetj), além de participar de outras entidades estaduais e nacionais.
Serviço:
ISBN: 978-85-7712-185-4
TÍTULO: CCM IAMSPE: muito mais que 2%
AUTOR: Sylvio Micelli
EDIÇÃO: 1
ANO DE EDIÇÃO: 2010
LOCAL DE EDIÇÃO: SÃO PAULO
TIPO DE SUPORTE: PAPEL
PÁGINAS: 120
EDITORA: CASA DO NOVO AUTOR
Dados Internacionais de Catalogação na Publicação (CIP)
(Câmara Brasileira do Livro, SP, Brasil)
Micelli, Sylvio
CCM IAMSPE : muito mais que 2% / Sylvio Micelli. — São Paulo : Casa do Novo Autor Editora, 2010.
1. Assistência médica – São Paulo (SP)
2. Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual (CCM IAMSPE) – História
3. Servidores públicos – São Paulo (SP)
I. Título.10-11622 CDD-362.1209
Índices para catálogo sistemático:
1. CCM IAMSPE : Comissão Consultiva Mista do Instituto de Assistência Médica ao Servidor Público Estadual : História 362.1209
Mobile Order Management and real-time analytics on SAP HANAJens Frenzel
The presentation gives you an impression how to get more from your mobile data of your work force management. The application helps customer at benchmarking their workforces or their sub-contractors. The role-based procides an user-centric view on data of workforces collected by their mobile devices. This data are merged with order data from the SAP E.CC system. This data merge improves the informative value of the key figures.
Courtney Pachucki, IT Specialist at MePush, wrote this amazing Internet hygiene presentation for users on the Web to stay safe and avoid being hacked, phished, or infected with malware. This is a basic set of guidelines to help you identify your risks on the web.
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
Sesión presentada en SG Virtual 11a. edición.
Por: Gilberto Sánchez.
En esta charla veremos ¿qué es el Penetration Testing?, ¿Porque hacerlo?, los tipos de Pen testing que existen, además veremos el pre-ataque, ataque y el post-ataque así como los estándares que existen en la actualidad..
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
The Role of Application Control in a Zero-Day RealityLumension
With end users often downloading unwanted and unknown applications, more than 1.6 million new malware signatures appearing every month and a rising tide of zero-day attacks, there is more risk to your systems and information than ever before.
Find out:
* How to defend against zero-day threats - without waiting for the latest anti-virus signatures
* Why application control / whitelisting should be a central component of your security program
* How application control has evolved to enforce effective security in dynamic environments
Beveiligingsdag SLBdiesten: 26 juni 2015
Presentatie McAfee: Leer hoe op een (kosten)efficiënte manier gebruik kunt maken van nieuwe, geïntegreerde McAfee-technologieën voor de bescherming tegen geavanceerde malware. Door Wim van Campen, Regional Vice President North & East Europe, Intel Security.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
PowerPoint Presentation On Ethical Hacking in Brief (Simple) Easy To Understand for all MCA BCA Btech Mtech and all Student who want a best powerpoint or seminar presentation on Ethical Hacking
Understanding the term hacking as any unconventional way of interacting with some system it is easy to conclude that there are enormous number of people who hacked or tried to hack someone or something. The article, as result of author research, analyses hacking from different points of view, including hacker's point of view as well as the defender's point of view. Here are discussed questions like: Who are the hackers? Why do people hack? Law aspects of hacking, as well as some economic issues connected with hacking. At the end, some questions about victim protection are discussed together with the weakness that hackers can use for their own protection. The aim of the article is to make readers familiar with the possible risks of hacker's attacks on the mobile phones and on possible attacks in the announced food of the internet of things (next IoT) devices
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2. solutions for demanding business
FireEye – Advance Threat Protection
Dane Hinić
Senior Consultant
dane.hinic@asseco-see.rs
3. solutions for demanding business
3
Traditional Security Solutions
IPS
Attack-signature based
detection, shallow
application
analysis, high-false
positives, no visibility
into advanced
attack lifecycle
Secure Web
Gateways
Some analysis of script-
based
malware, AV, IP/URL
filtering; ineffective vs.
advanced targeted
attacks
Desktop AV
Signature-based
detection (some
behavioral); ineffective
vs. advanced targeted
attacks
Anti-Spam
Gateways
Relies largely
on antivirus, signature-
based detection (some
behavioral); no true
spear phishing
protection
Firewalls/NGFW
Block IP/port
connections, applicatio
n-level control, no
visibility
Despite all this technology 95% of
organizations are compromised
4. solutions for demanding business
Multi-Staged Cyber Attack
Exploit Detection is Critical All Subsequent
Stages can be Hidden or Obfuscated
1
Callback Server
IPSFile Share 2
File Share 1
Exploit Server
5
32
4
1. Exploitation of System
2. Malware Executable Download
3. Callbacks and Control Established
4. Lateral Spread
5. Data Exfiltration
Firewall
4
5. solutions for demanding business
What Is An Exploit?
Compromised webpage
with exploit object
1. Exploit object rendered by vulnerable
software
2. Exploit injects code into running
program memory
3. Control transfers to exploit code
Exploit object can be in
ANY web page
An exploit is NOT the same as
the malware executable file!
5
6. solutions for demanding business
Structure of a Multi-Flow APT Attack
Exploit Server
Embedded
Exploit Alters
Endpoint
1
6
7. solutions for demanding business
Structure of a Multi-Flow APT Attack
Callback ServerExploit Server
Embedded
Exploit Alters
Endpoint
1 Callback2
7
8. solutions for demanding business
Structure of a Multi-Flow APT Attack
Callback ServerExploit Server Encrypted Malware
Embedded
Exploit Alters
Endpoint
1 Callback2
Encrypted
malware
downloads
3
8
9. solutions for demanding business
Structure of a Multi-Flow APT Attack
Callback ServerExploit Server Encrypted Malware Command and
Control Server
Embedded
Exploit Alters
Endpoint
1 Callback2
Encrypted
malware
downloads
3
Callback
and data
exfiltration
4
9
10. solutions for demanding business
FireEye’s Technology: State of the Art Detection
CORRELATEANALYZE
( 5 0 0 , 0 0 0 O B J E C T S / H O U R )
Within VMs
Across VMs
Cross-enterprise
Network
Email
Mobile
Files
Exploit
Callback
Malware
Download
Lateral
Transfer
Exfiltration
DETONATE
10
11. solutions for demanding business
Who detected the attack first?
(Detections by month)
0
5000
10000
15000
20000
25000
30000
07/13 08/13 09/13 10/13 11/13 12/13
FireEye found First
Detected by vendor in VirusTotal
11
12. Industry: Government (Federal)
Top APT Business Impact
Backdoor.APT.
Houdini(25%)
Loss of sensitive information. Houdini is
believed to be the developer’s name of VBS-
based RAT known to target international energy
industry and take part in spammed email
campaign.
Top Crimeware Business Impact
Malware.Archive
(68%)
Malware is discovered inside archive file (ZIP,
RAR)
Malware.Binary (52%) Loss of sensitive financial information, e.g.
credit card, banking login
FireEye PoV
Customers
Compromised HadAPT
31 100% 39%
0.39 2.63
11058.1
11046.3
303.06
4939
Web
Exploit
Malware
Download
Unique
Malware
Unique
Callback
Impacted
Hosts
164.75
13.95
350.44
352.55
MaxAverage(Per Week)
13. Industry: High-Tech
Top APT Business Impact
Backdoor.APT.
Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of
intellectual property, trade secret, and sensitive
internal communication.Backdoor.APT.
DarkComet (40%)
Top Crimeware Business Impact
Malware.Binary (67%) Never-seen-before malware. Signature based
protection defenseless.
Exploit.Kit.Neutrino
(67%)
Infection with several types of malware that
steal credentials or restrict access to computer
and demands ransom.
FireEye PoV
Customers
Compromised HadAPT
18 100% 28%
1.46 8.66
41486.9
43022.5
86.92
3011.14
Web
Exploit
Malware
Download
Unique
Malware
Unique
Callback
Impacted
Hosts
198.9
12.9
2708.9
2629.8
MaxAverage(Per Week)
14. Industry: Financial
Top APT Business Impact
Backdoor.APT.Houdini
(29%)
Loss of sensitive information. Houdini is
believed to be the developer’s name of VBS-
based RAT known to target international energy
industry and take part in spammed email
campaign.
Top Crimeware Business Impact
Exploit.Browser (66%) An attempt to compromise endpoint by
exploiting vulnerability in the Web browser. If
successful, attacker can install and execute
malicious software without end users consent.
Exploit.Kit.Neutrino
(54%)
Infection with several types of malware that
steal credentials or restrict access to computer
and demand ransom.
FireEye PoV
Customers
Compromised HadAPT
71 99% 10%
0.78 5.68
1602.83
1405.78
174.1
3183.1
Web
Exploit
Malware
Download
Unique
Malware
Unique
Callback
Impacted
Hosts
90.48
6.26
24.21
34.85
MaxAverage(Per Week)
15. Industry: Services / Consulting / VAR
Top APT Business Impact
Backdoor.APT.XtremeRA
T (50%)
Being victim of common RATs capabilities
including key logging, screen capturing, video
capturing, file transfers, system administration,
password theft, and traffic relaying.
Top Crimeware Business Impact
Exploit.Browser (53%) An attempt to compromise endpoint by
exploiting vulnerability in the Web browser. If
successful, attacker can install and execute
malicious software without end users consent.
Malware.Archive (53%) Malware is discovered inside archive file (ZIP,
RAR)
FireEye PoV
Customers
Compromised HadAPT
19 100% 11%
1.75 20.77
83.06
52.15
151.15
187.85
Web
Exploit
Malware
Download
Unique
Malware
Unique
Callback
Impacted
Hosts
18.05
12.23
5.57
13.34
MaxAverage(Per Week)
16. solutions for demanding business
FireEye Product Portfolio
SEG IPS SWG
IPS
MDM
Host
Anti-virus
Host
Anti-virus
MVX
Threat
Analytics
Platform
Mobile Threat
PreventionEmail Threat
Prevention
DynamicThreat
Intelligence
NetworkThreat
Prevention
ContentThreat
Prevention
MobileThreat
Prevention
EndpointThreat
Prevention
EmailThreat
Prevention
Note:Threats @ perimeter – Network Threat Prevention PlatformData Center – Content Threat Prevention Platform for latent malwareObviously many people are now bringing in mobile devices… with Mobile Threat Prevention, we are able to leverage MVX to now analyze the new class of threats – threats via mobile apps. E.g. apps stealing contacts via mobile apps, which provides the attacker the email information (and legally valid sources) for the next stage of attackOn the endpoint, Mandiant brings us the MSO product, which will be rebranded into the FireEye platform as the Endpoint Threat Prevention PlatformFinally, we have the Email threat Prevention Platform for the spearphishing attacks that attackers use to penetrate organizations.The Threat Analytics Platform is a new product for analyzing advanced threats using a combination of of event logs and security device logs with homegrown threat intelligence from FireEye.