SlideShare a Scribd company logo

Advanced Persistent Threats Cutting Through The Hype

Symantec
Symantec
TechnologyBusiness
1 of 20
Advanced Persistent Threats: Cutting Through the Hype Kevin Rowney Director, Breach Response 1
Listen to Reason Advanced Persistent Threats: Cutting Through the Hype 2
Context: Key Security Trends Challenging Strategic Evolving Increasing Threat Importance of Infrastructure Complexity Landscape Information Advanced Persistent Threats: Cutting Through the Hype 3
Why APTs Are Getting Attention Now Adversaries are evolving Attack surface Private is growing now public Advanced Persistent Threats: Cutting Through the Hype 4
Getting it Straight: Definition of an APT • Active, targeted, long-term campaign • Tries to remain in place & undetected for extended period What is an • Includes multiple “kill chains” in parallel to ensure success Advanced • Mutates and adapts to evade detection Persistent • Well organized and resourced Threat? • An individual attack (drive-by-download, SQL injection) What isn’t • Smash & grab cybercriminal op for mere financial gain an Advanced • Run of the mill malware infection Persistent Threat? Advanced Persistent Threats: Cutting Through the Hype 5
How Are Targeted Attacks and APTs Related? An APT is always a targeted attack, but… Targeted Attacks a targeted attack is not necessarily an APT Targeted Attacks APTs Advanced Persistent Threats: Cutting Through the Hype 6
Why Should You Care About APTs? Information is power • It can have strategic value to nation states • Can have immense financial value to your adversaries APT’s are very real and quite serious • Means of attack via APT have advanced considerably • Even if you are not a target, you need to understand them You need to reconsider security protections now in place • Today’s APT technique is tomorrow’s standard practice • Must look at reinforcements to defense-in-depth now Advanced Persistent Threats: Cutting Through the Hype 7
How They Work: Advanced Persistent Threats 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks into the Hacker then maps Accesses data on Data sent to enemy’s network by delivering organization’s defenses unprotected systems “home base” for analysis targeted malware to from the inside and further vulnerable systems and Installs malware to exploitation/fraud employees Creates a battle plan secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 8 8
Key Differences: Incursion 1 Goal: Establish beach head for campaign APT Methods: •Reconnaissance using non-public resources •Innovative social engineering •Exploit 0-day vulnerabilities •Rarely automated INCURSION Attacker breaks into the network by delivering targeted malware to vulnerable systems and employees Advanced Persistent Threats: Cutting Through the Hype 9
Key Differences: Discovery 2 Goal: Ensure kill-chain is not compromised APT Methods: •Examine infected systems •Exploit SW/HW vulnerabilities • Gather credentials & passwords •Monitor for other resources or access points • Deploy multiple parallel “kill chains” • Go “low and slow” to avoid detection DISCOVERY Hacker then maps organization’s defenses from the inside Creates a battle plan Advanced Persistent Threats: Cutting Through the Hype 10
Key Differences: Capture 3 Goals: •Long-term occupancy and/or •Disruption of physical operations •Capture of crucial data APT Methods: •Ongoing capture of data •Manual analysis of data CAPTURE Accesses data on unprotected systems Installs malware to secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 11
Key Differences: Exfiltration 4 Goal: Get valuable data back to home base APT Methods: •P2P networks •Clear text •Onion routing applications •Encryption •Steganography EXFILTRATION Data sent to enemy’s “home base” for analysis and further exploitation/fraud Advanced Persistent Threats: Cutting Through the Hype 12
APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 13
APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 14
Emerging Techniques Used by APTs • Spamming to disguise the intended target • Using off-the-shelf malware to hide real type of attack • Steganography to hide communication with C&C server • Attacking web mail accounts to avoid enterprise network • IP cloaking • Layer -1 attacks Advanced Persistent Threats: Cutting Through the Hype 15
Common Techniques Used by APTs Social Engineering Attacker http://example.com/abc.html Victim Advanced Persistent Threats: Cutting Through the Hype 16
Common Techniques Used by APTs Payload Install and Execution http://example.com/abc.html Victim Malicious Server Backdoor Program Malicious Server Confidential Information Attacker Advanced Persistent Threats: Cutting Through the Hype 17
How Big is the Problem? +3 Billion Malware Attacks in 2010 1 in 25 customer organizations have been targeted U.S. Cyberwarfare Doctrine is under development Sources: Symantec Internet Security Threat Report, 2011 Message Labs Intelligence Report, 2011 Foreign Policy Magazine, May 3, 2011 Advanced Persistent Threats: Cutting Through the Hype 18
What Can You Do? Security Assessments to Reveal Gaps in Protection Data Loss Risk Vulnerability Assessment Assessment Malicious Activity Targeted Attack Assessment Assessment Advisory Services • Penetration Testing • Vulnerability Assessment • Security Program Assessment Advanced Persistent Threats: Cutting Through the Hype 19
Thank you! Kevin Rowney Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Advanced Persistent Threats: Cutting Through the Hype 20

Recommended

Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp aptJoey Hernandez
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero dayКомсс Файквэе
 
Threat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueThreat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueAvkash Kathiriya
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 

Recommended

Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp aptJoey Hernandez
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero dayКомсс Файквэе
 
Threat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueThreat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueAvkash Kathiriya
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Frode Hommedal
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot ProjectManikyala Rao
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
Southwest monsoon time_scale
Southwest monsoon time_scaleSouthwest monsoon time_scale
Southwest monsoon time_scalegangadhara rao irlapati
 
Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativodiske102
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalei-Faber S.p.A.
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXRoel van Bueren
 

More Related Content

What's hot

Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Frode Hommedal
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 

What's hot (18)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attack
 

Viewers also liked

Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativodiske102
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalei-Faber S.p.A.
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXRoel van Bueren
 
Hello. Continuous Integration
Hello. Continuous IntegrationHello. Continuous Integration
Hello. Continuous IntegrationYuki Matsumura
 
Containers technologies
Containers technologiesContainers technologies
Containers technologiesJoris Bonnefoy
 
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGWAVA
 
Makalah Transcon Rizki
Makalah Transcon RizkiMakalah Transcon Rizki
Makalah Transcon RizkiRizki Gunawan
 
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale MaffèPEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffèi-Faber S.p.A.
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Network Trapianti
 
Mussolini
MussoliniMussolini
Mussolinimatt
 
Open Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldOpen Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldGWAVA
 
Micro Focus iPrint
Micro Focus iPrintMicro Focus iPrint
Micro Focus iPrintGWAVA
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker ContainersAttila Kanto
 
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Kelan tutkimus / Research at Kela
 

Viewers also liked (20)

Southwest monsoon time_scale
Southwest monsoon time_scaleSouthwest monsoon time_scale
Southwest monsoon time_scale
 
Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativo
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globale
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppX
 
Hybrid Level 3
Hybrid Level 3Hybrid Level 3
Hybrid Level 3
 
Hello. Continuous Integration
Hello. Continuous IntegrationHello. Continuous Integration
Hello. Continuous Integration
 
Docker
DockerDocker
Docker
 
Containers technologies
Containers technologiesContainers technologies
Containers technologies
 
Timber
TimberTimber
Timber
 
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
 
Makalah Transcon Rizki
Makalah Transcon RizkiMakalah Transcon Rizki
Makalah Transcon Rizki
 
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale MaffèPEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
 
Mussolini
MussoliniMussolini
Mussolini
 
Open Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldOpen Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows world
 
Micro Focus iPrint
Micro Focus iPrintMicro Focus iPrint
Micro Focus iPrint
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
 
OAuth2介紹
OAuth2介紹OAuth2介紹
OAuth2介紹
 
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
 

Similar to Advanced Persistent Threats Cutting Through The Hype

RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSForgeRock
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Michael Scovetta
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Denise Bailey
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 

Similar to Advanced Persistent Threats Cutting Through The Hype (20)

RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 

More from Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Advanced Persistent Threats Cutting Through The Hype

  • 1. Advanced Persistent Threats: Cutting Through the Hype Kevin Rowney Director, Breach Response 1
  • 2. Listen to Reason Advanced Persistent Threats: Cutting Through the Hype 2
  • 3. Context: Key Security Trends Challenging Strategic Evolving Increasing Threat Importance of Infrastructure Complexity Landscape Information Advanced Persistent Threats: Cutting Through the Hype 3
  • 4. Why APTs Are Getting Attention Now Adversaries are evolving Attack surface Private is growing now public Advanced Persistent Threats: Cutting Through the Hype 4
  • 5. Getting it Straight: Definition of an APT • Active, targeted, long-term campaign • Tries to remain in place & undetected for extended period What is an • Includes multiple “kill chains” in parallel to ensure success Advanced • Mutates and adapts to evade detection Persistent • Well organized and resourced Threat? • An individual attack (drive-by-download, SQL injection) What isn’t • Smash & grab cybercriminal op for mere financial gain an Advanced • Run of the mill malware infection Persistent Threat? Advanced Persistent Threats: Cutting Through the Hype 5
  • 6. How Are Targeted Attacks and APTs Related? An APT is always a targeted attack, but… Targeted Attacks a targeted attack is not necessarily an APT Targeted Attacks APTs Advanced Persistent Threats: Cutting Through the Hype 6
  • 7. Why Should You Care About APTs? Information is power • It can have strategic value to nation states • Can have immense financial value to your adversaries APT’s are very real and quite serious • Means of attack via APT have advanced considerably • Even if you are not a target, you need to understand them You need to reconsider security protections now in place • Today’s APT technique is tomorrow’s standard practice • Must look at reinforcements to defense-in-depth now Advanced Persistent Threats: Cutting Through the Hype 7
  • 8. How They Work: Advanced Persistent Threats 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks into the Hacker then maps Accesses data on Data sent to enemy’s network by delivering organization’s defenses unprotected systems “home base” for analysis targeted malware to from the inside and further vulnerable systems and Installs malware to exploitation/fraud employees Creates a battle plan secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 8 8
  • 9. Key Differences: Incursion 1 Goal: Establish beach head for campaign APT Methods: •Reconnaissance using non-public resources •Innovative social engineering •Exploit 0-day vulnerabilities •Rarely automated INCURSION Attacker breaks into the network by delivering targeted malware to vulnerable systems and employees Advanced Persistent Threats: Cutting Through the Hype 9
  • 10. Key Differences: Discovery 2 Goal: Ensure kill-chain is not compromised APT Methods: •Examine infected systems •Exploit SW/HW vulnerabilities • Gather credentials & passwords •Monitor for other resources or access points • Deploy multiple parallel “kill chains” • Go “low and slow” to avoid detection DISCOVERY Hacker then maps organization’s defenses from the inside Creates a battle plan Advanced Persistent Threats: Cutting Through the Hype 10
  • 11. Key Differences: Capture 3 Goals: •Long-term occupancy and/or •Disruption of physical operations •Capture of crucial data APT Methods: •Ongoing capture of data •Manual analysis of data CAPTURE Accesses data on unprotected systems Installs malware to secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 11
  • 12. Key Differences: Exfiltration 4 Goal: Get valuable data back to home base APT Methods: •P2P networks •Clear text •Onion routing applications •Encryption •Steganography EXFILTRATION Data sent to enemy’s “home base” for analysis and further exploitation/fraud Advanced Persistent Threats: Cutting Through the Hype 12
  • 13. APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 13
  • 14. APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 14
  • 15. Emerging Techniques Used by APTs • Spamming to disguise the intended target • Using off-the-shelf malware to hide real type of attack • Steganography to hide communication with C&C server • Attacking web mail accounts to avoid enterprise network • IP cloaking • Layer -1 attacks Advanced Persistent Threats: Cutting Through the Hype 15
  • 16. Common Techniques Used by APTs Social Engineering Attacker http://example.com/abc.html Victim Advanced Persistent Threats: Cutting Through the Hype 16
  • 17. Common Techniques Used by APTs Payload Install and Execution http://example.com/abc.html Victim Malicious Server Backdoor Program Malicious Server Confidential Information Attacker Advanced Persistent Threats: Cutting Through the Hype 17
  • 18. How Big is the Problem? +3 Billion Malware Attacks in 2010 1 in 25 customer organizations have been targeted U.S. Cyberwarfare Doctrine is under development Sources: Symantec Internet Security Threat Report, 2011 Message Labs Intelligence Report, 2011 Foreign Policy Magazine, May 3, 2011 Advanced Persistent Threats: Cutting Through the Hype 18
  • 19. What Can You Do? Security Assessments to Reveal Gaps in Protection Data Loss Risk Vulnerability Assessment Assessment Malicious Activity Targeted Attack Assessment Assessment Advisory Services • Penetration Testing • Vulnerability Assessment • Security Program Assessment Advanced Persistent Threats: Cutting Through the Hype 19
  • 20. Thank you! Kevin Rowney Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Advanced Persistent Threats: Cutting Through the Hype 20