Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Similar documents
Trend Micro Deep Discovery and Custom Defence

Copyright 2011 Trend Micro Inc.

South Korea Cyber-attack Heightens Changes in Threat Landscape. Richard Sheng Sr. Director, Enterprise Security, Asia Pacific

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Maximum Security with Minimum Impact : Going Beyond Next Gen

Building Resilience in a Digital Enterprise

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Securing the Modern Data Center with Trend Micro Deep Security

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Agile Security Solutions

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

TREND MICRO SMART PROTECTION SUITES

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Trend Micro and IBM Security QRadar SIEM

Automated Threat Management - in Real Time. Vectra Networks

Security by Default: Enabling Transformation Through Cyber Resilience

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Security Information & Event Management (SIEM)

Stopping Advanced Persistent Threats In Cloud and DataCenters

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

TREND MICRO SMART PROTECTION SUITES

Dynamic Datacenter Security Solidex, November 2009

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

THE ACCENTURE CYBER DEFENSE SOLUTION

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

SYMANTEC DATA CENTER SECURITY

Seceon s Open Threat Management software

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

RSA NetWitness Suite Respond in Minutes, Not Months

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

AT&T Endpoint Security

Commercial Product Matrix

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Prevent and Detect Malware with Symantec Advanced Threat Protection: Network

May the (IBM) X-Force Be With You

Cisco Firepower NGFW. Anticipate, block, and respond to threats

trend micro smart Protection suites

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Automating the Top 20 CIS Critical Security Controls

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

RSA Security Analytics

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

Un SOC avanzato per una efficace risposta al cybercrime

Symantec Advanced Threat Protection: Endpoint

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Compare Security Analytics Solutions

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

McAfee Advanced Threat Defense

Trend Micro Deep Discovery Training for Certified Professionals

Cisco Firepower NGFW. Anticipate, block, and respond to threats

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

INFINIT Y TOTAL PROTECTION

CloudSOC and Security.cloud for Microsoft Office 365

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

The Evolution of Data Center Security, Risk and Compliance

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

with Advanced Protection

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Network Security Protection Alternatives for the Cloud

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

locuz.com SOC Services

Securing Your Amazon Web Services Virtual Networks

RSA INCIDENT RESPONSE SERVICES

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Transforming Security from Defense in Depth to Comprehensive Security Assurance

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Combating Cyber Risk in the Supply Chain

Datacenter Security: Protection Beyond OS LifeCycle

The Evolution of : Continuous Advanced Threat Protection

Symantec Security Monitoring Services

10 FOCUS AREAS FOR BREACH PREVENTION

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The Internet of Everything is changing Everything

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Transcription:

Combating APTs with the Custom Defense Solution Hans Liljedahl Peter Szendröi

RSA Attack Overview : 1. Two spear phishing emails were sent over a two-day period targeted at low to mid- xls attachment with the same title. 2. xls file contained an exploit through an Adobe Flash zero-day vulnerability that installed a backdoor using a Poison Ivy RAT variant set in a reverse-connect mode. 3. Attackers moved laterally to identify users with more access and admin rights to relevant services and servers of interest. 4. Access was then established to staging servers at key aggregation points. 5. Data of interest was moved to the internal staging servers, aggregated, compressed, and encrypted for extraction. 6. FTP was then used to transfer password protected RAR files to a compromised machine at a hosting provider. 7. Files were subsequently removed from the host to cover up traces of the attack.

Telenor- Norway 3

DigiNotar Attack Overview : 1. Attacker located compromised network access and Web servers in external DMZ were breached. 2. Diginotar used a highly segmented, ringed network defense methodology to protect its eight CA servers, and attackers. methodically compromised one ring at a time to gain access. 3. With access to the CA servers, more than 531 (identified) rogue certificates were issued. external IP server, using a proxy tunneling tool. 5. 300.000 Iranian Gmail accounts spyed on. 6. DigiNotar filed for bankruptcy in a Netherland court.

Analysts and Influencers Urge Action Adoption of Advanced Threat Detection "You need to know what's accessing the data, how the data's being used, and what's happening on your network." John Kindervag Principal Analyst Serving Security & Risk Professionals Forrester Research, Inc. "We must assume we will be compromised and must have better detection capabilities in place that provide visibility as to when this type of breach occurs." Neil MacDonald VP and Gartner Fellow Gartner, Inc. "Hardening existing security defenses... won't be enough to deal with the sophistication and perseverance of APTs." Jon Oltsik Senior Principal Analyst, Enterprise Strategy Group

Trend Micro What We Do How We Do It Who We Are Recognized global leader in server, virtualization and cloud security Innovative security solutions Protecting the exchange of digital information for businesses and consumers 1,200 threats experts in 12 TrendLabs locations around the globe; 1492 R&D engineers $400M USD and 500 engineers invested over last 4 years to develop cloud-related solutions Global Threat Intelligence Eva Chen: CEO and Founder Co-founded: 1988 Offices: 36 Global Employees: 4942 Revenue: $1.2B USD Cash Assets: $900M USD Operating Income: $330M USD Headquarters: Tokyo Trend Micro is the largest independent security provider Protecting 48 of 50 top global corporations

Trend Micro Our Personal Journey to the Cloud Smart Protection Network Mobility Virtualization Cloud Computing Industry Leading Solutions Build on 25 Year History of Innovation Dedicated Focus on Security

GLOBAL SENSORNET Collects EMAIL REPUTATION WEB REPUTATION FILE REPUTATION Identifies Protects VULNERABILITIES/ EXPLOITS MOBILE APP REPUTATION NETWORK TRAFFIC RULES WHITELISTING

Daily Statistics: GLOBAL THREAT INTELLIGENCE 1.15B t Collects Identifies Mobile Protects Cloud Android, ios, Symbian Physical Virtual Private, Hybrid & Public Cloud Windows / Linux / Solaris Desktop & Server Virtualization

Evolution of Security Cloud Cloud-Era Security Business Flexibility Virtualization Mobility Integrated & Flexible Threat & Data Protection Network and Security Evolution / Time

11

We see the TIP of the APT ICEBERG Attacks in the News 99 % Unreported* APTs Cyber Espionage Targeted Attacks Cyber Threats * Former CIO of US Dept of Justice

The Reality One new threat created every second 1 A cyber intrusion happens every 5 minutes 2 Over 90% of enterprises have malware 1 Almost 75% have one or more bots 1 Sources: 1: Trend Micro, 2012, 2: US-Cert 2012

Internet Firewall Anti-malware IDS / IPS DMZ Mission Critical Servers IaaS Data in motion Social Media Virtualization and Cloud Traditional defenses bypassed by low and slow attacks Endpoints SaaS

IaaS Internet Firewall Anti-malware IDS / IPS DMZ Mission Critical Servers Customized to Attack Your Defenses Endpoints SaaS

Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest can go undetected for months! Moves laterally across network seeking data of interest Employees

Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest can go undetected for months! Moves laterally across network seeking data of interest Employees

Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest can go undetected for months! Moves laterally across network seeking data of interest Employees A Custom Attack NEEDS a Security Custom Defense! Network Admin

The Custom Defense A complete lifecycle to combat the attacks that matter to you Detect Specialized threat detection capability on the network and protection points Analyze Deep local analysis with custom sandboxing and custom global intel to fully assess threats Adapt Custom security blacklists & signatures block further attack at network, gateway, endpoints Respond Attack profiles and network-wide event intelligence guide rapid containment & remediation

The Custom Defense In Action Adaptive Protection for All Trend Products Network Endpoint Security Deep Discovery Inspector Server Security OfficeScan Messaging Security Threat Analyzer Threat Intelligence Center Security Update Server Deep Discovery Advisor Deep Security Web Security (Gateway) SMEX / SMLD IMSVA (Mail Server, Gateway) IP/Domain blacklist updates AV signature updates SIEM Integration IWSVA

Deep Discovery The custom detection, intelligence and response capabilities you need to deploy a Custom Defense against the APTs & targeted attacks that matter to you Deep Discovery Advisor Deep Discovery Inspector Network traffic inspection Custom threat detection Real-time analysis & reporting Custom scalable threat simulation Deep investigation & analysis Adaptive Protection against attack Visibility Insight Control

Deep Discovery Inspector Advanced Threat Protection Across the Attack Sequence Malicious Content Suspect Communication Attacker Behavior

Actionable Intelligence Visibility Real-time Dashboards Insight Risk-based Analysis Action Remediation Intelligence Watch List GeoPlotting Alerts, Reports, Evidence Gathering Threat Connect Deep Analysis Identify Attack Behavior & Reduce False Positives Simulate Correlate Detect Malicious Content and Communication Real-Time Inspection Analyze Out of band network data feed of all network traffic

Deep Discovery Advisor Threat Analyzer In-depth threat simulation & analysis Custom sandbox execution environments 24 Sandboxes per unit Scalable to 50,000 samples/day Integration with Deep Discovery Inspector Open, automated and manual submission Threat Intelligence Center In-depth analysis of incidents & events Risk-focused monitoring & investigation Trend Micro & open security event collection Context-relevant actionable intelligence Deep Discovery Inspector centralised reporting Security Update Server IP/URL blacklist export Custom security signature updates (future) Threat Analyzer Threat Intelligence Center Security Update Server Deep Discovery Advisor Custom scalable threat simulation Deep investigation & analysis Actionable intelligence & results Supports clustering of up to 5 units for analysing up to 50,000 samples/day

Deep Discovery Functionality Summary Functionality Deep Discovery Inspector Deep Discovery Advisor Network Traffic Analysis Yes No File Sandboxing + Number Yes (1) Yes (24) Hardware Appliance Option Yes (500Mbps / 1Gbps) Yes Virtual Appliance Option Yes (100,250, 500Mbps, 1Gbps) No Management / Analysis interface Yes Yes Threat Connect Yes Yes Threat Investigation Centre No Yes Reporting / Analysis Consolidation No Yes Integration with other Trend Solutions No Yes Clustering No Yes

Single Appliance Monitors 80+ different protocols across multiple ports Tailors sandboxes to your environment Analyzes with Global Threat Intelligence Handles BYOD, complex environments Beyond Microsoft, mobile devices, laptops, Mac, and virtualization

Recognize & Respond to APTs Deep Discovery Inspector Internet Firewall Anti-malware IDS / IPS DMZ High Severity Malicious Content Intended attack Mission Critical Servers Step by step threat event sequence Threat behavior Endpoints IaaS Single Appliance Detects attacks using 80+ Protocols Detonates in Sandbox tailored to your environment Analyzes based on Global Threat Intelligence Adapts security and Responds to threats to your unique environment including BYOD Improves Your Defenses with Custom Defense

Over 600 Enterprise & Government Customers Medical Center of Central Georgia Protecting medical devices and the hospital operations Network-wide visibility, control and confidence 2 nd largest hospital in Georgia for itself. In the first 48 hours, this tool detected viruses on

Next Steps 2 Week Risk Assessment Where You Have Been Targeted? Monitor Your Network Review Results Produce Report What We Have Seen? 90% have active malicious malware Malware on Hospital CFO PC identified in 30 minutes Brazil Agency detected 11K security issues in 2 week POC Major television station discovered cross-site scripting (XSS) and malware in 10 minutes!

31 Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback