Advanced Threat Intelligence to Detect Advanced Malware Jim Deerman

Similar documents
RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

BUFFERZONE Advanced Endpoint Security

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Managed Endpoint Defense

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

FOR FINANCIAL SERVICES ORGANIZATIONS

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

BUFFERZONE Advanced Endpoint Security

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Agile Security Solutions

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

SIEM (Security Information Event Management)

Why Machine Learning is More Likely to Cure Cancer Than to Stop Malware WHITE PAPER

Automated Threat Management - in Real Time. Vectra Networks

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

2015 VORMETRIC INSIDER THREAT REPORT

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

with Advanced Protection

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Built-in functionality of CYBERQUEST

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Machine-Powered Learning for People-Centered Security

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Data Sources for Cyber Security Research

Building Resilience in a Digital Enterprise

Cyber Security Technologies

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

THREAT HUNTING REPORT

SIEM Solutions from McAfee

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

A Data-Centric Approach to Endpoint Security

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

THREAT HUNTING REPORT

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

RSA Security Analytics

External Supplier Control Obligations. Cyber Security

THE CLOUD SECURITY CHALLENGE:

Uncovering the Risk of SAP Cyber Breaches

EFFECTIVE INCIDENT RESPONSE

NEXT GENERATION SECURITY OPERATIONS CENTER

STATE OF THE NETWORK STUDY

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Incident Response Agility: Leverage the Past and Present into the Future

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

SCADA Security: How Do I Know If I ve Already Been Owned?

Defining cybersecurity.

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Enhancing Threat Intelligence Data. 05/24/2017 DC416

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Information Security Specialist. IPS effectiveness

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Advanced Malware Protection: A Buyer s Guide

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

A Simple Guide to Understanding EDR

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Vectra Cognito Automating Security Operations with AI

CYBERSECURITY RISK LOWERING CHECKLIST

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

CloudSOC and Security.cloud for Microsoft Office 365

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Threat Hunting in Modern Networks. David Biser

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

SIEM: Five Requirements that Solve the Bigger Business Issues

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

CyberArk Privileged Threat Analytics

Bringing Cybersecurity to the Boardroom Bret Arsenault

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

From Managed Security Services to the next evolution of CyberSoc Services

Reduce Your Network's Attack Surface

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Behavioral Analytics A Closer Look

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Transcription:

Advanced Threat Intelligence to Detect Advanced Malware Jim Deerman jdeerman@isc8.com

Safe Harbor Statement All statements included or incorporated by reference in these slides, other than statements or characterizations of historical fact, are forward looking. These forward looking statements include guidance we will provide on our future operating results as well as the prospects for our various businesses and the development and status of new products and technologies. These forward looking statements and our assumptions about the factors that influence them, are based on the limited information available to us at this date. Such information is subject to change, and we may not inform you when changes occur. We do not undertake any obligation to revise or update publicly any forward looking statement, except as required by law. Forward-looking statements are not guarantees of future results and are subject to risks, uncertainties and assumptions that are difficult to predict. Therefore, our actual results could differ materially and adversely from those described in statements you hear today as a result of various factors. We refer you to our current Form 10-K, subsequent Form 10-Qs and other filings with the SEC, which discuss some of the important risk factors that could contribute to such differences or otherwise affect our business, results of operations and financial condition. 2

Emergence of Modern Malware 3

Advanced Persistent Threats - Smart Bombs of the Cyber World 4

Cyber Kill Chain of APT 5

State of Advanced Persistent Threats (APT s) State of Advanced Persistent Threats (APT s) 416 days Median number of days that the attackers were present on a victim network BEFORE 75 million Unique examples of malware in 2012 (2), detection (1) growing at 50,000 / day 69% 59% of enterprises are certain or fairly certain that they ve been the target of an APT (3) of APT victims are NOTIFIED BY AN EXTERNAL ENTITY, not internal detection 6

The New Cyber Norm Stealth Well Funded Black Market Very Knowledgeable Very Shrewd Large Numbers (and Growing) Multiple Enemies in Multiple Geographies You are outnumbered & outgunned everyday 7

Finding Advanced Threats Has Become Big Data Analysis Problem What data can be used to detect the Attacker? The amount of data (logs, netflows, packet capture data, ) Finding an APT is about finding the can be massive malicious activity hidden in the Network 8

Current State of Big Data Security COLLECT LOGS TO DETECT AND TRACK SUSPICIOUS BEHAVIOR 50% 50% DON T COMMIT OR DON T KNOW HOW MUCH TIME THEY VE SPENT ANALYZING THESE LOGS By 2016, over 40% will use datasets of at least 10TB to spot security incidents Source: TrustWave Finding Big Benefits in Big Data 9

Advanced Persistent Threats Are More Than Just Malware APT s Are About The Attacker - Not Just The Attack 10

Finding an Attack is about finding the Attacker The Attacker may look like a normal User doing suspicious activities Where are the activities coming from When are the activities carried out What behaviors are not normal to the usage of the network or network segment Must look at the network as a whole, not just the perimeter What data can be used to detect the Attacker Firewall logs, IDS/IPS logs, access logs, netflow data, packet capture data, etc. In a medium to large network this can be massive amounts of data Finding ATP s has become a Big Data analysis problem 11

How does IT Security handle this Problem Is there an attack occurring? How do you know that you have been or are currently under attack? Where do you start looking? When did the attack start? How has the attacker spread malware across the network? This Big Data problem can overwhelm the IT Security of the corporation 12

Incident Detection Challenges Which of the following challenges does your organization face when it comes to incident detection? (Percent of respondents, N=257, multiple responses accepted) Lack of adequate staffing in security operations/incident response team(s) Too many false positive responses 35% 39% Incident detection depends upon too many manual processes Incident detection depends upon too many independent rtools that aen t integrated together Sophisticated security events have become too hard to detect for us My organization lacks the right level of security analysis skills needed Lack of adequate data collection/monitoring in one or more critical area Lack of proper level of tuning of our SIEM and other security tools 29% 29% 28% 28% 28% 23% 0% 10% 20% 30% 40% 50% Source: Enterprise Security Group, 2013 The security organization is understaffed and underskilled. Of those organizations adding IT staff in 2013, 36% plan to increase security headcount. 2 Unfortunately, this isn t easy ESG research indicates that 83% of enterprise organizations say it is extremely difficult or somewhat difficult to recruit/hire security 13

The Critical Need for Network-Based Security Automation Network-Based Security Automation Automation is a Force Multiplier in the Fight Against APTs and the Massive Amounts of Data Required to Detect Them 14

Next Gen High Fidelity Cyber Sensor Effective Analytics & Correlation Source : Pacific Northwest National Laboratory 15

Situational Awareness From the Network Core to the Perimeter Complete Cyber Security network protection (from the Core to the Perimeter) is the Holy Grail of Tomorrow s CISO. Whose Definition of Secure are You Using? 16

Three main trends framing the security discussion moving forward Advanced targeted attacks: The latest attack strategies use custom or dynamically generated malware for the initial breach and datagathering phase. Enterprises should employ a defense-indepth, layered approach model. Big data: Delivering risk-prioritized actionable insight will require security analytics as well as changes in information security technologies, integration methods and processes Mobile: As focus shifts from the device to the app/data, understanding the device types and how users are using them is just as important as the user identities 17

ISC8 Cyber adapt Automates the Process of Detecting APT. Provides detection of advanced malware techniques and behavior inside a network prior to harm occurring Multi-event detection over time reduces false positives Doesn t depend on patterns that require updating as new malware is detected Provides tracking of malicious activity back to infected host Malware propagation tracking High bandwidth (10Gbps+) sensors to allow monitoring internal to the network 18

19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback