Download Actors behind advanced threats - Med-IT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Types of artificial neural networks wikipedia , lookup

Computer security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Transcript 
Breaking The Cyber Attack Lifecycle
@ Every Step
Jamel Lassoued
Senior Systems Engineer
[email protected]
Palo Alto Networks at-a-glance
CORPORATE HIGHLIGHTS
• Founded in 2005; first customer
shipment in 2007
• Safely enabling applications and
preventing cyber threats
• Able to address all enterprise
cybersecurity needs
$MM
26,000
24,000
$1,000
$928
20,000
19,000
$800
• Exceptional ability to support global
customers
• Experienced team of 3,000+ employees
ENTERPRISE CUSTOMERS
REVENUES
$598
16,000
13,500
$600
$396
• Q4 FY15: $283.9M revenue
12,000
9,000
$400
$255
8,000
$119
$200
$13
$49
4,700
4,000
$0
FY09 FY10 FY11 FY12 FY13 FY14 FY15
0
Jul-11 Jul-12 Jul-13 Jul-14 Jul-15
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks : la reconnaissance du marché
3 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Tectonic shifts create the perfect storm
Cloud + SaaS
Social + consumerization
Massive opportunity
for cyber criminals
Mobile + BYOD
Cloud + virtualization
Enterprise’ Ever-Evolving Challenge & Constraints
Minimize Business Risks
from Cybersecurity
Support
IT Initiatives
Assets,
Operations
Product,
Services
IP,
Reputation
Stay Current with New
Consumption Models
Private Cloud
Data Center
Consolidation
Mergers and
Acquisitions
Virtualized Data
Centers
Cost
Control
Cloud Computing,
SaaS, IaaS…
Outsourcing
Support
Business Priorities
Dealing with BYOD
Challenges
Enable Compliance to
Regulations
A New Threat Landscape
Advanced threat
Commodity threats
Organized cybercrime
Nation state
(very common, easily identified)
(More customized exploits
and malware)
(Very targeted, persistent, creative)

Mostly addressed by
traditional AV and IPS

Somewhat more
sophisticated payloads

Low sophistication,
slowly changing

Evasion techniques
often employed

Machine vs. machine


Intelligent and
continuous monitoring of
passive network-based
and host-based sensors

Comprehensive
investigation after an
indicator is found

Highly coordinated
response is required for
effective prevention and
remediation
Sandboxing and other
smart detection often
required
Malware trends
Actual new
malware every
< 3 seconds
After….
1 minute = 2,021 instances
15 minutes = 9,864 instances
30 minutes = 45,457 instances
Today Security Infrastructure…
Best of Breed Products
 Staffing and time to market
 Operations
 Accuracy
Internet
FW
Network
Your investment in SIEM for normalisation of disparate solutions or as
strategic asset to help break the Attack Lifecycle?
The Cyber attack Lifecycle
Gather
intelligence
Plan the
attack
Exploit
Deliver malware
C2
Steal data
Silent infection
Malicious file
delivered
Malware
communicates
with attacker
High-value
intellectual
property stolen
Breaking the Attack Lifecycle at Multiple Points
1. Segment your network with a “zero-trust” model as the foundation for
defense
 Only allow content to be accessed
 By a limited and identifiable set of users
 Through a well-defined set of applications
 Blocking everything else
2. Block all known threats:
 Threat Prevention would have identified and stopped parts of the attack
 Across known vulnerability exploits, malware, URLs, DNS queries
 And command-and-control activity
3. Identify and block all unknown threats:
 Using the Sandboxing Solution
 Using Behavioral characteristics such as




Communicating over often-abused ports (139 or 445)
Using WebDev to share information,
Changing the security settings of Internet Explorer
Modifying Windows registries and many more
10 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Breaking the Lifecycle at Every Possible Step
1
Bait the end-user
2
3
4
Exploit
Download Backdoor
Command/Control
App-ID
Block high-risk
apps
Block C2 on
open ports
URL
Block known
malware sites
Block fast-flux,
bad domains
IPS
Block the
exploit
Spyware
AV
Block spyware,
C2 traffic
Block malware
Files
Prevent driveby-downloads
Unknown
Threats
Detect 0-day
malware
11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Block new C2
traffic
A New Breed of Malware
% Malware Without Anti-Virus Coverage
100%
64% of malware found by
Sandbox are not covered by
traditional AV at time of
detection
80%
40% of malware still
not covered after 7
days
60%
40%
20%
0%
Day 0
Day 1
12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
Turning the Unknown into Known
Rapid, global sharing
Identify & control
Prevent known
threats
Detect unknown
threats
All applications

Scans ALL applications (including SSL traffic) to secure all avenues in/out of
a network, reduce the attack surface area, and provide context for forensics

Prevents attacks across ALL attack vectors (exploit, malware, DNS,
command & control, and URL) with content-based signatures

Detects zero day malware & exploits using public/private cloud and
automatically creates signatures for global customer base
Integrated = More Than the Sum of It’s Parts
Non-standard
ports
Port-hopping
Attack
Vulnerability
exploits (IPS)
SSLsurface
& SSH
Malware
Bad web sites
Bad domains
C&C
Unknown
applications
Suspicious file
types / websites
Global
Intelligence
Bit9
Splunk
More to come
Malware
intelligence
Forensics
Apply
positive
controls
Prevent known
threats
Detect
unknown
threats
Centralised Management
Validate attack
Remediate
Enterprise-wide Policy
Summary
 Evolution of your Network Security
 It’s a new Threat Landscape
 Need for an integrated approach
 Traditional solutions no longer suffice
 Focus on breaking the Attack Lifecycle, not just on the pointattack
15 | ©2013, Palo Alto Networks. Confidential and Proprietary.
16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Related documents
About Target Discovery, Inc
About Target Discovery, Inc
the Presentation
the Presentation
Do you know someone may be watching you?
Do you know someone may be watching you?
slides - University of Cambridge Computer Laboratory
slides - University of Cambridge Computer Laboratory
Emsisoft Internet Security
Emsisoft Internet Security
Chapter Lectures
Chapter Lectures
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Towards a framework for Network-based Malware detection System
Towards a framework for Network-based Malware detection System
Abstract - Compassion Software Solutions
Abstract - Compassion Software Solutions
networkworld - Sift Security
networkworld - Sift Security
Malware Analysis Report - Alcatel
Malware Analysis Report - Alcatel
Internet Vulnerabilities & Criminal Activity
Internet Vulnerabilities & Criminal Activity
the Presentation
the Presentation
Web Based Attacks
Web Based Attacks
Dan A CSC 345 Term Paper
Dan A CSC 345 Term Paper
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
rethink network availability
rethink network availability
Taking Control of Advanced Threats
Taking Control of Advanced Threats
Palo Alto Networks
Palo Alto Networks
full paper - Acta Electrotechnica et Informatica
full paper - Acta Electrotechnica et Informatica
866-MxToolBox
866-MxToolBox
Malicious Software
Malicious Software