Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Breaking The Cyber Attack Lifecycle @ Every Step Jamel Lassoued Senior Systems Engineer [email protected] Palo Alto Networks at-a-glance CORPORATE HIGHLIGHTS • Founded in 2005; first customer shipment in 2007 • Safely enabling applications and preventing cyber threats • Able to address all enterprise cybersecurity needs $MM 26,000 24,000 $1,000 $928 20,000 19,000 $800 • Exceptional ability to support global customers • Experienced team of 3,000+ employees ENTERPRISE CUSTOMERS REVENUES $598 16,000 13,500 $600 $396 • Q4 FY15: $283.9M revenue 12,000 9,000 $400 $255 8,000 $119 $200 $13 $49 4,700 4,000 $0 FY09 FY10 FY11 FY12 FY13 FY14 FY15 0 Jul-11 Jul-12 Jul-13 Jul-14 Jul-15 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. Palo Alto Networks : la reconnaissance du marché 3 | © 2016, Palo Alto Networks. Confidential and Proprietary. Tectonic shifts create the perfect storm Cloud + SaaS Social + consumerization Massive opportunity for cyber criminals Mobile + BYOD Cloud + virtualization Enterprise’ Ever-Evolving Challenge & Constraints Minimize Business Risks from Cybersecurity Support IT Initiatives Assets, Operations Product, Services IP, Reputation Stay Current with New Consumption Models Private Cloud Data Center Consolidation Mergers and Acquisitions Virtualized Data Centers Cost Control Cloud Computing, SaaS, IaaS… Outsourcing Support Business Priorities Dealing with BYOD Challenges Enable Compliance to Regulations A New Threat Landscape Advanced threat Commodity threats Organized cybercrime Nation state (very common, easily identified) (More customized exploits and malware) (Very targeted, persistent, creative) Mostly addressed by traditional AV and IPS Somewhat more sophisticated payloads Low sophistication, slowly changing Evasion techniques often employed Machine vs. machine Intelligent and continuous monitoring of passive network-based and host-based sensors Comprehensive investigation after an indicator is found Highly coordinated response is required for effective prevention and remediation Sandboxing and other smart detection often required Malware trends Actual new malware every < 3 seconds After…. 1 minute = 2,021 instances 15 minutes = 9,864 instances 30 minutes = 45,457 instances Today Security Infrastructure… Best of Breed Products Staffing and time to market Operations Accuracy Internet FW Network Your investment in SIEM for normalisation of disparate solutions or as strategic asset to help break the Attack Lifecycle? The Cyber attack Lifecycle Gather intelligence Plan the attack Exploit Deliver malware C2 Steal data Silent infection Malicious file delivered Malware communicates with attacker High-value intellectual property stolen Breaking the Attack Lifecycle at Multiple Points 1. Segment your network with a “zero-trust” model as the foundation for defense Only allow content to be accessed By a limited and identifiable set of users Through a well-defined set of applications Blocking everything else 2. Block all known threats: Threat Prevention would have identified and stopped parts of the attack Across known vulnerability exploits, malware, URLs, DNS queries And command-and-control activity 3. Identify and block all unknown threats: Using the Sandboxing Solution Using Behavioral characteristics such as Communicating over often-abused ports (139 or 445) Using WebDev to share information, Changing the security settings of Internet Explorer Modifying Windows registries and many more 10 | ©2013, Palo Alto Networks. Confidential and Proprietary. Breaking the Lifecycle at Every Possible Step 1 Bait the end-user 2 3 4 Exploit Download Backdoor Command/Control App-ID Block high-risk apps Block C2 on open ports URL Block known malware sites Block fast-flux, bad domains IPS Block the exploit Spyware AV Block spyware, C2 traffic Block malware Files Prevent driveby-downloads Unknown Threats Detect 0-day malware 11 | ©2012, Palo Alto Networks. Confidential and Proprietary. Block new C2 traffic A New Breed of Malware % Malware Without Anti-Virus Coverage 100% 64% of malware found by Sandbox are not covered by traditional AV at time of detection 80% 40% of malware still not covered after 7 days 60% 40% 20% 0% Day 0 Day 1 12 | ©2012, Palo Alto Networks. Confidential and Proprietary. Day 2 Day 3 Day 4 Day 5 Day 6 Day 7 Turning the Unknown into Known Rapid, global sharing Identify & control Prevent known threats Detect unknown threats All applications Scans ALL applications (including SSL traffic) to secure all avenues in/out of a network, reduce the attack surface area, and provide context for forensics Prevents attacks across ALL attack vectors (exploit, malware, DNS, command & control, and URL) with content-based signatures Detects zero day malware & exploits using public/private cloud and automatically creates signatures for global customer base Integrated = More Than the Sum of It’s Parts Non-standard ports Port-hopping Attack Vulnerability exploits (IPS) SSLsurface & SSH Malware Bad web sites Bad domains C&C Unknown applications Suspicious file types / websites Global Intelligence Bit9 Splunk More to come Malware intelligence Forensics Apply positive controls Prevent known threats Detect unknown threats Centralised Management Validate attack Remediate Enterprise-wide Policy Summary Evolution of your Network Security It’s a new Threat Landscape Need for an integrated approach Traditional solutions no longer suffice Focus on breaking the Attack Lifecycle, not just on the pointattack 15 | ©2013, Palo Alto Networks. Confidential and Proprietary. 16 | ©2012, Palo Alto Networks. Confidential and Proprietary.