SlideShare a Scribd company logo

Detect & Remediate Malware & Advanced Targeted Attacks

Imperva, profile picture
Imperva

The document discusses the evolving threat landscape of advanced targeted cyber attacks and the inadequacy of traditional security defenses against these modern threats. It emphasizes the need for an integrated approach to protect high-value applications and data, leveraging advanced detection and mitigation strategies through collaboration between FireEye and Imperva. The presentation outlines the roles of various attackers, including governments and organized crime, and suggests that a new security model is necessary to combat these sophisticated threats effectively.

Technology
Related topics:
Data Security Web Application Security
1 of 35
Downloaded 118 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Detect and Remediate Advanced Targeted Attacks Raphael Reich - Senior Director, Product Marketing, Imperva Ruby Sharma - Manager, WW Strategic Alliances, FireEye 1 © 2013 Imperva, Inc. All rights reserved. Confidential
Agenda §  The threat landscape §  Traditional defenses fall short §  Securing high-value applications and data assets §  FireEye and Imperva: focused defense for targeted attacks 2 © 2013 Imperva, Inc. All rights reserved. Confidential
Raphael Reich Senior Director, Product Marketing , Imperva §  Expertise •  20+ years in product marketing, product management, and software engineering §  Professional Experience •  Cisco, Check Point, Network General §  Academics •  Bachelor’s degree in Computer Science from UC Santa Cruz •  MBA from UCLA 3 © 2013 Imperva, Inc. All rights reserved. Confidential
Ruby Sharma Manager, WW Strategic Alliances, FireEye §  Expertise •  10+ years in strategic alliances, product management, and software engineering §  Professional Experience •  FireEye, Microsoft §  Academics •  Masters in Computer Science from Illinois Institute of Technology 4 © 2013 Imperva, Inc. All rights reserved. Confidential
Threat Landscape 5 © 2013 Imperva, Inc. All rights reserved. Confidential
Attackers Turn Your Data Into Their Money 6 © 2013 Imperva, Inc. All rights reserved. Confidential
Target Your Users and Your Data Center Source: Verizon Data Breach Report, 2013 7 © 2013 Imperva, Inc. All rights reserved. Confidential
Who’s Doing It and Why Governments Stealing Intellectual Property (IP) and raw data, and spying §  Motivated by: Policy, politics, and nationalism §  Preferred Methods: Targeted attacks Organized Crime Stealing IP and data §  Motivated by: Profit §  Preferred Methods: Targeted attacks, fraud Hacktivists Exposing IP and data, and compromising the infrastructure §  Motivated by: Political causes, ideology, personal agendas §  Preferred Methods: Targeted attacks, Denial of Service attacks 8 © 2013 Imperva, Inc. All rights reserved. Confidential
Some Examples Hackers stole sensitive data related to a planned $2.4B acquisition of China Huiyuan Juice Group Hackers raided troves of sensitive data from the $21B company, but it was never made public Hackers gained access to privileged user accounts regarding electric vehicle drive train technology Hackers had full system access with the ability to modify, copy and delete sensitive data 9 © 2013 Imperva, Inc. All rights reserved. Confidential
Anatomy of a Targeted Attack Records lost: 4M Population: 5M = 80% Attack Timeline: Targeted, Efficient, and Undetected Attacker steals login credentials via phishing email & malware Attacker logs in remotely and accesses the database Aug 13, 2012 Aug 27, 2012 10 © 2013 Imperva, Inc. All rights reserved. Confidential Additional reconnaissance, more credentials stolen Aug 29 – Sept 12, 2012 Attacker steals the entire database Sept 12 - 14, 2012
Current Controls Won’t the NGFW/IPS/AV Stop It? 11 © 2013 Imperva, Inc. All rights reserved. Confidential
Protect and Monitor Your Assets Applications and data are the main focus of modern cyber attacks. However, existing identity, endpoint, and network security solutions are insufficient for their protection. Application Security Roadmap Beyond 2012: Breaking Silos, Increasing Intelligence, Enabling Mass Adoption Joseph Feiman and Neil MacDonald; June 22, 2012 Gartner, Inc. 12 © 2013 Imperva, Inc. All rights reserved. Confidential
Typical Defenses Ineffective Against Modern Malware “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 13 © 2013 Imperva, Inc. All rights reserved. Confidential
Traditional Defenses Don’t Work The new breed of attacks evade signature-based defenses Anti-Spam Gateways IPS " Firewalls/ NGFW 14 © 2013 Imperva, Inc. All rights reserved. Secure Web Gateways Confidential Desktop AV
The Spending Disconnect The Threats Have Changed Security Spending Hasn’t 2012 2001 Cyber Espionage Organized Criminals Industrialized Hackers Anti-virus Anti-virus Backdoors Firewall / VPN Firewall / VPN “Digital Graffiti” Content Filtering Secure Email/Web Script Kiddies IDS / IPS IPS Threats Security Spend Threats Security Spend Sources: Gartner, Imperva analysis 15 © 2013 Imperva, Inc. All rights reserved. Confidential
Rebalance Your Security Portfolio 16 © 2013 Imperva, Inc. All rights reserved. Confidential
Security Redefined Forward Thinking 17 © 2013 Imperva, Inc. All rights reserved. Confidential
New Threat Landscape Coordinated Persistent Threat Actors Dynamic, Polymorphic Malware Advanced attacks go undetected! Multi-Vector Attacks 18 © 2013 Imperva, Inc. All rights reserved. Confidential Multi-Stage Attacks
Targeting an Organization’s Valuable Assets Spear Phishing CFO Financial Information Web-Based Attack Director of Engineering Intellectual Property File-Based Attack Government Employee National Security Information 19 © 2013 Imperva, Inc. All rights reserved. Confidential
A New Approach Required Legacy Security Devices Pattern-Matching Detection Model •  Signature-based •  Reactive •  Only known threats •  False positives 20 © 2013 Imperva, Inc. All rights reserved. Confidential New Virtual MachineBased Detection Model •  •  •  •  Signature-less Dynamic, real time Known/unknown threats Minimal false positives
FireEye’s Multi-Flow, Stateful Attack Analysis Infection Server Callback Server •  FireEye uses multi-flow analysis to understand the full context of today’s cyber attacks Exploit Callbacks Malware Executable Data Exfiltration •  Stateful attack analysis shows the entire attack life cycle •  Enables FireEye to disrupt each stage and neutralize attack •  Point products focus only on objects (e.g., executable, files) and can be easily bypassed Downloads 21 © 2013 Imperva, Inc. All rights reserved. Confidential
FireEye Multi Vector Protection Platform Network based based appliances see wide range of network traffic Web Email File Malwar e Multi-Vector Virtual Execution™ Central Management System Dynamic Threat Intelligence™ 22 © 2013 Imperva, Inc. All rights reserved. Confidential Installs within an hour on most networks with no need for rules and policies Integrates with common network architectures Additional specialized malware analyst tools Leverage of detection experience across entire customer base
Attacks Discovered and Stopped by FireEye FireEye claims protection against Internet Explorer zero-day attack, Operation Aurora Attackers Target Internet Explorer Zero-Day Flaw December 28, 2012 Researcher – Darien Kindlund January 18, 2010 Java Zero-Day Attack Could Hit Enterprises Hard August 28, 2012 Researcher – Atif Mushdaq South Korea network attack 'a computer virus' March 20, 2013 Researcher – Vinay Pidathala Operation Beebus Attacks Discovered by FireEye February 4, 2013 Researchers – Vinay Pidathala, Darien Kindlund 2010 Command and Control Used in Sanny APT Attacks Shut Down March 22, 2013 Researchers – Ali Islam, Alex Lanstein 2013 2012 Researchers Say They Took Down World’s Third-Largest Botnet July 18, 2012 Researcher – Atif Mushdaq APT Attacks FireEye is Designed to Combat 23 Russian space research org targeted by mystery malware attack December 12, 2012 Researchers – Ali Islam, Alex Lanstein Stuxnet © 2013 Imperva, Inc. All rights reserved. Adobe reviews report of another security bug in its software February 13, 2013 Researcher – Zheng Bu Duqu South Korea Confidential Researchers: Zero-day PDF exploit affects Adobe Reader 11, earlier versions February 13, 2013 Researcher – Yichong Lin
Protecting the Data Center From Advanced Targeted Attacks 24 © 2013 Imperva, Inc. All rights reserved. Confidential
What is Needed Advanced Detection: identify zero-day attacks Immediate Mitigation: block/report compromise insiders attempt to… •  Access business critical applications •  Access sensitive data – databases, intellectual property, deal data, etc. •  Conduct administrative actions or privileged operations Non-disruptive: mitigation enables business to continue Full Forensics: logs all activity originating from infected hosts 25 © 2013 Imperva, Inc. All rights reserved. Confidential
Reduce Risk §  Identify sensitive data §  Build policies to protect that data §  Review and rationalize access rights §  Audit, analyze and alert on access activity 26 © 2013 Imperva, Inc. All rights reserved. Confidential
Detect Advanced Attacks §  Detect advanced malware on network •  Detect in-bound malware exploits and out-bound data exfiltration to C&C sites §  Identify compromised endpoints/users •  Prevent them from accessing business critical data 27 © 2013 Imperva, Inc. All rights reserved. Confidential
Insulate Critical Applications and Data §  Stop compromised users and devices from accessing sensitive applications and data 28 © 2013 Imperva, Inc. All rights reserved. Confidential
Post-incident Analysis §  Leverage audit trail and forensics to improve the incident response process •  Identify trends and patterns that indicate security risk 29 © 2013 Imperva, Inc. All rights reserved. Confidential
Protect Data From Advanced Targeted Attacks +   1.  Identify insiders/endpoint compromised by malware 2.  Prevent compromised hosts from accessing critical business data 3.  Provide business continuity without business risk 30 © 2013 Imperva, Inc. All rights reserved. Confidential
Case Study: PSCU - Financial Services BLOCK Protecting regulated data in databases with Imperva and FireEye PCI Imperva Database Firewall 31 © 2013 Imperva, Inc. All rights reserved. Confidential
Integration and Data Flow Data set SecureSphere MX Data   Descrip,on   IP   Compromised  device  IP  address   Hostname   Compromised  device  hostname     FireEye  ID   Unique  FireEye  ID  for  mapping   Source   FireEye  MPS  source  device   Etc.   Etc.   32 © 2013 Imperva, Inc. All rights reserved. SecureSphere Gateways Confidential
Additional Resources – White Paper Download Now 33 © 2013 Imperva, Inc. All rights reserved. Confidential
Additional Resources – eBook Download Now 34 © 2013 Imperva, Inc. All rights reserved. Confidential
www.imperva.com 35 © 2013 Imperva, Inc. All rights reserved. Confidential

More Related Content

PDF
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
PPTX
Detection and Response with Splunk+FireEye
Splunk
 
PPT
FireEye
gigamon
 
PPTX
FireEye Engineering
Lauren Traurig
 
PDF
FireEye Use Cases — FireEye Solution Deployment Experience
Valery Yelanin
 
PDF
FireEye Solutions
Prime Infoserv
 
PDF
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
PDF
FireEye Portfolio
Prime Infoserv
 
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
Detection and Response with Splunk+FireEye
Splunk
 
FireEye
gigamon
 
FireEye Engineering
Lauren Traurig
 
FireEye Use Cases — FireEye Solution Deployment Experience
Valery Yelanin
 
FireEye Solutions
Prime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
FireEye Portfolio
Prime Infoserv
 

What's hot (20)

PDF
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
PPTX
Proatively Engaged: Questions Executives Should Ask Their Security Teams
FireEye, Inc.
 
PDF
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
PDF
Endpoint Detection & Response - FireEye
Prime Infoserv
 
PDF
Bezpečnost není jen antivirus
MarketingArrowECS_CZ
 
PPTX
The Internal Signs of Compromise
FireEye, Inc.
 
PPTX
F secure Radar vulnerability scanning and management
F-Secure Corporation
 
PPTX
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
PPTX
The next generation of IT security
Sophos Benelux
 
PPTX
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
ForgeRock
 
PDF
Addressing the cyber kill chain
Symantec Brasil
 
PDF
Cyber Kill Chain Deck for General Audience
Tom K
 
PPTX
Pegasus Spyware - What You Need to Know
Skycure
 
PPTX
Persistence is Key: Advanced Persistent Threats
Sameer Thadani
 
PPTX
kill-chain-presentation-v3
Shawn Croswell
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
PDF
Data Center Server security
xband
 
PDF
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
FireEye, Inc.
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Bezpečnost není jen antivirus
MarketingArrowECS_CZ
 
The Internal Signs of Compromise
FireEye, Inc.
 
F secure Radar vulnerability scanning and management
F-Secure Corporation
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
The next generation of IT security
Sophos Benelux
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
ForgeRock
 
Addressing the cyber kill chain
Symantec Brasil
 
Cyber Kill Chain Deck for General Audience
Tom K
 
Pegasus Spyware - What You Need to Know
Skycure
 
Persistence is Key: Advanced Persistent Threats
Sameer Thadani
 
kill-chain-presentation-v3
Shawn Croswell
 
Web Application Penetration Testing
Priyanka Aash
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Data Center Server security
xband
 
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
Ad

Viewers also liked (16)

PDF
Fire Eye Appliance Quick Start
Content Rules, Inc.
 
PPT
xstream_network
Ali Shahbazi Khojasteh
 
PPT
Ali shahbazi khojasteh dot1X
Ali Shahbazi Khojasteh
 
PDF
FireEye Systems Engineer
DediHusniHasyim
 
PPTX
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Edge Pereira
 
PDF
[Infographic] Email: The First Security Gap Targeted by Attackers
FireEye, Inc.
 
PPTX
Why Network and Endpoint Security Isn’t Enough
Imperva
 
PPSX
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
PDF
Email Security Best Practices
KnowBe4
 
PPTX
A review of network concepts base on CISCO by Ali Shahbazi
Ali Shahbazi Khojasteh
 
PDF
Protect Your Data and Apps in the Public Cloud
Imperva
 
PDF
More Databases. More Hackers. More Audits.
Imperva
 
PPTX
Hackers, Cyber Crime and Espionage
Imperva
 
PDF
ICS Network Security Monitoring (NSM)
Digital Bond
 
PPTX
Gartner MQ for Web App Firewall Webinar
Imperva
 
PPTX
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Imperva
 
Fire Eye Appliance Quick Start
Content Rules, Inc.
 
xstream_network
Ali Shahbazi Khojasteh
 
Ali shahbazi khojasteh dot1X
Ali Shahbazi Khojasteh
 
FireEye Systems Engineer
DediHusniHasyim
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Edge Pereira
 
[Infographic] Email: The First Security Gap Targeted by Attackers
FireEye, Inc.
 
Why Network and Endpoint Security Isn’t Enough
Imperva
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Email Security Best Practices
KnowBe4
 
A review of network concepts base on CISCO by Ali Shahbazi
Ali Shahbazi Khojasteh
 
Protect Your Data and Apps in the Public Cloud
Imperva
 
More Databases. More Hackers. More Audits.
Imperva
 
Hackers, Cyber Crime and Espionage
Imperva
 
ICS Network Security Monitoring (NSM)
Digital Bond
 
Gartner MQ for Web App Firewall Webinar
Imperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Imperva
 
Ad

Similar to Detect & Remediate Malware & Advanced Targeted Attacks (20)

PPTX
Targeted attacks
Barry Shteiman
 
PDF
Targeted Defense for Malware & Targeted Attacks
Imperva
 
PDF
Anatomy of the Compromised Insider
Imperva
 
PDF
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
PDF
Top Security Trends for 2013
Imperva
 
PDF
Who is the next target proactive approaches to data security
Ulf Mattsson
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
PDF
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Imperva
 
PDF
201408 fire eye korea user event press roundtable
JunSeok Seo
 
PDF
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
PPTX
Who is the next target and how is big data related ulf mattsson
Ulf Mattsson
 
PDF
OSB340: Disrupting an Advanced Attack
Ivanti
 
PDF
OSB340R: Disrupting an Advanced Attack
Ivanti
 
PDF
Top 10 Database Threats
Imperva
 
PPTX
Operational Security Intelligence
Splunk
 
PDF
Anatomy of a cyber attack
Mark Silver
 
PDF
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
PDF
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
PPTX
Vulnerability Management
justinkallhoff
 
Targeted attacks
Barry Shteiman
 
Targeted Defense for Malware & Targeted Attacks
Imperva
 
Anatomy of the Compromised Insider
Imperva
 
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
Top Security Trends for 2013
Imperva
 
Who is the next target proactive approaches to data security
Ulf Mattsson
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Imperva
 
201408 fire eye korea user event press roundtable
JunSeok Seo
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
Who is the next target and how is big data related ulf mattsson
Ulf Mattsson
 
OSB340: Disrupting an Advanced Attack
Ivanti
 
OSB340R: Disrupting an Advanced Attack
Ivanti
 
Top 10 Database Threats
Imperva
 
Operational Security Intelligence
Splunk
 
Anatomy of a cyber attack
Mark Silver
 
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Vulnerability Management
justinkallhoff
 

More from Imperva (20)

PPTX
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva
 
PPTX
API Security Survey
Imperva
 
PPTX
Imperva ppt
Imperva
 
PPTX
Beyond takeover: stories from a hacked account
Imperva
 
PPTX
Research: From zero to phishing in 60 seconds
Imperva
 
PDF
Making Sense of Web Attacks: From Alerts to Narratives
Imperva
 
PDF
How We Blocked a 650Gb DDoS Attack Over Lunch
Imperva
 
PPTX
Survey: Insider Threats and Cyber Security
Imperva
 
PPTX
Companies Aware, but Not Prepared for GDPR
Imperva
 
PPTX
Rise of Ransomware
Imperva
 
PDF
7 Tips to Protect Your Data from Contractors and Privileged Vendors
Imperva
 
PDF
SEO Botnet Sophistication
Imperva
 
PDF
Phishing Made Easy
Imperva
 
PDF
Imperva 2017 Cyber Threat Defense Report
Imperva
 
PDF
Combat Payment Card Attacks with WAF and Threat Intelligence
Imperva
 
PDF
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
Imperva
 
PDF
Get Going With Your GDPR Plan
Imperva
 
PDF
Cyber Criminal's Path To Your Data
Imperva
 
PDF
Combat Today's Threats With A Single Platform For App and Data Security
Imperva
 
PDF
Top Cyber Security Trends for 2016
Imperva
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva
 
API Security Survey
Imperva
 
Imperva ppt
Imperva
 
Beyond takeover: stories from a hacked account
Imperva
 
Research: From zero to phishing in 60 seconds
Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Imperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
Imperva
 
Survey: Insider Threats and Cyber Security
Imperva
 
Companies Aware, but Not Prepared for GDPR
Imperva
 
Rise of Ransomware
Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
Imperva
 
SEO Botnet Sophistication
Imperva
 
Phishing Made Easy
Imperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Imperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
Imperva
 
Get Going With Your GDPR Plan
Imperva
 
Cyber Criminal's Path To Your Data
Imperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Imperva
 
Top Cyber Security Trends for 2016
Imperva
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Teaching material agriculture food technology
LiaRayya
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation theory and applications.pdf
gurumoop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Cloud computing and distributed systems.
kkkkkhan
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

Detect & Remediate Malware & Advanced Targeted Attacks

  • 1. Detect and Remediate Advanced Targeted Attacks Raphael Reich - Senior Director, Product Marketing, Imperva Ruby Sharma - Manager, WW Strategic Alliances, FireEye 1 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 2. Agenda §  The threat landscape §  Traditional defenses fall short §  Securing high-value applications and data assets §  FireEye and Imperva: focused defense for targeted attacks 2 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 3. Raphael Reich Senior Director, Product Marketing , Imperva §  Expertise •  20+ years in product marketing, product management, and software engineering §  Professional Experience •  Cisco, Check Point, Network General §  Academics •  Bachelor’s degree in Computer Science from UC Santa Cruz •  MBA from UCLA 3 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 4. Ruby Sharma Manager, WW Strategic Alliances, FireEye §  Expertise •  10+ years in strategic alliances, product management, and software engineering §  Professional Experience •  FireEye, Microsoft §  Academics •  Masters in Computer Science from Illinois Institute of Technology 4 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 5. Threat Landscape 5 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 6. Attackers Turn Your Data Into Their Money 6 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 7. Target Your Users and Your Data Center Source: Verizon Data Breach Report, 2013 7 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 8. Who’s Doing It and Why Governments Stealing Intellectual Property (IP) and raw data, and spying §  Motivated by: Policy, politics, and nationalism §  Preferred Methods: Targeted attacks Organized Crime Stealing IP and data §  Motivated by: Profit §  Preferred Methods: Targeted attacks, fraud Hacktivists Exposing IP and data, and compromising the infrastructure §  Motivated by: Political causes, ideology, personal agendas §  Preferred Methods: Targeted attacks, Denial of Service attacks 8 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 9. Some Examples Hackers stole sensitive data related to a planned $2.4B acquisition of China Huiyuan Juice Group Hackers raided troves of sensitive data from the $21B company, but it was never made public Hackers gained access to privileged user accounts regarding electric vehicle drive train technology Hackers had full system access with the ability to modify, copy and delete sensitive data 9 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 10. Anatomy of a Targeted Attack Records lost: 4M Population: 5M = 80% Attack Timeline: Targeted, Efficient, and Undetected Attacker steals login credentials via phishing email & malware Attacker logs in remotely and accesses the database Aug 13, 2012 Aug 27, 2012 10 © 2013 Imperva, Inc. All rights reserved. Confidential Additional reconnaissance, more credentials stolen Aug 29 – Sept 12, 2012 Attacker steals the entire database Sept 12 - 14, 2012
  • 11. Current Controls Won’t the NGFW/IPS/AV Stop It? 11 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 12. Protect and Monitor Your Assets Applications and data are the main focus of modern cyber attacks. However, existing identity, endpoint, and network security solutions are insufficient for their protection. Application Security Roadmap Beyond 2012: Breaking Silos, Increasing Intelligence, Enabling Mass Adoption Joseph Feiman and Neil MacDonald; June 22, 2012 Gartner, Inc. 12 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 13. Typical Defenses Ineffective Against Modern Malware “Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced threats that have bypassed their traditional security protection techniques and reside undetected on their systems.” Gartner, 2012 13 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 14. Traditional Defenses Don’t Work The new breed of attacks evade signature-based defenses Anti-Spam Gateways IPS " Firewalls/ NGFW 14 © 2013 Imperva, Inc. All rights reserved. Secure Web Gateways Confidential Desktop AV
  • 15. The Spending Disconnect The Threats Have Changed Security Spending Hasn’t 2012 2001 Cyber Espionage Organized Criminals Industrialized Hackers Anti-virus Anti-virus Backdoors Firewall / VPN Firewall / VPN “Digital Graffiti” Content Filtering Secure Email/Web Script Kiddies IDS / IPS IPS Threats Security Spend Threats Security Spend Sources: Gartner, Imperva analysis 15 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 16. Rebalance Your Security Portfolio 16 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 17. Security Redefined Forward Thinking 17 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 18. New Threat Landscape Coordinated Persistent Threat Actors Dynamic, Polymorphic Malware Advanced attacks go undetected! Multi-Vector Attacks 18 © 2013 Imperva, Inc. All rights reserved. Confidential Multi-Stage Attacks
  • 19. Targeting an Organization’s Valuable Assets Spear Phishing CFO Financial Information Web-Based Attack Director of Engineering Intellectual Property File-Based Attack Government Employee National Security Information 19 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 20. A New Approach Required Legacy Security Devices Pattern-Matching Detection Model •  Signature-based •  Reactive •  Only known threats •  False positives 20 © 2013 Imperva, Inc. All rights reserved. Confidential New Virtual MachineBased Detection Model •  •  •  •  Signature-less Dynamic, real time Known/unknown threats Minimal false positives
  • 21. FireEye’s Multi-Flow, Stateful Attack Analysis Infection Server Callback Server •  FireEye uses multi-flow analysis to understand the full context of today’s cyber attacks Exploit Callbacks Malware Executable Data Exfiltration •  Stateful attack analysis shows the entire attack life cycle •  Enables FireEye to disrupt each stage and neutralize attack •  Point products focus only on objects (e.g., executable, files) and can be easily bypassed Downloads 21 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 22. FireEye Multi Vector Protection Platform Network based based appliances see wide range of network traffic Web Email File Malwar e Multi-Vector Virtual Execution™ Central Management System Dynamic Threat Intelligence™ 22 © 2013 Imperva, Inc. All rights reserved. Confidential Installs within an hour on most networks with no need for rules and policies Integrates with common network architectures Additional specialized malware analyst tools Leverage of detection experience across entire customer base
  • 23. Attacks Discovered and Stopped by FireEye FireEye claims protection against Internet Explorer zero-day attack, Operation Aurora Attackers Target Internet Explorer Zero-Day Flaw December 28, 2012 Researcher – Darien Kindlund January 18, 2010 Java Zero-Day Attack Could Hit Enterprises Hard August 28, 2012 Researcher – Atif Mushdaq South Korea network attack 'a computer virus' March 20, 2013 Researcher – Vinay Pidathala Operation Beebus Attacks Discovered by FireEye February 4, 2013 Researchers – Vinay Pidathala, Darien Kindlund 2010 Command and Control Used in Sanny APT Attacks Shut Down March 22, 2013 Researchers – Ali Islam, Alex Lanstein 2013 2012 Researchers Say They Took Down World’s Third-Largest Botnet July 18, 2012 Researcher – Atif Mushdaq APT Attacks FireEye is Designed to Combat 23 Russian space research org targeted by mystery malware attack December 12, 2012 Researchers – Ali Islam, Alex Lanstein Stuxnet © 2013 Imperva, Inc. All rights reserved. Adobe reviews report of another security bug in its software February 13, 2013 Researcher – Zheng Bu Duqu South Korea Confidential Researchers: Zero-day PDF exploit affects Adobe Reader 11, earlier versions February 13, 2013 Researcher – Yichong Lin
  • 24. Protecting the Data Center From Advanced Targeted Attacks 24 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 25. What is Needed Advanced Detection: identify zero-day attacks Immediate Mitigation: block/report compromise insiders attempt to… •  Access business critical applications •  Access sensitive data – databases, intellectual property, deal data, etc. •  Conduct administrative actions or privileged operations Non-disruptive: mitigation enables business to continue Full Forensics: logs all activity originating from infected hosts 25 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 26. Reduce Risk §  Identify sensitive data §  Build policies to protect that data §  Review and rationalize access rights §  Audit, analyze and alert on access activity 26 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 27. Detect Advanced Attacks §  Detect advanced malware on network •  Detect in-bound malware exploits and out-bound data exfiltration to C&C sites §  Identify compromised endpoints/users •  Prevent them from accessing business critical data 27 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 28. Insulate Critical Applications and Data §  Stop compromised users and devices from accessing sensitive applications and data 28 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 29. Post-incident Analysis §  Leverage audit trail and forensics to improve the incident response process •  Identify trends and patterns that indicate security risk 29 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 30. Protect Data From Advanced Targeted Attacks +   1.  Identify insiders/endpoint compromised by malware 2.  Prevent compromised hosts from accessing critical business data 3.  Provide business continuity without business risk 30 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 31. Case Study: PSCU - Financial Services BLOCK Protecting regulated data in databases with Imperva and FireEye PCI Imperva Database Firewall 31 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 32. Integration and Data Flow Data set SecureSphere MX Data   Descrip,on   IP   Compromised  device  IP  address   Hostname   Compromised  device  hostname     FireEye  ID   Unique  FireEye  ID  for  mapping   Source   FireEye  MPS  source  device   Etc.   Etc.   32 © 2013 Imperva, Inc. All rights reserved. SecureSphere Gateways Confidential
  • 33. Additional Resources – White Paper Download Now 33 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 34. Additional Resources – eBook Download Now 34 © 2013 Imperva, Inc. All rights reserved. Confidential
  • 35. www.imperva.com 35 © 2013 Imperva, Inc. All rights reserved. Confidential