Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
www.cloudsec.com | #CLOUDSEC
7 BEHAVIORS OF HIGHLY EFFECTIVE ANTI-APT SOLUTIONTarun Gupta Regional Solutions ArchitectTrend Micro@Tarun_t_g
THREAT ACTORS GROWING WORLDWIDE
3
#CLOUDSEC
Victim
The Boss
Mercenary Attackers
Data Fencing
The Captain Garant
Bullet Proof Hoster
CRIME SYNDICATE (SIMPLIFIED)
#CLOUDSEC
$4
Victim Blackhat SEOAttacker
$10Attacker
Keywords(Botherder)
$2
$6$10
Programmer$10
Cryptor$10
Virtest$5
Worm
Exploit Kit
Bot Reseller$1 $1
$1
Traffic DirectionSystem$5
Garant$10
$3
Carder$4
Money Mule
Droppers$1
Card Creator$2
Bullet ProofHoster
$5
CompromisedSites (Hacker)
SQL InjectionKit
CRIME SYNDICATE (DETAILED)
A PREDATOR THAT BLENDS RIGHT IN
6
Copyright 2014 Trend Micro Inc. 7
Lucrative payoff, low penalty for failure Easy access to weapons/expertiseBroad attack surface (mobile, cloud…) Social engineering easier than ever
Impact beyond costResource constrained Many points of defenseUsers cannot be controlled
HACKERS HAVE AN UNFAIR ADVANTAGE!
Copyright 2014 Trend Micro Inc. 8
All that’s needed is a credit card and a mouse!
HACKERS HAVE AN UNFAIR ADVANTAGE!
Copyright 2014 Trend Micro Inc. 9
Limitations in device/OS/file coverage Unmonitored ports and protocols Generic sandbox environments Limited insight on known and
zero-day attacks Lack of visibility into attack evolution &
polymorphic malware
ATTACKERS EXPLOIT THE “GAPS "IN YOUR SECURITY
#CLOUDSECPoison Ivy
Use Multiple Ports
EvilGrab MW
Use Multiple Protocols
IXESHE MW
Evolve/Morph over Time
Copyright 2014 Trend Micro Inc.
91% of targeted attacks begin with a spear-phishing email
Attack Weakest Point: Humans
ATTACKERS CUSTOMIZE ATTACKS TO EVADE YOUR STANDARD DEFENSES
Moves laterally across network seeking valuable data
Gathers intelligence about organization and individuals
Copyright 2013 Trend Micro Inc.
Targets individuals using social engineering
Employees
Establishes link to Command & Control server
Attackers
Extracts data of interest – can go undetected for months!
$$$$
A TARGETED ATTACK IN ACTION: SOCIAL, STEALTHY
www.cloudsec.com | #CLOUDSEC
7 BEHAVIORS OF HIGHLY EFFECTIVE ANTI-APT SOLUTION
EFFECTIVE BEHAVIOR 1 - VISIBILITY
• Breach detection solutions need pervasive trafficvisibility.
• Monitoring Perimeter and all internal network trafficbetween endpoints, servers, and any other devices.
• Mobile device access and activities
• Identify risky applications in use; mobile device access and activities
• unusual traffic and data transfer patterns and more.
13
EFFECTIVE BEHAVIOR 2 - DETECTION
• Network based breach detection solution can discover themalicious content, communications in complex networks
• Monitoring of all critical network segments over MultipleProtocols
• Custom sandbox simulation and threat detection rules toreflect environment risks.
• Is agnostic to devices, operating systems and network traffic
• Can detect network threats activity emanating from any IPbased device detects attacks across all network traffic.
14
EFFECTIVE BEHAVIOR 3 - RISK ASSESSMENT
• Augments automated local threat analysis with relevantglobal intelligence.
• Identify emerging threats, vulnerabilities and associated risk.
• Risk Impact Assessment, Prioritization and Notification.
• Helps in risk mitigation with integration and Informationsharing
• Highlight Infectious unusual network activity
15
EFFECTIVE BEHAVIOR 4 - PREVENTION
• Custom detection, analysis and intelligence to augmentprotection from further attack
• Detect and block current attack activity such as commandand control communications, Lateral Moment etc.
• Includes custom security updates sent from thedetection/analysis platform to all pertinent protection points
• With entire security infrastructure adapts to defend againstthe new attacker.
16
EFFECTIVE BEHAVIOR 5 - REMEDIATION
• In-depth threat profile information will help guidecontainment and remediation actions
• SIEM or other log analysis methods to determine the fullextent of the Attack
• Provides the custom relevant intelligence to guide yourrapid response
• Open Web Services Interfaces allow any product tointegrate
17
EFFECTIVE BEHAVIOR 6 - SECURITY THAT FITS
• Integration with SIEMs; HP, IBM, Splunk, Any
• Sharing of Threat Intelligence with other security products
• Open Web Services Interfaces allow any product tointegrate
18
EFFECTIVE BEHAVIOR 7 – COLLABORATION
Monitor
Detect
Analyse
Compile
Forward
Action
Intel Report
Member Countries19
Copyright 2014 Trend Micro Inc. 20
Global Threat IntelligenceAccurately Analyzes and Identifies Threats Faster• 100TB of data analyzed and correlated daily• 300,000 new threats identified daily• Big data analytics and threat expertise
Global SensornetCollects More Information in More Places
• 150 million sensors• 16 billion threat queries daily• Files, URL’s, vulnerabilities, threat actors…
Proactive ProtectionBlocks Real-World Threats Sooner• 500,000+ businesses• Millions of consumers• 150M threats blocked daily
FUELED BY GLOBAL THREAT INTELLIGENCE
MONITOR & CONTROL:Security administrator alerted andprovided actionable intelligence
DETECT:Suspicious file detected and analyzed by Deep Discovery
ANALYZE:Affected endpoints identifiedwith Trend Micro Endpoint Sensor
RESPOND:Custom signature deployed andmalicious file quarantined; Serversprotected from unpatchedvulnerability used in the attack
PROTECT:Protection improved againstfuture attacks with integratedTrend solutions
#CLOUDSECDeploy protection where it matters most to your organization
InspectorDetect and analyze targeted attacks anywhere on your network
Network-wideattack detection
Analyzer
Improve the threat protection of your existing security investments
Integratedsandboxing
Email Inspector
Stop the targeted attacks that can lead to a data breach
Email attackprotection
Endpoint Sensor
Investigate & respond to attacks with network detection + endpoint intelligence
EndpointInvestigation
22Copyright 2014 TrendMicro Inc.
DEEP DISCOVERY FAMILY PRODUCTS
#CLOUDSEC
Trend Micro Deep Discovery PlatformAdvanced Threat Detection Where it Matters Most
Defends against targeted attacks invisible to standard security products• Advanced malware & exploits• Command & control communication• Attacker activity and lateral movement• Across inbound, outbound & internal
traffic
Copyright 2014 Trend Micro Inc. 23
#CLOUDSEC
24Copyright 2015 Trend Micro Inc.
• Proven results for standard HTTP & SMTP
• Plus additional detection for 100+ protocols & applications across all ports
• Detection of Mac and Mobile malware
• Custom sandboxing
• Monitors all network traffic
• Detect attacker activity
• Single appliance & low TCO
Superior detection & 360°protection
WHY DEEP DISCOVERY?
Tarun GuptaTrend [email protected]
@tarun_t_g