Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Threat intelligence at the cloud

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 19 Publicité

Threat intelligence at the cloud

Télécharger pour lire hors ligne

One of the biggest challenges of security teams is the ability to analyze the over whelming amount of security incidents that take place inside or outside of their organization. Threat intelligence is a powerful tool that by providing analyzed and actionable insights may help with solving part of that challenge. In this presentation we will show the unique power of threat intelligence utilizing cloud networks and present several case studies that find and correlate those malicious needles into insightful and actionable intelligence.

One of the biggest challenges of security teams is the ability to analyze the over whelming amount of security incidents that take place inside or outside of their organization. Threat intelligence is a powerful tool that by providing analyzed and actionable insights may help with solving part of that challenge. In this presentation we will show the unique power of threat intelligence utilizing cloud networks and present several case studies that find and correlate those malicious needles into insightful and actionable intelligence.

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Les utilisateurs ont également aimé (20)

Publicité

Similaire à Threat intelligence at the cloud (20)

Plus récents (20)

Publicité

Threat intelligence at the cloud

  1. 1. Threat Intelligence At The Cloud Or Katz - Principal Security Researcher Ezra Caltum - Senior Security Researcher
  2. 2. ©2015 AKAMAI | FASTER FORWARDTM Hide and Seek
  3. 3. ©2015 AKAMAI | FASTER FORWARDTM Hide and Seek Akamai Cloud The Playground? Who is Hiding? Who is Seeking? The Goal of the Game? Threat Actors Find malicious activity and create actionable threat intelligence
  4. 4. ©2015 AKAMAI | FASTER FORWARDTM Hide: Threat Actors
  5. 5. ©2015 AKAMAI | FASTER FORWARDTM Seek: Akamai Threat Research Team Akamai’s State of The Internet Report Research Publication Thought Leadership
  6. 6. ©2015 AKAMAI | FASTER FORWARDTM The Platform •  167,000+ Servers •  750+ Cities •  92 Countries The Data •  2 trillion hits per day •  260+ terabytes of compressed daily logs Playground: Akamai’s Content Delivery Network (CDN) Data Centers End User
  7. 7. ©2015 AKAMAI | FASTER FORWARDTM The Goal: Threat Intelligence Highlights of threat intelligence: •  New insights •  Forecast future threats •  Digested output •  Actionable According to Gartner: “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard”
  8. 8. ©2015 AKAMAI | FASTER FORWARDTM Why Threat Intelligence At the Cloud? Volume, Velocity and Variety Leading to better: • visibility to threat landscape • Insights • Future threats forecasting • Security level
  9. 9. ©2015 AKAMAI | FASTER FORWARDTM Case Study – Slow & Low Customer: “Some of the Web site accounts had been taken over, I suspect that it was a brute force attack”
  10. 10. ©2015 AKAMAI | FASTER FORWARDTM Web Brute Force Also known as: Password guessing attack User: Ezra Password: 123456 Brute Forcer Web Application
  11. 11. ©2015 AKAMAI | FASTER FORWARDTM Brute Force - Common vs. Advanced Common •  Attack method – Brute force flood •  Attacking resources – single/few •  Detection technique – Noisy logs •  Protection - Rate control Advanced •  Attack method – Brute force slow and low •  Attacking resources – multiple/Botnet •  Detection technique – ? •  Protection - ?
  12. 12. ©2015 AKAMAI | FASTER FORWARDTM Slow & Low – On Site Threat Intelligence Step 1 (on-site) Analyzing each IP address activity per Web application Step 2 (on-site) Analyzing aggregated Web application login attempts per hour Resource Application 5 ~ 12 login attempts per hour ~50 login attempts per hour
  13. 13. ©2015 AKAMAI | FASTER FORWARDTM Slow and Low – At Cloud Step 3 (cloud) Tracking brute forcer across the cloud! Monitoring all IP addresses activity on all targeted Web application 1.  Each Botnet member target 100 ~ 300 Web applications 2.  Botnet execute ~10,000 login attempts per hour over Cloud network 3.  Botnet is running over the same virtual hosting service provider 4.  The Botnet was active at least few months before detected BINGO
  14. 14. ©2015 AKAMAI | FASTER FORWARDTM On-site vs. Cloud On-Site Cloud
  15. 15. ©2015 AKAMAI | FASTER FORWARDTM Brute Force Botnet
  16. 16. ©2015 AKAMAI | FASTER FORWARDTM Brute Force by Industry Segment
  17. 17. ©2015 AKAMAI | FASTER FORWARDTM Actionable Insight •  Tactical controls - Block any login attempts initiated from detected Botnet •  Strategic controls - Adjust security control brute force rate mitigations •  GEO intelligence - Restrict GEO login •  Present threat Intel. - Detection based on cross targeted correlation •  Future threat Intel. - Forecasting based on industry intelligence
  18. 18. ©2015 AKAMAI | FASTER FORWARDTM Summary •  Cloud platform can yield unique actionable threat intelligence •  Cloud threat intelligence introduce the ability to use cross targets, cross industry and evasive techniques in order to produce unique threat intelligence •  Using gaming techniques while at work is fun! •  When you are 195cm tall it is hard to find good hiding places
  19. 19. ©2015 AKAMAI | FASTER FORWARDTM Ezra Caltum - @aCaltum Or Katz - @or_katz

×