En la actualidad el crecimiento exponencial del malware sofisticado y los métodos de evasión utilizados por cibercriminales se han convertido en una combinación letal para las organizaciones. Los silos de información y la carencia de automatización entre ellos, convierte a las empresas en foco fácil de los atacantes. Hoy las empresas no solo buscan llenar el “check” de Compliance, sino realmente mitigar sus riesgos de seguridad de manera más eficiente y proactiva. Una seguridad conectada, a través de diferentes componentes tecnológicos mediante los cuales se “comparte” la información para tomar conciencia y reaccionar de manera inmediata hace la diferencia entre ser uno más de las estadísticas de incidentes de seguridad o no serlo.
Dirigido a: Jefes o Coordinadores de TI, Gerentes de Sistemas o TI, CIO, CISO, CTO
WordPress Websites for Engineers: Elevate Your Brand
Mitigating risk by connecting the pieces
1. Conectando las piezas para mitigar el riesgo
Jorge Herrerías, CISSP
Sales System Engineer
2. Malware Continues to Grow…
128M Total Malware Samples in the McAfee Labs Database
New Malware Samples
14,000,000
New malware
samples grew 22%
from Q4’12 to Q1‘13
12,000,000
10,000,000
2012 new malware
sample discoveries
increased 50%
over 2011.
8,000,000
6,000,000
4,000,000
2,000,000
0
Q1
Q2
Q3
Q4
Q1
Q2
Q3
Q4 Q1
Q2
Q3
Q4
Q1
2010 2010 2010 2010 2011 2011 2011 2011 2012 2012 2012 2012 2013
Malware continues to grow, and getting more sophisticated…
2
Source: McAfee Labs ,2013
3. Ransomware
The number of new, unique samples this quarter is greater than 320,000, more than twice as many as in the first quarter of 2013.
During the past two quarters, McAfee Labs has catalogued more ransomware samples than in all previous periods combined.
350,000
New Ransomware Samples
300,000
250,000
200,000
150,000
100,000
50,000
0
Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013
3
4. Total Malware Samples
The McAfee “zoo” now contains more than 140 million unique malware samples.
Total Malware Samples
160,000,000
140,000,000
120,000,000
100,000,000
80,000,000
60,000,000
40,000,000
20,000,000
0
4
Jul-12 Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13
5. Suspicious Internet (MX)
As of December 31, 2012, nearly
1,100 suspicious Internet addresses
hosted in Mexico were analyzed by
McAfee. There were only 800 in late
2011. 62 percent of the current ones
are assigned with a maximum risk.
Nearly 51 percent of these URLs
hide malware. About 26 percent of
them
are
used
in
phishing
campaigns and 13 percent in spam
campaigns.
5
13. Multi-Layering Defense | Interconnected
Firewall Enterprise
Web Protection
Intrusion Prevention
System
Security for Microsoft
Exchange
VirusScan
Email Protection
Network
Anti Malware
Site Advisor
Database Security
Application Control
Data Center Security
MOVE AV
SIEM
Host IPS
Unified Administration
Device Control
Mobilty
Deep Defender
Device Control
22. Discovering ZeroDay and Targeted Attacks
Live Walkthrough
YOU FIND ON-PREM
LIVE E-MAIL RECEIVED 08-27-2013
Advanced Threat
Defense
McAfee
Global Threat Intelligence
Target-Specific
Sandboxing (MATD)
Emulation Engine
Efficient AV Signatures
GTI Reputation
3rd Party Threat Data
JAR Analysis
.exe Analysis
PDF Analysis
Network Threat
Response
MFE FINDS VIA CLOUD
URL REDIRECT TO
MALWARE SITE
23. Discovering ZeroDay and Targeted Attacks
Live Walkthrough
YOU FIND ON-PREM
REPUTATION CHECK OF THE URL PASSES
Advanced Threat
Defense
McAfee
Global Threat Intelligence
Target-Specific
Sandboxing (MATD)
Emulation Engine
Efficient AV Signatures
GTI Reputation
3rd Party Threat Data
JAR Analysis
.exe Analysis
PDF Analysis
Network Threat
Response
MFE FINDS VIA CLOUD
PAYLOAD APPEARS TO BE A .SCR INSIDE A .ZIP
24. Discovering ZeroDay and Targeted Attacks
Live Walkthrough
YOU FIND ON-PREM
Advanced Threat
Defense
McAfee
Global Threat Intelligence
Target-Specific
Sandboxing (MATD)
Emulation Engine
Efficient AV Signatures
GTI Reputation
3rd Party Threat Data
JAR Analysis
.exe Analysis
PDF Analysis
Network Threat
Response
MFE FINDS VIA CLOUD
DUE TO ZERO DAY, FEW A/V SIGNATURE CATCHES
25. Discovering ZeroDay and Targeted Attacks
Live Walkthrough
YOU FIND ON-PREM
Advanced Threat
Defense
McAfee
Global Threat Intelligence
Target-Specific
Sandboxing (MATD)
Emulation Engine
Efficient AV Signatures
GTI Reputation
3rd Party Threat Data
JAR Analysis
.exe Analysis
PDF Analysis
Network Threat
Response
MFE FINDS VIA CLOUD
MATD OR NTR EXECUTION DEMONSTRATES:
26. Discovering ZeroDay and Targeted Attacks
Live Walkthrough
WHAT’S LEARNED THROUGH EXECUTION:
YOU FIND ON-PREM
Advanced Threat
Defense
McAfee
Global Threat Intelligence
Target-Specific
Sandboxing (MATD)
Emulation Engine
Efficient AV Signatures
GTI Reputation
3rd Party Threat Data
JAR Analysis
.exe Analysis
PDF Analysis
Network Threat
Response
MFE FINDS VIA CLOUD
30. Global Threat Intelligence and SIEM
IP REPUTATION CHECK
GOOD
SUSPECT
AUTOMATIC RISK ANALYSIS VIA
ADVANCED CORRELATION
ENGINE
BAD
Medium Risk
High Risk
EVENT
AUTOMATIC IDENTIFICATION
McAfee Labs
IP Reputation Updates
Botnet/
DDos
Mail/
Spam
Sending
Web Access
Malware
Hosting
Network
Probing
Network
Probing
Presence of
Malware
DNS Hosting
Activity
Intrusion
Attacks