SlideShare une entreprise Scribd logo

Zlatibor asseco-fire eye

Télécharger en tant que PPTX, PDF
Dejan Jeremic
Dejan Jeremic
FormationTechnologie
1  sur  17
Solutions for Demanding Business
solutions for demanding business FireEye – Advance Threat Protection Dane Hinić Senior Consultant dane.hinic@asseco-see.rs
solutions for demanding business 3 Traditional Security Solutions IPS Attack-signature based detection, shallow application analysis, high-false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script- based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Desktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature- based detection (some behavioral); no true spear phishing protection Firewalls/NGFW Block IP/port connections, applicatio n-level control, no visibility Despite all this technology 95% of organizations are compromised
solutions for demanding business Multi-Staged Cyber Attack Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated 1 Callback Server IPSFile Share 2 File Share 1 Exploit Server 5 32 4 1. Exploitation of System 2. Malware Executable Download 3. Callbacks and Control Established 4. Lateral Spread 5. Data Exfiltration Firewall 4
solutions for demanding business What Is An Exploit? Compromised webpage with exploit object 1. Exploit object rendered by vulnerable software 2. Exploit injects code into running program memory 3. Control transfers to exploit code Exploit object can be in ANY web page An exploit is NOT the same as the malware executable file! 5
solutions for demanding business Structure of a Multi-Flow APT Attack Exploit Server Embedded Exploit Alters Endpoint 1 6
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Embedded Exploit Alters Endpoint 1 Callback2 7
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 8
solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Command and Control Server Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 Callback and data exfiltration 4 9
solutions for demanding business FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE 10
solutions for demanding business Who detected the attack first? (Detections by month) 0 5000 10000 15000 20000 25000 30000 07/13 08/13 09/13 10/13 11/13 12/13 FireEye found First Detected by vendor in VirusTotal 11
Industry: Government (Federal) Top APT Business Impact Backdoor.APT. Houdini(25%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Malware.Archive (68%) Malware is discovered inside archive file (ZIP, RAR) Malware.Binary (52%) Loss of sensitive financial information, e.g. credit card, banking login FireEye PoV Customers Compromised HadAPT 31 100% 39% 0.39 2.63 11058.1 11046.3 303.06 4939 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 164.75 13.95 350.44 352.55 MaxAverage(Per Week)
Industry: High-Tech Top APT Business Impact Backdoor.APT. Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of intellectual property, trade secret, and sensitive internal communication.Backdoor.APT. DarkComet (40%) Top Crimeware Business Impact Malware.Binary (67%) Never-seen-before malware. Signature based protection defenseless. Exploit.Kit.Neutrino (67%) Infection with several types of malware that steal credentials or restrict access to computer and demands ransom. FireEye PoV Customers Compromised HadAPT 18 100% 28% 1.46 8.66 41486.9 43022.5 86.92 3011.14 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 198.9 12.9 2708.9 2629.8 MaxAverage(Per Week)
Industry: Financial Top APT Business Impact Backdoor.APT.Houdini (29%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Exploit.Browser (66%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Exploit.Kit.Neutrino (54%) Infection with several types of malware that steal credentials or restrict access to computer and demand ransom. FireEye PoV Customers Compromised HadAPT 71 99% 10% 0.78 5.68 1602.83 1405.78 174.1 3183.1 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 90.48 6.26 24.21 34.85 MaxAverage(Per Week)
Industry: Services / Consulting / VAR Top APT Business Impact Backdoor.APT.XtremeRA T (50%) Being victim of common RATs capabilities including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. Top Crimeware Business Impact Exploit.Browser (53%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Malware.Archive (53%) Malware is discovered inside archive file (ZIP, RAR) FireEye PoV Customers Compromised HadAPT 19 100% 11% 1.75 20.77 83.06 52.15 151.15 187.85 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 18.05 12.23 5.57 13.34 MaxAverage(Per Week)
solutions for demanding business FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention DynamicThreat Intelligence NetworkThreat Prevention ContentThreat Prevention MobileThreat Prevention EndpointThreat Prevention EmailThreat Prevention
Dane Hinić dane.hinic@asseco-see.rs

Recommandé

Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
Imperva
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 

Recommandé

Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
Imperva
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
FireEye
FireEyeFireEye
FireEye
gigamon
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
Splunk
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
Quick Heal Technologies Ltd.
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
Lan & Wan Solutions
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
Priyanka Aash
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
IceQUICK
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Cristian Garcia G.
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
Lauren Traurig
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
Core Security
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"
Sylvio Micelli
 
Mohamed salem C.V. - Copy
Mohamed salem C.V. - CopyMohamed salem C.V. - Copy
Mohamed salem C.V. - Copy
mohamed salem
 

Contenu connexe

Tendances

Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
ecmee
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 

Tendances (20)

Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
Detection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEyeDetection and Response with Splunk+FireEye
Detection and Response with Splunk+FireEye
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 

En vedette

Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"
Sylvio Micelli
 
Mohamed salem C.V. - Copy
Mohamed salem C.V. - CopyMohamed salem C.V. - Copy
Mohamed salem C.V. - Copy
mohamed salem
 
Todosobrelaspdi 120215101521-phpapp02
Todosobrelaspdi 120215101521-phpapp02Todosobrelaspdi 120215101521-phpapp02
Todosobrelaspdi 120215101521-phpapp02
yosoybobesponja
 
Digital entrepreneur 140207_bm
Digital entrepreneur 140207_bmDigital entrepreneur 140207_bm
Digital entrepreneur 140207_bm
Kenneth OE Sundin
 
Digital.Creativity
Digital.CreativityDigital.Creativity
Digital.Creativity
Ana Andjelic
 
Apresentação kasa conceito 02
Apresentação kasa conceito 02Apresentação kasa conceito 02
Apresentação kasa conceito 02
schaelly campos
 
Planejamento e matrizes Marketing
Planejamento e matrizes MarketingPlanejamento e matrizes Marketing
Planejamento e matrizes Marketing
Clarissa Lima
 

En vedette (20)

Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"Livro "CCM Iamspe: muito mais que 2%"
Livro "CCM Iamspe: muito mais que 2%"
 
Mohamed salem C.V. - Copy
Mohamed salem C.V. - CopyMohamed salem C.V. - Copy
Mohamed salem C.V. - Copy
 
Ielectricas
IelectricasIelectricas
Ielectricas
 
S+T Sum08
S+T Sum08S+T Sum08
S+T Sum08
 
Fira de Nadal
Fira de NadalFira de Nadal
Fira de Nadal
 
La administración pública como ciencia, por José Juan Sánchez González
La administración pública como ciencia, por José Juan Sánchez GonzálezLa administración pública como ciencia, por José Juan Sánchez González
La administración pública como ciencia, por José Juan Sánchez González
 
Todosobrelaspdi 120215101521-phpapp02
Todosobrelaspdi 120215101521-phpapp02Todosobrelaspdi 120215101521-phpapp02
Todosobrelaspdi 120215101521-phpapp02
 
2009 Guía de Turismo Activo en Euskadi
2009 Guía de Turismo Activo en Euskadi2009 Guía de Turismo Activo en Euskadi
2009 Guía de Turismo Activo en Euskadi
 
Présentation - Landing App
Présentation - Landing App Présentation - Landing App
Présentation - Landing App
 
Digital entrepreneur 140207_bm
Digital entrepreneur 140207_bmDigital entrepreneur 140207_bm
Digital entrepreneur 140207_bm
 
Revista Academia Colombiana de Ciencias Veterinarias Val 4 No 3
Revista Academia Colombiana de Ciencias Veterinarias Val 4 No 3Revista Academia Colombiana de Ciencias Veterinarias Val 4 No 3
Revista Academia Colombiana de Ciencias Veterinarias Val 4 No 3
 
Digital.Creativity
Digital.CreativityDigital.Creativity
Digital.Creativity
 
Mobile Order Management and real-time analytics on SAP HANA
Mobile Order Management and real-time analytics on SAP HANAMobile Order Management and real-time analytics on SAP HANA
Mobile Order Management and real-time analytics on SAP HANA
 
Ex-jobb
Ex-jobbEx-jobb
Ex-jobb
 
Apresentação kasa conceito 02
Apresentação kasa conceito 02Apresentação kasa conceito 02
Apresentação kasa conceito 02
 
Spryker Hackathon Q1 2016
Spryker Hackathon Q1 2016Spryker Hackathon Q1 2016
Spryker Hackathon Q1 2016
 
Linking words
Linking wordsLinking words
Linking words
 
Planejamento e matrizes Marketing
Planejamento e matrizes MarketingPlanejamento e matrizes Marketing
Planejamento e matrizes Marketing
 
Indusmedia
IndusmediaIndusmedia
Indusmedia
 
Estadisticas 2012 Asociacion Mexicana de Franquicias
Estadisticas 2012 Asociacion Mexicana de FranquiciasEstadisticas 2012 Asociacion Mexicana de Franquicias
Estadisticas 2012 Asociacion Mexicana de Franquicias
 

Similaire à Zlatibor asseco-fire eye

Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
James Perry, Jr.
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
GDI Product Presentation
GDI Product PresentationGDI Product Presentation
GDI Product Presentation
tswong
 
185
185185
185
vivatechijri
 

Similaire à Zlatibor asseco-fire eye (20)

FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
Information Security
Information SecurityInformation Security
Information Security
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
SonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptxSonicWALL - Skytek - VnPro.pptx
SonicWALL - Skytek - VnPro.pptx
 
GDI Product Presentation
GDI Product PresentationGDI Product Presentation
GDI Product Presentation
 
185
185185
185
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
 
Choosing The Right Enterprise Antispyware Solution
Choosing The Right Enterprise Antispyware SolutionChoosing The Right Enterprise Antispyware Solution
Choosing The Right Enterprise Antispyware Solution
 

Plus de Dejan Jeremic

Analiza ljudskih potencijala
Analiza ljudskih potencijalaAnaliza ljudskih potencijala
Analiza ljudskih potencijala
Dejan Jeremic
 
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbraneSelekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
Dejan Jeremic
 

Plus de Dejan Jeremic (20)

Konferencija 09.12. ​Maja Ilic
Konferencija 09.12. ​Maja IlicKonferencija 09.12. ​Maja Ilic
Konferencija 09.12. ​Maja Ilic
 
Konferencija 09.12. ph d Dragan Djurdjevic
Konferencija 09.12. ph d Dragan DjurdjevicKonferencija 09.12. ph d Dragan Djurdjevic
Konferencija 09.12. ph d Dragan Djurdjevic
 
Konferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad KaludjerovicKonferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad Kaludjerovic
 
Konferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad KaludjerovicKonferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad Kaludjerovic
 
Konferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad KaludjerovicKonferencija 09.12. ph d Nenad Kaludjerovic
Konferencija 09.12. ph d Nenad Kaludjerovic
 
Konferencija 09.12. Hilda Milenković
Konferencija 09.12. Hilda MilenkovićKonferencija 09.12. Hilda Milenković
Konferencija 09.12. Hilda Milenković
 
Konferencija 9 12 - Biljana Simic
Konferencija 9 12 - Biljana SimicKonferencija 9 12 - Biljana Simic
Konferencija 9 12 - Biljana Simic
 
Asistivna tehnologija
Asistivna tehnologija Asistivna tehnologija
Asistivna tehnologija
 
Podrska razvoja siblinskih odnosa
Podrska razvoja siblinskih odnosaPodrska razvoja siblinskih odnosa
Podrska razvoja siblinskih odnosa
 
Beskucnistvo i usluga socijalnog rada
Beskucnistvo i usluga socijalnog radaBeskucnistvo i usluga socijalnog rada
Beskucnistvo i usluga socijalnog rada
 
Lokalne usluge GCSR Beograd
Lokalne usluge GCSR BeogradLokalne usluge GCSR Beograd
Lokalne usluge GCSR Beograd
 
Postupanje GCSR u obezbedjivanju podrske maloletne dece migranata
Postupanje GCSR u obezbedjivanju podrske maloletne dece migranataPostupanje GCSR u obezbedjivanju podrske maloletne dece migranata
Postupanje GCSR u obezbedjivanju podrske maloletne dece migranata
 
Deinstitucionalizacija
DeinstitucionalizacijaDeinstitucionalizacija
Deinstitucionalizacija
 
Centar za porodicni smestaj i usvojenje Novi Sad
Centar za porodicni smestaj i usvojenje Novi SadCentar za porodicni smestaj i usvojenje Novi Sad
Centar za porodicni smestaj i usvojenje Novi Sad
 
Podrsak EU inkluzionom drustvu
Podrsak EU inkluzionom drustvuPodrsak EU inkluzionom drustvu
Podrsak EU inkluzionom drustvu
 
Povremeni porodicni smeštaj - sajam socijalnih usluga 2016
Povremeni porodicni smeštaj - sajam socijalnih usluga 2016Povremeni porodicni smeštaj - sajam socijalnih usluga 2016
Povremeni porodicni smeštaj - sajam socijalnih usluga 2016
 
Forenzička revizija
Forenzička revizijaForenzička revizija
Forenzička revizija
 
Analiza ljudskih potencijala
Analiza ljudskih potencijalaAnaliza ljudskih potencijala
Analiza ljudskih potencijala
 
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbraneSelekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
Selekcija kadrova i njihova uloga u inzinjeringu protivteroristicke odbrane
 
Razvoj lokalnih usluga socijalne zastite grada Pancevo
Razvoj lokalnih usluga socijalne zastite grada PancevoRazvoj lokalnih usluga socijalne zastite grada Pancevo
Razvoj lokalnih usluga socijalne zastite grada Pancevo
 

Dernier

9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
 

Dernier (20)

9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 

Zlatibor asseco-fire eye

  • 2. solutions for demanding business FireEye – Advance Threat Protection Dane Hinić Senior Consultant dane.hinic@asseco-see.rs
  • 3. solutions for demanding business 3 Traditional Security Solutions IPS Attack-signature based detection, shallow application analysis, high-false positives, no visibility into advanced attack lifecycle Secure Web Gateways Some analysis of script- based malware, AV, IP/URL filtering; ineffective vs. advanced targeted attacks Desktop AV Signature-based detection (some behavioral); ineffective vs. advanced targeted attacks Anti-Spam Gateways Relies largely on antivirus, signature- based detection (some behavioral); no true spear phishing protection Firewalls/NGFW Block IP/port connections, applicatio n-level control, no visibility Despite all this technology 95% of organizations are compromised
  • 4. solutions for demanding business Multi-Staged Cyber Attack Exploit Detection is Critical All Subsequent Stages can be Hidden or Obfuscated 1 Callback Server IPSFile Share 2 File Share 1 Exploit Server 5 32 4 1. Exploitation of System 2. Malware Executable Download 3. Callbacks and Control Established 4. Lateral Spread 5. Data Exfiltration Firewall 4
  • 5. solutions for demanding business What Is An Exploit? Compromised webpage with exploit object 1. Exploit object rendered by vulnerable software 2. Exploit injects code into running program memory 3. Control transfers to exploit code Exploit object can be in ANY web page An exploit is NOT the same as the malware executable file! 5
  • 6. solutions for demanding business Structure of a Multi-Flow APT Attack Exploit Server Embedded Exploit Alters Endpoint 1 6
  • 7. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Embedded Exploit Alters Endpoint 1 Callback2 7
  • 8. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 8
  • 9. solutions for demanding business Structure of a Multi-Flow APT Attack Callback ServerExploit Server Encrypted Malware Command and Control Server Embedded Exploit Alters Endpoint 1 Callback2 Encrypted malware downloads 3 Callback and data exfiltration 4 9
  • 10. solutions for demanding business FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE 10
  • 11. solutions for demanding business Who detected the attack first? (Detections by month) 0 5000 10000 15000 20000 25000 30000 07/13 08/13 09/13 10/13 11/13 12/13 FireEye found First Detected by vendor in VirusTotal 11
  • 12. Industry: Government (Federal) Top APT Business Impact Backdoor.APT. Houdini(25%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Malware.Archive (68%) Malware is discovered inside archive file (ZIP, RAR) Malware.Binary (52%) Loss of sensitive financial information, e.g. credit card, banking login FireEye PoV Customers Compromised HadAPT 31 100% 39% 0.39 2.63 11058.1 11046.3 303.06 4939 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 164.75 13.95 350.44 352.55 MaxAverage(Per Week)
  • 13. Industry: High-Tech Top APT Business Impact Backdoor.APT. Gh0stRAT (40%) Remote Access Tools (RAT) that lead to loss of intellectual property, trade secret, and sensitive internal communication.Backdoor.APT. DarkComet (40%) Top Crimeware Business Impact Malware.Binary (67%) Never-seen-before malware. Signature based protection defenseless. Exploit.Kit.Neutrino (67%) Infection with several types of malware that steal credentials or restrict access to computer and demands ransom. FireEye PoV Customers Compromised HadAPT 18 100% 28% 1.46 8.66 41486.9 43022.5 86.92 3011.14 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 198.9 12.9 2708.9 2629.8 MaxAverage(Per Week)
  • 14. Industry: Financial Top APT Business Impact Backdoor.APT.Houdini (29%) Loss of sensitive information. Houdini is believed to be the developer’s name of VBS- based RAT known to target international energy industry and take part in spammed email campaign. Top Crimeware Business Impact Exploit.Browser (66%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Exploit.Kit.Neutrino (54%) Infection with several types of malware that steal credentials or restrict access to computer and demand ransom. FireEye PoV Customers Compromised HadAPT 71 99% 10% 0.78 5.68 1602.83 1405.78 174.1 3183.1 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 90.48 6.26 24.21 34.85 MaxAverage(Per Week)
  • 15. Industry: Services / Consulting / VAR Top APT Business Impact Backdoor.APT.XtremeRA T (50%) Being victim of common RATs capabilities including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. Top Crimeware Business Impact Exploit.Browser (53%) An attempt to compromise endpoint by exploiting vulnerability in the Web browser. If successful, attacker can install and execute malicious software without end users consent. Malware.Archive (53%) Malware is discovered inside archive file (ZIP, RAR) FireEye PoV Customers Compromised HadAPT 19 100% 11% 1.75 20.77 83.06 52.15 151.15 187.85 Web Exploit Malware Download Unique Malware Unique Callback Impacted Hosts 18.05 12.23 5.57 13.34 MaxAverage(Per Week)
  • 16. solutions for demanding business FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention DynamicThreat Intelligence NetworkThreat Prevention ContentThreat Prevention MobileThreat Prevention EndpointThreat Prevention EmailThreat Prevention

Notes de l'éditeur

  1. Note:Threats @ perimeter – Network Threat Prevention PlatformData Center – Content Threat Prevention Platform for latent malwareObviously many people are now bringing in mobile devices… with Mobile Threat Prevention, we are able to leverage MVX to now analyze the new class of threats – threats via mobile apps. E.g. apps stealing contacts via mobile apps, which provides the attacker the email information (and legally valid sources) for the next stage of attackOn the endpoint, Mandiant brings us the MSO product, which will be rebranded into the FireEye platform as the Endpoint Threat Prevention PlatformFinally, we have the Email threat Prevention Platform for the spearphishing attacks that attackers use to penetrate organizations.The Threat Analytics Platform is a new product for analyzing advanced threats using a combination of of event logs and security device logs with homegrown threat intelligence from FireEye.