©2012 bit9. all rights reserved. criminal enterprises broad-based and targeted attacks financially...
TRANSCRIPT
©2012 Bit9. All Rights Reserved
Criminal Enterprises• Broad-based and
targeted attacks• Financially motivated• Getting more
sophisticated
Hactivists• Targeted and
destructive attacks• Unpredictable
motivations• Generally less
sophisticated
Nation-States• Targeted and
multi-stage attacks • Motivated by
information and IP• Highly sophisticated,
endless resources
The Advanced Threat Landscape
Acceleration of Intellectual Property Loss: Significant Breaches of 2012
Jan Feb Mar Apr May Jun July Aug Sept OctJan Feb Mar Apr May Jun July Aug Sept Oct Nov
2013 is not starting off any better…..
Recent findings from Mandiant
Telvent (Schneider Electric) successfully hacked into by Comment Crew (cybercrime crew)• Power Grids• Oil & Gas• Transportation• Water• Global services• And more!
Java Problems
Attackers adjust their approach.. Do adjust your defense?
Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook)
Palo Alto Networks put out a study recently finding:• Attackers have shifted from email exploits to web-based exploits• Web pages load instantly and can be tweaked on the fly versus waiting for
email attack to work• 94% of undetected malware came from web-browsers or web proxies• 95% of the FTP based exploits were never detected by anti-virus• 97% used non-standard ports to infect systemsPalo Alto recommends the following:• Investigate unknown traffic• Restrict rights to DNS domains• Real-time detection and blocking• More fully deployed antimalware technology
Have Hackers invented something earth shattering?
USA Today on 3/27/13 by Geoff Collins
Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes.But consider this: a vast majority of hacks are stunningly simple to deflect.
president of product management at 1E
What they found out….. Really?
Australia's Defense Signals Directorate (DSD) and the U.S. National Security Agency (NSA) independently surveyed the techniques hackers used to successfully penetrate networks. NSA , in partnership with private experts, and DSD each came up with a list of measures that stop almost all attacks.DSD found that just four risk reduction measures block most attacks. Agencies and private companies implementing these measures saw risk fall by 85 percent and, in some cases, to zero.
president of product management at 1E
So what ARE the four simple measures?
First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems and software. This is very rapid patching of softwareThe fourth is minimizing the number of people on a network who have "administrator" privileges.
president of product management at 1E
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
Trust-based Security: A New Approach
REQUIREMENTS
Real-time visibilityEvery server/desktop/laptopEvery executable and invocationEvery critical system resource
Define your trust policiesWhat do you trust? (all else is “untrusted” by default)
Apply your trust policiesDetectionProtectionIncident response/forensics
Only trusted software
Desktops/laptops
PC
Mac
Kiosks
Fixed-function
ATMs
Point of sale
Virtual/physical
servers
Cloud-based servers
Mobile
Database • Applications •
Email •Storage •
VDI •Domain •
Controllers •
PROACTIVE1
2
3
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
©2012 Bit9. All Rights Reserved
Analyze Behavior
Complementary and Integrated Technologies
Proactively Protect
Prioritize Alerts
Scope Infection
Unprecedented Protection Against Advanced Threats
Real-time endpoint sensor
Stops untrusted software
File inventory & audit trail
Desktops/laptop
Fixed-function
Virtual/physical
servers
Network monitoringDetonates files
Malware notifications
web traffic
file share
Automatically
Sensor Strategy – Faster Response & Improved Security
Immediate access to any file on any system across the enterprise and automatically submits it for detonation and analysis.
3
4
1 Combine a real-time endpoint sensor and continuous recorder with network detection to automatically confirm and prioritize alerts
2
Automatically configure trust-based endpoint and server protection based on events identified by network file analysis
Immediate enterprise-wide visibility into all systems infected by malware discovered by network detection
Industry FIRSTS:
+
Bit9 Integration with Leaders in Network Security
Incoming files on network
“Detonate” files for analysis
Submit files
Transfer alerts
Next-Generation Network Security
Prioritize alertsProtect endpoints and servers Remediate by identifyingaffected endpoints and servers
Next-GenerationEndpoint and Server
Security
Correlate endpoint/server
and network data
Analyze files on endpoints and servers
Retrieve files from endpoints and
servers
Addressing Critical Security Challenges
“Prioritize: I am receiving network malware alerts, how do I prioritize them?”
“Analyze: an unknown file arrived on an endpoint or server: is it malware?
Did the malware land on my machines?How many machines?Did it execute?How severe is the threat?
How do I immediately ban the malware from all endpoints and servers?
What will it do if I allow it to execute?Should I ban it or approve it?Am I going to approve an APT?
“Protect: How do I stop the malware from spreading?”
1
3
4
2
“Remediate: Where do I start remediation?”Which machines are affected?Who is patient zero?What else happened around this time?
©2012 Bit9. All Rights Reserved