watering hole attacks: detect end-user compromise before the damage is done
DESCRIPTION
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks. These can be very difficult to detect since they happen as users are going about their normal business. Join us a technical demo to watch a live example of this attack and how to detect it immediately using AlienVault USM.TRANSCRIPT
Live Demo: Get Complete Security Visibility in Under 1 Hour
@AlienVault
1. Determine Target Group
• Attacker Identifies Websites to Target
- Based on observation or guessing
- Compromising a well-known, legitimate site avoids blacklist issues
• Examples
- Compromise a desirable applet
- Redirect visitors to malicious site
- Inject
Watering Hole Attack in 4 Easy Steps
@AlienVault
2. Identify Vulnerabilities on those Websites• Test web servers, ad servers, web apps, etc for vulnerabilities
to exploit
3. Inject Threat into Website • For example, inject HTML or JavaScript to redirect victims to
sites hosting malware
Watering Hole Attack in 4 Easy Steps
@AlienVault
4. Sit in the Tall Grass and Wait for Targets to Come to You
- Redirected from compromised site- Eventually compromised by
download of malware
Watering Hole Attack in 4 Easy Steps
@AlienVault
powered by AV Labs Threat
Intelligence
USMASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability Monitoring
SECURITY INTELLIGENCE• SIEM Event Correlation• Incident Response
THREAT DETECTION• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
USM Product Capabilities
@AlienVault
AlienVault Labs threat intelligence:Coordinated Analysis, acti onable guidance
Weekly updates that cover all your coordinated rule sets: Network-based IDS signatures Host-based IDS signatures Asset discovery and inventory database updates Vulnerability database updates Event correlation rules Report modules and templates Incident response templates / “how to” guidance for each alarm Plug-ins to accommodate new data sources
Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
@AlienVault
AlienVault Labs Threat Intelligence:Coordinated Analysis, actionable Guidance
• Updates every 30 minutes• 200-350,000 IP validated daily• 8,000 Collection points• 140 Countries
@AlienVault
Unified Security Management
Complete. Simple. Affordable.
Delivery Options: Hardware, Virtual, or Cloud-based appliances
Open-Source version (OSSIM) also available
AlienVault USM provides the five essential security capabilities in one, pre-integrated platform
Unified Security Management (USM) Platform AlienVault Labs Threat Intelligence AlienVault Open Threat Exchange
More Questions? Email
NOW FOR SOME Q&A…
Test Drive AlienVault USMDownload a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http
://www.alienvault.com/live-demo-site