Actors behind advanced threats
Download
Report
Transcript Actors behind advanced threats
Enterprise’ Ever-Evolving Challenge & Constraints
Minimize Business Risks
from Cybersecurity
Support
IT Initiatives
Assets,
Operations
Product,
Services
IP,
Reputation
Stay Current with New
Consumption Models
Private Cloud
Data Center
Consolidation
Mergers and
Acquisitions
Virtualized Data
Centers
Cost
Control
Cloud Computing,
SaaS, IaaS…
Outsourcing
Support
Business Priorities
Dealing with BYOD
Challenges
Enable Compliance to
Regulations
A New Threat Landscape
Advanced threat
Commodity threats
Organized cybercrime
Nation state
(very common, easily identified)
(More customized exploits
and malware)
(Very targeted, persistent, creative)
Mostly addressed by
traditional AV and IPS
Somewhat more
sophisticated payloads
Low sophistication,
slowly changing
Evasion techniques
often employed
Machine vs. machine
Intelligent and
continuous monitoring of
passive network-based
and host-based sensors
Comprehensive
investigation after an
indicator is found
Highly coordinated
response is required for
effective prevention and
remediation
Sandboxing and other
smart detection often
required
Malware trends
Actual new
malware every
< 3 seconds
After….
1 minute = 2,021 instances
15 minutes = 9,864 instances
30 minutes = 45,457 instances
Today Security Infrastructure…
Best of Breed Products
Staffing and time to market
Operations
Accuracy
Internet
FW
Network
Your investment in SIEM for normalisation of disparate solutions or as
strategic asset to help break the Attack Lifecycle?
The Cyber attack Lifecycle
Gather
intelligence
Plan the
attack
Exploit
Deliver malware
C2
Steal data
Silent infection
Malicious file
delivered
Malware
communicates
with attacker
High-value
intellectual
property stolen
Breaking the Attack Lifecycle at Multiple Points
1. Segment your network with a “zero-trust” model as the foundation for
defense
Only allow content to be accessed
By a limited and identifiable set of users
Through a well-defined set of applications
Blocking everything else
2. Block all known threats:
Threat Prevention would have identified and stopped parts of the attack
Across known vulnerability exploits, malware, URLs, DNS queries
And command-and-control activity
3. Identify and block all unknown threats:
Using the Sandboxing Solution
Using Behavioral characteristics such as
Communicating over often-abused ports (139 or 445)
Using WebDev to share information,
Changing the security settings of Internet Explorer
Modifying Windows registries and many more
6 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Breaking the Lifecycle at Every Possible Step
1
Bait the end-user
2
3
4
Exploit
Download Backdoor
Command/Control
App-ID
Block high-risk
apps
Block C2 on
open ports
URL
Block known
malware sites
Block fast-flux,
bad domains
IPS
Block the
exploit
Spyware
AV
Block spyware,
C2 traffic
Block malware
Files
Prevent driveby-downloads
Unknown
Threats
Detect 0-day
malware
7 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Block new C2
traffic
A New Breed of Malware
% Malware Without Anti-Virus Coverage
100%
64% of malware found by
Sandbox are not covered by
traditional AV at time of
detection
80%
40% of malware still
not covered after 7
days
60%
40%
20%
0%
Day 0
Day 1
8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
Turning the Unknown into Known
Rapid, global sharing
Identify & control
Prevent known
threats
Detect unknown
threats
All applications
Scans ALL applications (including SSL traffic) to secure all avenues in/out of
a network, reduce the attack surface area, and provide context for forensics
Prevents attacks across ALL attack vectors (exploit, malware, DNS,
command & control, and URL) with content-based signatures
Detects zero day malware & exploits using public/private cloud and
automatically creates signatures for global customer base
Integrated = More Than the Sum of It’s Parts
Non-standard
ports
Port-hopping
Attack
Vulnerability
exploits (IPS)
SSLsurface
& SSH
Malware
Bad web sites
Bad domains
C&C
Unknown
applications
Suspicious file
types / websites
Global
Intelligence
Bit9
Splunk
More to come
Malware
intelligence
Forensics
Apply
positive
controls
Prevent known
threats
Detect
unknown
threats
Centralised Management
Validate attack
Remediate
Enterprise-wide Policy
Summary
Evolution of your Network Security
It’s a new Threat Landscape
Need for an integrated approach
Traditional solutions no longer suffice
Focus on breaking the Attack Lifecycle, not just on the pointattack
11 | ©2013, Palo Alto Networks. Confidential and Proprietary.
12 | ©2012, Palo Alto Networks. Confidential and Proprietary.