1 / 8

Who is MANDIANT?

Who is MANDIANT?. Engineers, consultants, authors, instructors & security experts Chased criminals attacking the Fortune 500, govt. contractors, and multi-national banks Responded to over 1 million compromised systems in over 60 organizations

julianne
Télécharger la présentation

Who is MANDIANT?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Who is MANDIANT? • Engineers, consultants, authors, instructors & security experts • Chased criminals attacking the Fortune 500, govt. contractors, and multi-national banks • Responded to over 1 million compromised systems in over 60 organizations • Find evil & solve crime through our products & services

  2. Services • Incident Response • Incident Response Management • Malware Analysis • Program Development • Incident Response Exercises • Computer Forensics • Forensic Examination • Litigation Support • Expert Testimony • Application & Network Security • Application & Network Assessments • Secure SDLC • Product Testing • Wireless Assessments • Penetration Testing • Social Engineering • Architecture Design • Research & Development • High-Sensitivity • Emerging Issues • Cutting Edge

  3. The threats

  4. MIR (Host Interrogations) • Made expressly for incident responders • Based on years of IR knowledge • Built by experienced system developers • The right forensic features • Plus real scalability • Equals enterpriseIR at speed • Faster, less disruptive, less expensive • Repeatable, more accurate investigations • Comprehensively evaluate the environment

  5. Accelerating enterprise IR MIR Controller and Agents deployed pervasively… or only to systems of interest. Investigate entire infrastructure or just a subset based on your needs. Use MANDIANT provided Indicator of Compromise DB or develop your own. Remediation based on a more complete scope of the attack. Organization postured to re-scan with new IOCs or conduct deep-dive investigations on specific assets.

  6. NTAP Service (Network Analysis) • Identify Intruder Activities in Near Real-Time • Detect and collect known malicious network traffic • Automatically perform post processing and decryption (when possible) • Describe Attackers Activities and Movement • Determine intent and process of compromise • Determine and understand intruders targeting and methodologies • Discover exfiltrated data from encrypted network streams (when possible) • Provide an Actual Damage Assessment of Attackers Activities

  7. What’s an indicator? File Path: \system32\mtxes.dll File Name: Ripsvc32.dll OR Service DLL: Ripsvc32.dll PE Time Stamp: 2008/04/04 18:14:25 MD5: 88195C3B0B349C4EDBE2AA725D3CF6FF Registry Path: \Services\Iprip\Parameters\ServiceDll AND Registry Text: Ripsvc32.dll File Name: SPBBCSvc.exe File Name: hinv32.exe OR File Name: vprosvc.exe AND File Name: wuser32.exe File Size: 50,000 to 90,000

  8. Washington, DC • 675 N. Washington Street • Suite 210 • Alexandria, VA 22324 • (703) 683-3141 • New York • 24 West 40th • 9thFloor • New York, NY 10018 • (212) 764-0435 • Los Angeles • 400 Continental Blvd • El Segundo, CA 90245 • (310) 426-2151

More Related