1 / 21

Protection Against Spear Phishing and Modern Cyber Threats

Protection Against Spear Phishing and Modern Cyber Threats. Evolving Threat Landscape. 75% of threats are targeted at 50 computers or less 2/3 of breaches are detected by 3 rd party U.S. Government probed 1.8B times / month Motivation PII / Credit Card Data Intellectual Property

kirti
Télécharger la présentation

Protection Against Spear Phishing and Modern Cyber Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protection Against Spear Phishing and Modern Cyber Threats

  2. Evolving Threat Landscape • 75% of threats are targeted at 50 computers or less • 2/3 of breaches are detected by 3rd party • U.S. Government probed 1.8B times / month • Motivation • PII / Credit Card Data • Intellectual Property • Hactivism

  3. Endpoint is a Massive Blind Spot For Every 10 New Threats • ~60,000,000 AV signatures 5 2 3 Stopped Maybe Evade Protection

  4. Endpoint Protection Gap Network IDS/IPS HIPS BEHAVIOR RULES Protection AV SIGNATURES Remove Admin Rights AURORA CONFICKER Advanced Threats ZEUS HERE YOU HAVE RSA Breach PATCHED APPS Delivery DISTRIBUTED APPS BASE SYSTEM IMAGE

  5. Phishing … A Click Away

  6. The Advanced Persistent Threat … 5 Steps … Phishing Drops Malware Malware Creates a Back Door Malware Morphs & Moves Laterally Data is Gathered Remote Command & Control Exfiltrates Data 1 2 3 4 5

  7. The New Strategy for Advanced Threats Advanced Network Protection Advanced Endpoint Protection SIEM – APT Event Consolidation Traditional Endpoint Protection Traditional Network Protection

  8. Bit9 Architecture Clients Management Server Software Reputation Service Laptops CONSOLE desktops servers GLOBAL SOFTWARE REGISTRY kiosks Bit9 Parity server MSFT SQL SERVER Active Directory server ATMs Point of sale

  9. Adaptive Application Whitelisting Bit9 Blacklist Trusted Updaters Blacklist Policies HIPS Behavioral Rules Skype.exe <MD5 Hashes> Keyloggers Adobe Cisco Symantec AV Signatures Remove Admin Rights Trusted Directories Bit9 Software Bans E:\wsus\* S:\sms\distribution L:\library\* ? ?? WHITELIST Policies Trusted Updaters Trusted Publishers WHITELIST Policies Trusted Directories WHITELIST Policies Adobe Apple Microsoft Trusted Publishers WHITELIST Policies Trusted Users Trusted Users WHITELIST Policies Confirm the Integrity of Existing Software TMurphy BGates BObama

  10. Remediation: Closing The Endpoint Gap Blacklist Default Open Monitor Policy ? Allow Execution ? ?? ? Deny Execution ? Ask User BeforeExecution WHITELIst User Asked For Permission Block and Ask Policy Default Deny Flexible Lockdown Policy

  11. Prevention Powered by Application Whitelisting ? ? Policy/Event Server Trusted-Only Policy ? ? Trusted Publisher Trusted User Trusted Directory Trusted Updater ? Execution Allowed ? ? No Trust Established Botnets Rootkits Infected USB Drive Spoof AV Targeted Attacks Execution Blocked

  12. Detection Powered By Intelligent Threat Filters Targeted Attack Filter Known Bad Software Filter Filter Filter Untrusted Software Continuous Monitoring Of All Software Baseline Trusted Software … untrusted software installed by Adobe Acrobat originating within a PDF file … untrusted software installed by a Microsoft Office product … untrusted software installed less than 5 mins after a USB drive was inserted

  13. Can’t Assume Trust?

  14. Case Study: Stopping “RSA” APT • History of events • Early March – Customer informs Bit9 of APTattack. Acknowledges that Bit9 detected and stopped the attack. Customer then worked directly with Adobe to help identify flash vulnerability and provide a patch. • March 17 – RSA Security announces they were breached by similar attack • March 18 – Press spreads news of RSA breach • What we know • Bit9 stopped same APT that breached RSA Security before anyone was even aware of the attack • Bit9 solution would have protected RSA Security • Advanced Network Security (NetWitness) helped detect the attack in progress (spotted encrypted outbound packets) but damage already done Targeted phishing attack used Email containing an Excel file with embedded Flash that exploited a zero-day vulnerability in Adobe Flash.

  15. Product Reviews 9.4/10 5/5 Highest Rating Ever Given Perfect Score; Great Value

  16. Take Back Control Reduce Risk • Stop Tomorrow’s Malware Today • Maintain Configuration Integrity Ensure Compliance • • Audit All Changes • Only Allow Trusted Changes Improve Manageability • Prevent Configuration Drift • Drastic Reduction in Support Calls

  17. Digital Forensics: Finding the Needle in the Haystack • 60-100K files on typical confiscated computer • 25K are executable • Deadlines loom • Manual, time intensive process

  18. Shrinking the Haystack:Bit9 Analyzer for Guidance EnCase® • An integrated hash database for EnCase • Filters executables as: • Unknown • Known Malware • Known Good • Possible Malware • Backed by Bit9 Global Software Registry • The largest, most up-to-date software reputation service in the world

  19. Benefits • Considerably reduction in cost of manual effort related to investigation and audit through integrated queries to GSR database. • Enhances the quality of cyber forensics by eliminating false positives • High time-to-value for forensic analysts through automated validation and filtering • Dramatically reduces security risk through damage control and breach identification

  20. Bit9 Analyzer for Guidance EnCase®Case Study: Major Healthcare Organization • Incident: Network Intrusion • Team: IT network security specialist • Challenge: Exposed vulnerability allowing continued exploit and intrusion • Solution: Bit9 Analyzer used to evaluate systems, disqualify known good files. • Results: Shortened resolution by 2-3 days

  21. Bit9 Confidential

More Related