280 likes | 687 Vues
Advanced Persistent Threat Assessment Services. AT&T Security Solutions. APT Attacks on the Rise. RSA. Lockhead Martin. Stolen records (APT). Visa. SONY. PayPal. Major Breach . Oak Ridge National Laboratory. MasterCard. Google. Citi.
E N D
Advanced Persistent Threat Assessment Services AT&T Security Solutions
APT Attacks on the Rise RSA Lockhead Martin Stolen records (APT) Visa SONY PayPal Major Breach Oak RidgeNational Laboratory MasterCard Google Citi Stuxnet disables Iranian nuclear power plant (APT) Stolen search source code (Operation Aurora – APT) Major data breach Anonymous attacks (DDOS) APT event Major Breaches (DDOS/APT) 2/10 3/10 4/10 5/10 6/10 7/10 8/10 9/10 10/10 11/10 12/10 1/11 2/11 3/11 4/11 5/11 6/11 7/11 8/11 PBS Russian APT (Lurid/APT) Egypt Breach LulzSecPosting WikiLeaks revenge (DDOS)
Advanced Persistent Threat -Definition Advanced • Taking advantage of latest techniques • Leverages Open Source Intelligence and Social Networks • Usually involves knowledge of specific operating system or application compromises • Code Reversing and Fuzzing techniques can help locate unique weaknesses in specific targeted systems Persistent • Intent dedication –resilience even after system reboot • Almost always has a (C&C) Command and Control capability • Patient / Latent ability … can go to sleep for months Threat • Signatures / Vectors
APT Attack and Exploitation Lifecycle • Reconnaissance • Step 1 • Initial Intrusion into the Network • Step 2 • Establish a Backdoor into the Network • Step 3 • Obtain User Credentials • Step 4 • Step 5 • Install Various Utilities • Step 6 • Privilege Escalation / Lateral Movement / Data Exfiltration • Step 7 • Maintain Persistence
Advanced Persistent Threat What you should know Valid, high impact risk • Targets your core valuables, your security • Persistent, stealthy, controlled, exfiltration Needs focused, ongoing action • Step Up Your Game • Take actions that Prevent, Detect and Respond Reduce the attack surface and inevitable response time • Focus on your key targets • Incremental, actionable approaches (existing, new)
Features and Potential Benefits The review covers three main areas of interest: • Operational Readiness Review • Network Architecture Assessment • Social Engineering Review This assessment helps you: • Assess how prepared your organization is to detect and respond to a targeted or advanced threat • Identify vulnerabilities in your security which could be used by a sophisticated actor to gain access • Heighten the capabilities of your team to respond to a targeted cyber attack
How can you prepare? 1 2 3 Get visibility into threats beyond the edge of your network Get visibility and analysis into what’s happening inside your network Monitor and address Advanced Persistent Threats in real-time 24/7/365
APT Preparedness Assessment • Evaluates your organization’s ability to detect, resist and respond to a targeted or advanced threat. • Helps organizations understand their exposure to targeted threats, including Advanced Persistent Threats (APT), and take action to reduce their risk of compromise. • Assessment Components • Target Definition • Operational Readiness Review • Network Architecture Review • Social Engineering Assessment
APT Preparedness Assessment Steps • Identify and classify business assets and data stores • Conduct vulnerability assessment across critical infrastructure • Quantify risk with highest value assets and highest vulnerabilities atop the list • Review security measures protecting critical business assets • Identify incident response team (including legal and business owners) • Communication plan, including law enforcement if necessary • Schedule/conduct incident response dry run • Identify key individuals most likely to be the target of social engineering attacks (due to high levels of access) • Implement aggressive access control by restricting network access of key individuals to ‘business need to know’ • Employee training- Prioritize high-risk individuals and work groups
Elevator Pitch Assess your current state and assets What would motivate an adversary to target your organization 1 Identify risk from Advanced Threats Correlate your current state to the risk from Advanced Persistent Threat (APT) actors 2 Questions on your Business Client’smind How do I protect my organization and its assets? What organized elements may be targeting our organization? How can we detect Advanced Persistent Threats when they strike? How do we determine if our organization has already been compromised? How vigilant are our employees to the types of methods APT actors may use?