1 / 35

Exposing APT

Exposing APT. Jason Brevnik Vice President, Security Strategy. Exposing APT level threats requires. Intelligent and diligent people Cloud to Core coverage Constant visibility and awareness Healthy distrust in operational state and compensating controls

junius
Download Presentation

Exposing APT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Exposing APT Jason Brevnik Vice President, Security Strategy

  2. Exposing APT level threats requires • Intelligent and diligent people • Cloud to Core coverage • Constant visibility and awareness • Healthy distrust in operational state and compensating controls • Personalized protections that are tested and audited • Visibility at all levels

  3. Then.

  4. The Virus! • In 1949 John von Neumann began lecturing about “Theory and Organization of Complicated Automata” - Theory of self-reproducing automata published in 1966 • The Creeper virus was unleashed on ARPANET in 1971 • Elk Cloner appeared in the wild in 1981 affecting Apple DOS 3.3 • 1986 brought the Brain virus to your PC • ... And we installed AV

  5. The worm! • Morris • And we installed the firewall • Melissa • ExploreWorm • I Love You • CodeRed • Slammer • Blaster • Sobig • Stuxnet • ...

  6. Classic firewall and AV is not enough

  7. Now

  8. It is not just in Software!

  9. Hacker Script Kiddie Advanced Persistent Threat Cybercriminal

  10. The reality

  11. Stop APT Now!

  12. Easy Picking

  13. Two factor auth won’t keep them out

  14. Today’s Reality Dynamic Threats • Organized attackers • Sophisticated threats • Multiple attack vectors Static Defenses • Ineffective defenses • Black box limits flexibility • Set-and-forget doesn’t work “Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure.” Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., “The Future of Information Security is Context Aware and Adaptive,” May 14, 2010

  15. What then?

  16. Awareness Network Know what’s there, what’s vulnerable, and what’s under attack Application Identify change and enforce policy on hundreds of applications Behavior Detect anomalies in configuration, connections and data flow Identity Know who is doing what, with what, and where

  17. EndpointRelevance End-userRelevance Intelligence ThreatIntelligence (Security Event) UserIntelligence(Context) EndpointIntelligence (Context) Forensic Analysis:Who accessed what, when, and where?

  18. Knowledge

  19. Tuning NSS – Q4 Independent Test ResultsKey Findings: Protection varied widely between 31% and 98%. Tuning is required, and is most important for remote attacks against servers and their applications. Organizations that do not tune could be missing numerous “catchable” attacks. Default Detection Tuned Detection Graphic by Sourcefire, Inc. Source data from NSS Labs“Network IPS 2010 Comparative Test Results plus 3D8260 NSS test”

  20. Your applications Your Users Your network Should it travel Is access normal Personalization Content Privilege Purpose Forensic Analysis:Who accessed what, when, and where?

  21. Is that enough?

  22. We have to learn and share

  23. Intelligent Protection: Cloud to Core

  24. Cloud to Core protection requires • Comprehensive Audit (Logs/IDS/Test) • Comprehensive Control (AAA/IPS/FW/NG*) • Pervasive Awareness Platform • Coordinated Endpoint Control • Look-back forensics capability • Physical, virtual and cloud deployment • Mobile and Consumer integration • Visibility and Openness • Depth and Personalization

  25. Questions

More Related