08448380779 Call Girls In Friends Colony Women Seeking Men
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
1. The Custom Defense against Advanced Threat
Deep Discovery
Confidential | Copyright 2012 Trend Micro Inc.
Gastone Nencini
Trend Micro Italy Leader and Snr. Technical
Manager Trend Micro Southern Europe
2. Global Threat Intelligence - Smart Protection Network
10/1/2013 Confidential | Copyright 2012 Trend Micro Inc.
THREAT DATA
CUSTOMERS
THREAT
INTELLIGENCE
Identifies
Global
We look in
more places
Broad
We look at
more threat
vectors
Correlated
We identify all
components
of an attack
Proactive
We block
threats at
their source
1.15B Threat
Samples Daily
90K malicious
threats daily
200M Threats blocked daily
THREAT-ACTORS
FILES
MOBILE/APPS
EXPLOIT KITS
URLS
IP ADDRESSES
NETWORK
TRAFFIC
DOMAINS
VULNERABILITIES
DEPUIS 2008
3. Today’s Attacks: Social, Sophisticated, Stealthy!
Copyright 2013 Trend Micro Inc.
Attackers
Moves laterally across network
seeking valuable data
Establishes link to
Command & Control server
Extracts data of interest – can
go undetected for months!
$$$$
Gathers intelligence about
organization and individuals
Targets individuals
using social engineering
Employees
4. Copyright 2013 Trend Micro Inc.
Attackers
Moves laterally across network
seeking valuable data
Establishes link to
Command & Control server
Extracts data of interest – can
go undetected for months!
$$$$
Gathers intelligence about
organization and individuals
Targets individuals
using social engineering
Employees
Network Admin
Security
1.8 successful attacks per week / per large organization1
21.6% organizations experienced APT attacks2
Malware engineered and tested to evade your standard
gateway/endpoint defenses
A custom attack needs a custom defense!
1: Source: 2012 Ponemon Study on costs of Cybercrime
2: Source: ISACA APT Awareness Study, 2013
6. Cyberwar on your network
More frequent More targeted More money More sophiticated
• 1 new threat each second 1
• 1 cyber-intrusion each 5 minutes 2
• 67 % of infrastructure can’t block a custom
& targeted attack 3
• 55 % of companies didn’t detected the
breach 1
Source : 1: Trend Micro, 2 : US-Cert 2012, 3 : Ponemom Institute 2012
7. Security by signature is not enough
10/1/2013 7Confidential | Copyright 2012 Trend Micro Inc.
Basic malware
Phishing
Exploitation tools
Malicious website
Common
vulnerabilities
Discovery tools
SWG NG
FW
Document
exploit
0-DayObfuscated
Javascript
Polymorphic
payload
Crypted
RAT
Watering
Hole Attack
Spear
Phishing
C&C
communications
IPS AV