SlideShare a Scribd company logo

festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro

festival ICT 2016
festival ICT 2016
Technology
1 of 22
Download to read offline
The Custom Defense against Advanced Threat Deep Discovery Confidential | Copyright 2012 Trend Micro Inc. Gastone Nencini Trend Micro Italy Leader and Snr. Technical Manager Trend Micro Southern Europe
Global Threat Intelligence - Smart Protection Network 10/1/2013 Confidential | Copyright 2012 Trend Micro Inc. THREAT DATA CUSTOMERS THREAT INTELLIGENCE Identifies Global We look in more places Broad We look at more threat vectors Correlated We identify all components of an attack Proactive We block threats at their source 1.15B Threat Samples Daily 90K malicious threats daily 200M Threats blocked daily THREAT-ACTORS FILES MOBILE/APPS EXPLOIT KITS URLS IP ADDRESSES NETWORK TRAFFIC DOMAINS VULNERABILITIES DEPUIS 2008
Today’s Attacks: Social, Sophisticated, Stealthy! Copyright 2013 Trend Micro Inc. Attackers Moves laterally across network seeking valuable data Establishes link to Command & Control server Extracts data of interest – can go undetected for months! $$$$ Gathers intelligence about organization and individuals Targets individuals using social engineering Employees
Copyright 2013 Trend Micro Inc. Attackers Moves laterally across network seeking valuable data Establishes link to Command & Control server Extracts data of interest – can go undetected for months! $$$$ Gathers intelligence about organization and individuals Targets individuals using social engineering Employees Network Admin Security 1.8 successful attacks per week / per large organization1 21.6% organizations experienced APT attacks2 Malware engineered and tested to evade your standard gateway/endpoint defenses A custom attack needs a custom defense! 1: Source: 2012 Ponemon Study on costs of Cybercrime 2: Source: ISACA APT Awareness Study, 2013
Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security Copyright 2013 Trend Micro Inc.
Cyberwar on your network More frequent More targeted More money More sophiticated • 1 new threat each second 1 • 1 cyber-intrusion each 5 minutes 2 • 67 % of infrastructure can’t block a custom & targeted attack 3 • 55 % of companies didn’t detected the breach 1 Source : 1: Trend Micro, 2 : US-Cert 2012, 3 : Ponemom Institute 2012
Security by signature is not enough 10/1/2013 7Confidential | Copyright 2012 Trend Micro Inc. Basic malware Phishing Exploitation tools Malicious website Common vulnerabilities Discovery tools SWG NG FW Document exploit 0-DayObfuscated Javascript Polymorphic payload Crypted RAT Watering Hole Attack Spear Phishing C&C communications IPS AV
Let Me Google That For You
Threat profiling through Smart Protection Network & Threat Connect Origin ? Risk ? Channel ? Trend Micro Custom Defense 10/1/2013 9Confidential | Copyright 2012 Trend Micro Inc. Advanced network monitoring techcnologies to analyze low signals (0-day, c2c, sqli, dbdump…) DETECT ANALYZE ADAPTRESPONSE Instant protection through custom signature (IP, dns, url, file…) Full cleaning with detailed profiling and advanced analysis tools
Catch everythings with Deep Discovery 10/1/2013 10Confidential | Copyright 2012 Trend Micro Inc. Malicious content • Embedded doc exploits • Drive-by downloads • Zero-day • Malware Suspicious communication • C&C access • Data stealing • Worms • Backdoor activity… Attack behavior • Propagation & dropper • Vuln. scan & bruteforce • Data exfiltration… HTTP SMTP TCP ... SMB DNS FTP P2P More than 80 protocols analyzed Network Content Inspection Engine Advanced Threat Security Engine IP & URL reputation Virtual Analyzer Network Content Correlation Engine
Trend Micro Virtual Analyzer • Custom OS image • Execution accelerated • Anti-VM detection • 32 & 64 bits • Run binaries, documents, URL... 10/1/2013 11Confidential | Copyright 2012 Trend Micro Inc. WinXP SP3WinXP SP3 Win7 Base Win7 Base Isolated Network Your Custom Sandbox Live monitoring • Kernel integration (hook, dll injection..) • Network flow analysis • Event correlation Filesystem monitor Registry monitor Process monitor Rootkit scanner Network driver Fake Explorer Fake Server Fake AV API Hooks Win7 Hardened Win7 Hardened Core Threat Simulator LoadLibraryA ARGs: ( NETAPI32.dll ) Return value: 73e50000 LoadLibraryA ARGs: ( OLEAUT32.dll ) Return value: 75de0000 LoadLibraryA ARGs: ( WININET.dll ) Return value: 777a0000 key: HKEY_CURRENT_USERLocal SettingsMuiCache4852C64B7ELanguageList value: key: HKEY_CURRENT_USERSoftwareMicrosoftOnheem20bi1d4f Write: path: %APPDATA%Ewadaeqawoc.exe type: VSDT_EXE_W32 Injecting process ID: 2604 Inject API: CreateRemoteThread Target process ID: 1540 Target image path: taskhost.exe socket ARGs: ( 2, 2, 0 ) Return value: 28bfe socket ARGs: ( 23, 1, 6 ) Return value: 28c02 window API Name: CreateWindowExW ARGs: ( 200, 4b2f7c, , 50300104, 0, 0, 250, fe, 301b8, f, 4b0000, 0 ) Return value: 401b2 internet_helper API Name: InternetConnectA ARGs: ( cc0004, mmlzntponzkfuik.biz, 10050, , , 3, 0, 0 ) Return value: cc0008 ....... Modifies file with infectible type : eqawoc.exe Inject processus : 2604 taskhost.exe Access suspicious host : mmlzntponzkfuik.biz Modifies file with infectible type : eqawoc.exe Inject processus : 2604 taskhost.exe Access suspicious host : mmlzntponzkfuik.biz !
Deep Discovery portfolio 10/1/2013 12Confidential | Copyright 2012 Trend Micro Inc. Deep Discovery Inspector Threat profil export (IOC, hash) • Network Appliance All-in-One 100 Mbps, 250 Mbps, 500 Mbps, 1 Gbps • Bare Metal (custom appliance) • Virtual Appliance Plug & Protect Deep Discovery Advisor • Automatic Analysys Labs • Live detailled dashboard • Custom reports • Multi-box (5 nodes, 50k files/day) Integrated into Trend Micro solutions API & scripting
Dynamic blacklist App Server Storage 10/1/2013 13Confidential | Copyright 2012 Trend Micro Inc. Inspector Advisor Deep Discovery Simple & Efficient ! SMTP relay Web proxy ! ! Mail Server Endpoint ! af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... Infection & payload Lateral movement C&C callback 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature
Web proxy ATP Integration Native Advanced Protection 10/1/2013 14Confidential | Copyright 2012 Trend Micro Inc. Dynamic blacklist App Server Storage Advisor ! SMTP relay Mail Server Endpoint ! af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... ! ScanMail IWSva IMSva Infection & payload C&C callback Endpoint Sensor OfficeScan * Deep Security * 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature
ATP Integration Native Advanced Protection 10/1/2013 15Confidential | Copyright 2012 Trend Micro Inc. Dynamic blacklist Advisor ! Mail Server af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... ! ScanMail Infection & payload C&C callback OfficeScan 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature TMCM CCCA DB ATSE
Detect…
Detect…
…then React Human readable
Open architecture 10/1/2013 19Confidential | Copyright 2012 Trend Micro Inc. Deep Discovery Dynamic blacklist af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature 3rd party SIEM (CEF/LEEF) WEB API Web Proxy SMTP Relay Network Capture Firewall * Notable Characteristics Network packet DetectionsDetections Threat ProfilesThreat ProfilesAnalysisAnalysis Custom C&CCustom C&C
Why Deep Discovery ? 10/1/2013 20Confidential | Copyright 2012 Trend Micro Inc. • Multi-engine for analysis and correlation • Empower Smart Protection Network • CustomVirtual Analyzer sandbox • Access to TrendLabs Security Expert Dynamic advanced security Plug & Protect • High Throughput Network Analysis • Flexible architecture: HW, SW, VM • Fast forensics & custom signature
Making your Cyber-Defense together 10/1/2013 21Confidential | Copyright 2012 Trend Micro Inc. 21Confidential | Copyright 2012 Trend Micro Inc. Threat Education Services Advanced Threat Detection Technology Threat Security Advisor Threat Intelligence Service Cyber Attack Analysis
Thanks

Recommended

Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterVMUG IT
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 

Recommended

Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterVMUG IT
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018African Cyber Security Summit
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018African Cyber Security Summit
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityDragos, Inc.
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 

More Related Content

What's hot

CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityDragos, Inc.
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICSDragos, Inc.
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 

What's hot (20)

CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial Security
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in Perspective
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 

Similar to festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro

Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxCompanySeceon
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunk
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 

Similar to festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro (20)

Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Partner Welcome Kit
Partner Welcome KitPartner Welcome Kit
Partner Welcome Kit
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakout
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 

More from festival ICT 2016

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...festival ICT 2016
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015festival ICT 2016
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...festival ICT 2016
 
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...festival ICT 2016
 
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...festival ICT 2016
 
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...festival ICT 2016
 
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015festival ICT 2016
 
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...festival ICT 2016
 
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015festival ICT 2016
 
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015festival ICT 2016
 
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...festival ICT 2016
 
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015festival ICT 2016
 
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...festival ICT 2016
 
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...festival ICT 2016
 
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...festival ICT 2016
 
Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015festival ICT 2016
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...festival ICT 2016
 
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution... Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...festival ICT 2016
 
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...festival ICT 2016
 

More from festival ICT 2016 (20)

Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
 
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
Favorire lo sviluppo di applicazioni native Cloud: lo Smart SaaS Program - by...
 
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
I vantaggi di un’infrastruttura unica nell’erogazione dei servizi IT networke...
 
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...LibreOffice: software libero e formati standard - by LibreItalia - festival I...
LibreOffice: software libero e formati standard - by LibreItalia - festival I...
 
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
Come rendere più collaborative le tue riunioni - by Epson - festival ICT 2015
 
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
Case Study TWT: North Sails ha rivoluzionato il modo di lavorare - by TWT - f...
 
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
Il mio ufficio è sempre con me. E il tuo? - by TWT - festival ICT 2015
 
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
Non adeguatevi al Cloud - by Clouditalia - festival ICT 2015
 
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
Impatto privacy della video analisi nei sistemi di video sorveglianza intelli...
 
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
Web reputation, le verità nascoste dell’identità digitale - festival ICT 2015
 
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
Privacy e non profit online: profilazioni digitali di donatori e aderenti nel...
 
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
L'importanza del controllo nelle operazioni di Data Wiping - Sprint Computer ...
 
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
Il dato è tratto: il lato B della mobilità tra privacy e reati informatici - ...
 
Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015Web e privacy, le nuove regole per i cookies - festival ICT 2015
Web e privacy, le nuove regole per i cookies - festival ICT 2015
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
 
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution... Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
Nuvole e metallo: Infrastruttura e servizi Cloud based - by Hosting Solution...
 
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
Definire, configurare ed implementare soluzioni scalabili su sistemi di Cloud...
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro

  • 1. The Custom Defense against Advanced Threat Deep Discovery Confidential | Copyright 2012 Trend Micro Inc. Gastone Nencini Trend Micro Italy Leader and Snr. Technical Manager Trend Micro Southern Europe
  • 2. Global Threat Intelligence - Smart Protection Network 10/1/2013 Confidential | Copyright 2012 Trend Micro Inc. THREAT DATA CUSTOMERS THREAT INTELLIGENCE Identifies Global We look in more places Broad We look at more threat vectors Correlated We identify all components of an attack Proactive We block threats at their source 1.15B Threat Samples Daily 90K malicious threats daily 200M Threats blocked daily THREAT-ACTORS FILES MOBILE/APPS EXPLOIT KITS URLS IP ADDRESSES NETWORK TRAFFIC DOMAINS VULNERABILITIES DEPUIS 2008
  • 3. Today’s Attacks: Social, Sophisticated, Stealthy! Copyright 2013 Trend Micro Inc. Attackers Moves laterally across network seeking valuable data Establishes link to Command & Control server Extracts data of interest – can go undetected for months! $$$$ Gathers intelligence about organization and individuals Targets individuals using social engineering Employees
  • 4. Copyright 2013 Trend Micro Inc. Attackers Moves laterally across network seeking valuable data Establishes link to Command & Control server Extracts data of interest – can go undetected for months! $$$$ Gathers intelligence about organization and individuals Targets individuals using social engineering Employees Network Admin Security 1.8 successful attacks per week / per large organization1 21.6% organizations experienced APT attacks2 Malware engineered and tested to evade your standard gateway/endpoint defenses A custom attack needs a custom defense! 1: Source: 2012 Ponemon Study on costs of Cybercrime 2: Source: ISACA APT Awareness Study, 2013
  • 5. Custom Defense Network-wide Detection Advanced Threat Analysis Threat Tools and Services Automated Security Updates Threat Intelligence Custom Sandboxes Network Admin Security Copyright 2013 Trend Micro Inc.
  • 6. Cyberwar on your network More frequent More targeted More money More sophiticated • 1 new threat each second 1 • 1 cyber-intrusion each 5 minutes 2 • 67 % of infrastructure can’t block a custom & targeted attack 3 • 55 % of companies didn’t detected the breach 1 Source : 1: Trend Micro, 2 : US-Cert 2012, 3 : Ponemom Institute 2012
  • 7. Security by signature is not enough 10/1/2013 7Confidential | Copyright 2012 Trend Micro Inc. Basic malware Phishing Exploitation tools Malicious website Common vulnerabilities Discovery tools SWG NG FW Document exploit 0-DayObfuscated Javascript Polymorphic payload Crypted RAT Watering Hole Attack Spear Phishing C&C communications IPS AV
  • 8. Let Me Google That For You
  • 9. Threat profiling through Smart Protection Network & Threat Connect Origin ? Risk ? Channel ? Trend Micro Custom Defense 10/1/2013 9Confidential | Copyright 2012 Trend Micro Inc. Advanced network monitoring techcnologies to analyze low signals (0-day, c2c, sqli, dbdump…) DETECT ANALYZE ADAPTRESPONSE Instant protection through custom signature (IP, dns, url, file…) Full cleaning with detailed profiling and advanced analysis tools
  • 10. Catch everythings with Deep Discovery 10/1/2013 10Confidential | Copyright 2012 Trend Micro Inc. Malicious content • Embedded doc exploits • Drive-by downloads • Zero-day • Malware Suspicious communication • C&C access • Data stealing • Worms • Backdoor activity… Attack behavior • Propagation & dropper • Vuln. scan & bruteforce • Data exfiltration… HTTP SMTP TCP ... SMB DNS FTP P2P More than 80 protocols analyzed Network Content Inspection Engine Advanced Threat Security Engine IP & URL reputation Virtual Analyzer Network Content Correlation Engine
  • 11. Trend Micro Virtual Analyzer • Custom OS image • Execution accelerated • Anti-VM detection • 32 & 64 bits • Run binaries, documents, URL... 10/1/2013 11Confidential | Copyright 2012 Trend Micro Inc. WinXP SP3WinXP SP3 Win7 Base Win7 Base Isolated Network Your Custom Sandbox Live monitoring • Kernel integration (hook, dll injection..) • Network flow analysis • Event correlation Filesystem monitor Registry monitor Process monitor Rootkit scanner Network driver Fake Explorer Fake Server Fake AV API Hooks Win7 Hardened Win7 Hardened Core Threat Simulator LoadLibraryA ARGs: ( NETAPI32.dll ) Return value: 73e50000 LoadLibraryA ARGs: ( OLEAUT32.dll ) Return value: 75de0000 LoadLibraryA ARGs: ( WININET.dll ) Return value: 777a0000 key: HKEY_CURRENT_USERLocal SettingsMuiCache4852C64B7ELanguageList value: key: HKEY_CURRENT_USERSoftwareMicrosoftOnheem20bi1d4f Write: path: %APPDATA%Ewadaeqawoc.exe type: VSDT_EXE_W32 Injecting process ID: 2604 Inject API: CreateRemoteThread Target process ID: 1540 Target image path: taskhost.exe socket ARGs: ( 2, 2, 0 ) Return value: 28bfe socket ARGs: ( 23, 1, 6 ) Return value: 28c02 window API Name: CreateWindowExW ARGs: ( 200, 4b2f7c, , 50300104, 0, 0, 250, fe, 301b8, f, 4b0000, 0 ) Return value: 401b2 internet_helper API Name: InternetConnectA ARGs: ( cc0004, mmlzntponzkfuik.biz, 10050, , , 3, 0, 0 ) Return value: cc0008 ....... Modifies file with infectible type : eqawoc.exe Inject processus : 2604 taskhost.exe Access suspicious host : mmlzntponzkfuik.biz Modifies file with infectible type : eqawoc.exe Inject processus : 2604 taskhost.exe Access suspicious host : mmlzntponzkfuik.biz !
  • 12. Deep Discovery portfolio 10/1/2013 12Confidential | Copyright 2012 Trend Micro Inc. Deep Discovery Inspector Threat profil export (IOC, hash) • Network Appliance All-in-One 100 Mbps, 250 Mbps, 500 Mbps, 1 Gbps • Bare Metal (custom appliance) • Virtual Appliance Plug & Protect Deep Discovery Advisor • Automatic Analysys Labs • Live detailled dashboard • Custom reports • Multi-box (5 nodes, 50k files/day) Integrated into Trend Micro solutions API & scripting
  • 13. Dynamic blacklist App Server Storage 10/1/2013 13Confidential | Copyright 2012 Trend Micro Inc. Inspector Advisor Deep Discovery Simple & Efficient ! SMTP relay Web proxy ! ! Mail Server Endpoint ! af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... Infection & payload Lateral movement C&C callback 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature
  • 14. Web proxy ATP Integration Native Advanced Protection 10/1/2013 14Confidential | Copyright 2012 Trend Micro Inc. Dynamic blacklist App Server Storage Advisor ! SMTP relay Mail Server Endpoint ! af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... ! ScanMail IWSva IMSva Infection & payload C&C callback Endpoint Sensor OfficeScan * Deep Security * 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature
  • 15. ATP Integration Native Advanced Protection 10/1/2013 15Confidential | Copyright 2012 Trend Micro Inc. Dynamic blacklist Advisor ! Mail Server af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... ! ScanMail Infection & payload C&C callback OfficeScan 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature TMCM CCCA DB ATSE
  • 19. Open architecture 10/1/2013 19Confidential | Copyright 2012 Trend Micro Inc. Deep Discovery Dynamic blacklist af12e45b49cd23... 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... 3c4çba176915c3ee3df8 7b9c127ca1a1bcçba17 Custom Signature 3rd party SIEM (CEF/LEEF) WEB API Web Proxy SMTP Relay Network Capture Firewall * Notable Characteristics Network packet DetectionsDetections Threat ProfilesThreat ProfilesAnalysisAnalysis Custom C&CCustom C&C
  • 20. Why Deep Discovery ? 10/1/2013 20Confidential | Copyright 2012 Trend Micro Inc. • Multi-engine for analysis and correlation • Empower Smart Protection Network • CustomVirtual Analyzer sandbox • Access to TrendLabs Security Expert Dynamic advanced security Plug & Protect • High Throughput Network Analysis • Flexible architecture: HW, SW, VM • Fast forensics & custom signature
  • 21. Making your Cyber-Defense together 10/1/2013 21Confidential | Copyright 2012 Trend Micro Inc. 21Confidential | Copyright 2012 Trend Micro Inc. Threat Education Services Advanced Threat Detection Technology Threat Security Advisor Threat Intelligence Service Cyber Attack Analysis