Targeted Attacks: Have you found yours?

1. Targeted Attacks| Have you found yours? Andy Dancer CTO EMEA
2. Traditional Security is Insufficient Advanced Empowered Elastic Persistent Threats Employees Perimeter Trend Micro evaluations find over 90% of enterprise networks contain active malicious malware! Copyright 2012 Trend Micro Inc.
3. Copyright 2012 Trend Micro Inc. 3
4. Switch of mental approach • Terrorist Paradox • Advanced Threats – We have to win all the – Many steps have to time to defend execute in turn to steal – They only have to get it my data right once to win – I only need to spot one step to thwart them Copyright 2012 Trend Micro Inc. 4
5. Custom Attacks • Today’s most dangerous attacks are those targeted 01010010 directly and specifically 100101001 10001100 at an organization — 00101110 1010101 its people, its systems, its vulnerabilities, its data. 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 5
6. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 6
7. APT Activity Specialized Threat Detection Across the Attack Sequence Malicious Content • Emails containing embedded document exploits • Drive-by Downloads • Zero-day and known malware Suspect Communication • C&C communication for any type of malware & bots • Backdoor activity by attacker Attack Behavior • Malware activity: propagation, downloading, spam ming . . . • Attacker activity: scan, brute force, tool downloads. • Data exfiltration communication
8. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Attack Analysis & Intelligence 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 9
9. Automated Analysis Bandwidth Live Cloud Lookup Advanced Heuristics Threat Intelligence Sandbox Analysis Focused Manual Investigation Output to SIEM Copyright 2012 Trend Micro Inc. 10
10. Deep Discovery Advisor Threat Intelligence Center • In-Depth Contextual Analysis including simulation results, asset profiles and additional security events • Integrated Threat Connect Intelligence included in analysis results • Enhanced Threat Investigation and Visualization capabilities • Highly Customizable Dashboard, Reports & Alerts • Centralized Visibility and Reporting across Deep Discovery Inspector units Threat Connect Intelligence
11. Deep Discovery & The Custom Defense Advanced Threat Protection Network Threat Detection Deep Discovery Adaptive Security Updates Containment & Remediation Attack Analysis & Intelligence 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 12
12. The Custom Defense Specialized Threat Deep analysis Custom security Context-relevant Detection at network based on custom blacklists & views & intel guide and protection sandboxing and signatures block rapid remediation points relevant global intel further attack response 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 13
13. The Custom Defense In Action Advanced Email Protection InterScan Messaging Security or ScanMail Anti-spam Threat Threat Security Analyzer Intelligence Update Anti-phishing Center Server Web Reputation Deep Discovery Advisor Anti-malware • Blocking of targeted spear phishing emails and document exploits via Advanced Threat Detection custom sandboxing • Central analysis of detections • Automated updates of malicious quarantine IP/Domains • Search & Destroy function 10/19/2012 Confidential | Copyright 2012 Trend Micro Inc. 14
14. So what does that look like in context? Outer Perimeter Valuable Server Inner Perimeters Valuable Server Endpoint Valuable Server Endpoint
15. Deep Discovery Simulate Analyze Out of band network data feed of all Correlate network traffic Detect Malicious Content and Communication Identify Attack Behaviour & Reduce False Positives Visibility – Real-time Dashboards Insight – Risk-based Analysis Action – Remediation Intelligence
16. DeepSecurity Inner Perimeter for valuable assets Deep Packet Inspection Firewall Security Anti-Virus VM VM VM VM VM VM Log Inspection Hypervisor Integrity Monitoring
17. Thanks for listening... ...any questions? Confidential | Copyright 2012 Trend Micro Inc.

Hinweis der Redaktion

Traditional Security works against Traditional Threats. It’s not designed to cope with Targeted attacks. Partly because they are unique and so harder to spot. Partly because charges in how we are using IT such as cloud and mobile make the perimeter less effective than it used to be.
But… Don’t throw the baby out with the bath water! Spotting a targeted attack on your network is like finding a needle in a haystack. The way to do it isn’t to start with the biggest haystack possible and throw in lots of pins that look very like needles to confuse the situation. It’s all about filtering. Eliminate standard threats as close to source as you can to make it easier to spot the really clever stuff.
We need a switch of mental approach
Deep Discovery specialized threat detection focuses on 3 key areas to discovery attacks during every phase of activity Malicious Content (steps 2,3): Deep Discovery detects zero-day and advanced malware – including document exploits and drive-by downloads – used during the initial compromise or later C&C downloadsSuspect Communications (step 3):Deep Discovery detects the C&C communications used by modern malware, as well as backdoor manipulations by remote attackers Attack Behavior (steps 4,5,6): Deep Discovery detects both malware and hacker network behaviors that indicate propagation, scanning, irregular activity, and suspect data access and transmission Today you hear of products that find malware by sandboxing executables or detecting some botnet traffic, but only Deep Discovery indentifies the malicious content, communications and behaviors of malware and human attacker activity across all phases of the attack cycle.
Fingerprinting uses relevance rules to match known characteristics and patterns of communicationJack the Ripper, Dark Comet, Pass-the-Hash, Poison Ivy
Centralized management of all deployed Deep Discovery units provides consolidated threat management and enhanced analysis and reportingin a single console.Centralized Visibility and Reporting over multiple instances of Deep DiscoveryEnhanced Threat Investigation and Visualization capabilitiesHighly Customizable Dashboard, Reports & AlertsContext-based Risk Assessment by enriching events with location and asset severity information
This one shows which bits like to what – need to keep either this one or the previous one but not both.
Can we get this one drawn into the same style as the rest of the deck please. It links to the section of slide 18 that I’ve copied off to the right of the slide. If we can show that linkage that would be great 

Targeted Attacks: Have you found yours?

Du liest eine Vorschau.

Hier ansehen

Targeted Attacks: Have you found yours?

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Targeted Attacks: Have you found yours? (20)

Targeted Attacks: Have you found yours?

Hinweis der Redaktion

Targeted Attacks: Have you found yours?

Du liest eine Vorschau.

Targeted Attacks: Have you found yours?

Empfohlen

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Targeted Attacks: Have you found yours? (20)

Targeted Attacks: Have you found yours?

Hinweis der Redaktion