3. 3
Around the Enterprise in 229 Days
3
Months
6
Months
9
Months
229 Days
Median # of days attackers are present on
a victim network before detection.
Initial
Breach of Companies
Learned
They Were
Breached from
an External Entity
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report 2014
4. 4
Broad Sector Targeting
• Extremely broad targeting
• IP-intensive businesses
continually a focus
• International business
dealings
• Increase in Finance and
Media/Entertainment is
notable
6. 6
Of Malware Only
Exists Once
Of Malware
Disappears After
One Hour
6
Ghost Hunting with Antivirus
7. 7
Maginot Line Report
• 1,216 Organizations Reviewed from
October 2013 – March 2014
• Sectors Included: Government, Financial
Services, Chemicals and Manufacturing,
High-tech, Consulting, Energy, Retail, and
Healthcare
8. 8
Maginot Line Report
• 97% of Organizations
Breached
• 27% of Attacks Consistent
with APT Tools and Tactics
• An Average of Over 120
Malware Payloads
Bypassed Other Defenses
9. 9
A Global Threat…
1. United States
2. South Korea
3. Canada
4. Japan
5. United Kingdom
6. Germany
7. Switzerland
8. Taiwan
9. Saudi Arabia
10. 10
1 Year After APT1…
• APT1 and APT12 threat groups paused
operations following the public release of
Mandiant’s report
• Both groups changed operational
infrastructure, replacing what had been
exposed in the APT1 report.
• Despite specific warnings by the Obama
administration, China-based APT activity
indicates that the PRC has no intention
of abandoning its cyber campaign.
Mandiant report, providing
evidence linking China-based
cyber threat group to the
People’s Republic of China
(PRC)
14. 14
Defense in Depth
A military strategy; it seeks to delay rather than prevent the advance of an
attacker…Rather than defeating an attacker with a single, strong defensive
line, [it] relies on the tendency of an attack to lose momentum over a
period of time…Once an attacker has lost momentum…defensive counter-
attacks can be mounted on the attacker's weak points [to] drive the attacker
back to its original starting position.
15. 15
Defense in Depth
A military strategy; it seeks to delay rather than prevent the advance of an
attacker…Rather than defeating an attacker with a single, strong defensive
line, [it] relies on the tendency of an attack to lose momentum over a
period of time…Once an attacker has lost momentum…defensive counter-
attacks can be mounted on the attacker's weak points [to] drive the attacker
back to its original starting position.
Presumes the defensive
measure limits or reduces
momentum.
16. 16
Defense in Depth – IT Translation
An information assurance (IA) concept in which multiple layers of security
controls (defense) are placed throughout an information technology (IT)
system. Its intent is to provide redundancy in the event a security control
fails or a vulnerability is exploited that can cover aspects of personnel,
procedural, technical and physical for the duration of the system's life cycle.
17. 17
Defense in Depth – IT Translation
An information assurance (IA) concept in which multiple layers of security
controls (defense) are placed throughout an information technology (IT)
system. Its intent is to provide redundancy in the event a security control
fails or a vulnerability is exploited that can cover aspects of personnel,
procedural, technical and physical for the duration of the system's life cycle.
Presumes the defensive
measure was effective in the
first place.
25. 25
Multiple approaches to identify
attacks at earliest stage
Detect Prevent
Prevent what you can prevent…it
will never be 100%
Remediation support and threat
intelligence to recover and
improve risk posture
Resolve Analyze
Containment, forensic
investigation and kill
chain reconstruction
REAL
TIME
The Continuous Threat Prevention Process
26. 26
Multiple approaches to identify
attacks at earliest stage
Detect Prevent
Prevent what you can prevent…it
will never be 100%
Remediation support and threat
intelligence to recover and
improve risk posture
Resolve Analyze
Containment, forensic
investigation and kill
chain reconstruction
REAL
TIME
The Continuous Threat Prevention Process
Make sure executives understand it’s not just “Detect and Prevent”
Make sure executives understand you’re dealing with humans
attacking you…not malware
Make sure executives understand this is continuous…it’s not going
away…and may never go away
27. 27
So What’s Working?
• War-time Mindset:
Acceptance of the New
Normal
• Beyond Compliance: Look
at Efficacy vs. Real Threats
and Aligning Budget
• Resilience: Ability to
Operate Through the
Breach
29. 29
Virtual
Machine-Based
Model of Detection
Purpose-Built for Security
Hardened Hypervisor
Scalable
Portable
SECURITY
Needs To Be
To Address
The New Threat
Landscape
FINDS KNOWN/ UNKNOWN
CYBER-ATTACKS IN REALTIMEACROSSALLVECTORS
30. 30
FireEye Managed Defense
The FireEye MVX Architecture
NETWORK EMAIL ENDPOINT MOBILE CONTENT ANALYTICS FORENSICS
Dynamic
Threat Intelligence
Threat Prevention Platforms
Powered by MVX TechnologyPowered by MVX Technology
31. 31
Multiple approaches to identify
attacks at earliest stage
Detect Prevent
Prevent what you can prevent…it
will never be 100%
Remediation support and threat
intelligence to recover and
improve risk posture
Resolve Analyze
Containment, forensic
investigation and kill
chain reconstruction
REAL
TIME
The Continuous Threat Prevention Process