Detect & Remediate Malware & Advanced Targeted Attacks

Detect and Remediate Advanced
Targeted Attacks
Raphael Reich - Senior Director, Product Marketing, Imperva
Ruby Sharma - Manager, WW Strategic Alliances, FireEye

1

© 2013 Imperva, Inc. All rights reserved.

Confidential

Agenda
§  The threat landscape
§  Traditional defenses fall short
§  Securing high-value applications and data assets
§  FireEye and Imperva: focused defense for targeted
attacks

2


Confidential

Raphael Reich
Senior Director, Product Marketing , Imperva
§  Expertise
•  20+ years in product marketing,
product management, and software
engineering

§  Professional Experience
•  Cisco, Check Point, Network General

§  Academics
•  Bachelor’s degree in Computer
Science from UC Santa Cruz
•  MBA from UCLA

3


Confidential

Ruby Sharma
Manager, WW Strategic Alliances, FireEye
§  Expertise
•  10+ years in strategic alliances,
product management, and software
engineering

§  Professional Experience
•  FireEye, Microsoft

§  Academics
•  Masters in Computer Science from
Illinois Institute of Technology

4


Confidential

Threat Landscape

5


Confidential

Attackers Turn Your Data Into Their Money

6


Confidential

Target Your Users and Your Data Center

Source: Verizon Data Breach Report, 2013
7


Confidential

Who’s Doing It and Why
Governments
Stealing Intellectual Property (IP) and raw data, and spying
§  Motivated by: Policy, politics, and nationalism
§  Preferred Methods: Targeted attacks

Organized Crime
Stealing IP and data
§  Motivated by: Profit
§  Preferred Methods: Targeted attacks, fraud

Hacktivists
Exposing IP and data, and compromising the infrastructure
§  Motivated by: Political causes, ideology, personal agendas
§  Preferred Methods: Targeted attacks, Denial of Service attacks
8


Confidential

Some Examples
Hackers stole sensitive data related to a planned
$2.4B acquisition of China Huiyuan Juice Group
Hackers raided troves of sensitive data from the
$21B company, but it was never made public

Hackers gained access to privileged user accounts
regarding electric vehicle drive train technology

Hackers had full system access with the ability to
modify, copy and delete sensitive data

9


Confidential

Anatomy of a Targeted Attack
Records lost: 4M
Population: 5M

= 80%

Attack Timeline: Targeted, Efficient, and Undetected

Attacker steals
login credentials
via phishing
email & malware

Attacker logs in
remotely and
accesses the
database

Aug 13, 2012

Aug 27, 2012

10


Confidential

Additional
reconnaissance, more
credentials stolen

Aug 29 – Sept 12, 2012

Attacker steals
the entire
database

Sept 12 - 14, 2012

Current Controls
Won’t the NGFW/IPS/AV Stop It?

11


Confidential

Protect and Monitor Your Assets
Applications and data are the main focus
of modern cyber attacks. However, existing
identity, endpoint, and network security
solutions are insufficient for their
protection.
Application Security Roadmap Beyond 2012:
Breaking Silos, Increasing Intelligence, Enabling Mass Adoption
Joseph Feiman and Neil MacDonald; June 22, 2012

Gartner, Inc.

12


Confidential

Typical Defenses Ineffective Against Modern
Malware

“Organizations face an evolving threat scenario that they are ill-prepared to deal with….advanced
threats that have bypassed their traditional security protection techniques and reside undetected
on their systems.”
Gartner, 2012

13


Confidential

Traditional Defenses Don’t Work
The new breed of attacks evade signature-based defenses
Anti-Spam
Gateways

IPS
"

Firewalls/
NGFW

14


Secure Web
Gateways

Confidential

Desktop AV

The Spending Disconnect
The Threats Have Changed

Security Spending Hasn’t

2012

2001

Cyber Espionage
Organized Criminals
Industrialized Hackers
Anti-virus

Anti-virus

Backdoors

Firewall / VPN

Firewall / VPN

“Digital Graffiti”

Content Filtering

Secure Email/Web

Script Kiddies

IDS / IPS

IPS

Threats

Security Spend

Threats

Security Spend
Sources: Gartner, Imperva analysis

15


Confidential

Rebalance Your Security Portfolio

16


Confidential

Security Redefined
Forward Thinking

17


Confidential

New Threat Landscape

Coordinated Persistent Threat Actors

Dynamic,
Polymorphic Malware

Advanced attacks go undetected!

Multi-Vector Attacks

18


Confidential

Multi-Stage Attacks

Targeting an Organization’s Valuable Assets

Spear Phishing

CFO

Financial Information

Web-Based Attack

Director of Engineering

Intellectual Property

File-Based Attack

Government Employee

National Security
Information

19


Confidential

A New Approach Required
Legacy Security Devices
Pattern-Matching
Detection Model

•  Signature-based
•  Reactive
•  Only known threats
•  False positives
20


Confidential

New Virtual MachineBased Detection Model

• 
• 
• 
• 

Signature-less
Dynamic, real time
Known/unknown threats
Minimal false positives

FireEye’s Multi-Flow, Stateful Attack Analysis
Infection Server

Callback Server

•  FireEye uses multi-flow analysis
to understand the full context of
today’s cyber attacks
Exploit

Callbacks

Malware
Executable

Data
Exfiltration

•  Stateful attack analysis shows
the entire attack life cycle
•  Enables FireEye to disrupt each
stage and neutralize attack
•  Point products focus only on
objects (e.g., executable, files)
and can be easily bypassed

Downloads

21


Confidential

FireEye Multi Vector Protection Platform
Network based based
appliances see wide range
of network traffic

Web

Email

File

Malwar
e

Multi-Vector Virtual Execution™
Central Management System

Dynamic Threat Intelligence™

22


Confidential

Installs within an hour on
most networks with no
need for rules and policies
Integrates with common
network architectures
Additional specialized
malware analyst tools
Leverage of detection
experience across entire
customer base

Attacks Discovered and Stopped by FireEye

FireEye claims protection against
Internet Explorer zero-day attack,
Operation Aurora

Attackers Target Internet
Explorer Zero-Day Flaw
December 28, 2012
Researcher – Darien Kindlund

January 18, 2010

Java Zero-Day Attack Could
Hit Enterprises Hard
August 28, 2012
Researcher – Atif Mushdaq

South Korea network attack
'a computer virus'
March 20, 2013
Researcher – Vinay Pidathala

Operation Beebus Attacks
Discovered by FireEye
February 4, 2013
Researchers – Vinay Pidathala,
Darien Kindlund

2010

Command and Control Used in
Sanny APT Attacks Shut Down
March 22, 2013
Researchers – Ali Islam,
Alex Lanstein

2013
2012

Researchers Say They Took Down
World’s Third-Largest Botnet
July 18, 2012
Researcher – Atif Mushdaq

APT Attacks FireEye
is Designed to Combat

23

Russian space research org
targeted by mystery malware attack
December 12, 2012
Researchers – Ali Islam, Alex Lanstein

Stuxnet


Adobe reviews report of another
security bug in its software
February 13, 2013
Researcher – Zheng Bu

Duqu
South Korea

Confidential

Researchers: Zero-day PDF exploit
affects Adobe Reader 11, earlier
versions
February 13, 2013
Researcher – Yichong Lin

Protecting the Data Center From
Advanced Targeted Attacks

24


Confidential

What is Needed
Advanced Detection: identify zero-day attacks
Immediate Mitigation: block/report compromise insiders attempt to…
•  Access business critical applications
•  Access sensitive data – databases, intellectual property, deal
data, etc.
•  Conduct administrative actions or privileged operations

Non-disruptive: mitigation enables business to continue
Full Forensics: logs all activity originating from infected hosts
25


Confidential

Reduce Risk
§  Identify sensitive data

§  Build policies to protect that data

§  Review and rationalize access rights

§  Audit, analyze and alert on access activity

26


Confidential

Detect Advanced Attacks
§  Detect advanced malware on network
•  Detect in-bound malware exploits and out-bound data exfiltration to
C&C sites

§  Identify compromised endpoints/users
•  Prevent them from accessing business critical data

27


Confidential

Insulate Critical Applications and Data
§  Stop compromised users and devices from accessing
sensitive applications and data

28


Confidential

Post-incident Analysis
§  Leverage audit trail and forensics to improve the incident
response process
•  Identify trends and patterns that indicate security risk

29


Confidential

Protect Data From Advanced Targeted Attacks

+

1.  Identify insiders/endpoint compromised by malware
2.  Prevent compromised hosts from accessing critical
business data
3.  Provide business continuity without business risk

30


Confidential

Case Study: PSCU - Financial Services

BLOCK

Protecting regulated data in databases with Imperva and FireEye

PCI

Imperva Database Firewall
31


Confidential

Integration and Data Flow
Data set

SecureSphere MX

Data

Descrip,on

IP

Compromised
device
IP
address

Hostname

Compromised
device
hostname

FireEye
ID

Unique
FireEye
ID
for
mapping

Source

FireEye
MPS
source
device

Etc.

Etc.

32


SecureSphere Gateways

Confidential

Additional Resources – White Paper

Download Now

33


Confidential

Additional Resources – eBook

Download Now

34


Confidential

www.imperva.com

35


Confidential

Detect & Remediate Malware & Advanced Targeted Attacks

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (16)

Similar to Detect & Remediate Malware & Advanced Targeted Attacks

Similar to Detect & Remediate Malware & Advanced Targeted Attacks (20)

More from Imperva

More from Imperva (20)

Recently uploaded

Recently uploaded (20)

Detect & Remediate Malware & Advanced Targeted Attacks