www.cloudsec.com | #CLOUDSEC

7 BEHAVIORS OF HIGHLY EFFECTIVE ANTI-APT SOLUTIONTarun Gupta Regional Solutions ArchitectTrend Micro@Tarun_t_g

THREAT ACTORS GROWING WORLDWIDE

3

#CLOUDSEC

Victim

The Boss

Mercenary Attackers

Data Fencing

The Captain Garant

Bullet Proof Hoster

CRIME SYNDICATE (SIMPLIFIED)

#CLOUDSEC

$4

Victim Blackhat SEOAttacker

$10Attacker

Keywords(Botherder)

$2

$6$10

Programmer$10

Cryptor$10

Virtest$5

Worm

Exploit Kit

Bot Reseller$1 $1

$1

Traffic DirectionSystem$5

Garant$10

$3

Carder$4

Money Mule

Droppers$1

Card Creator$2

Bullet ProofHoster

$5

CompromisedSites (Hacker)

SQL InjectionKit

CRIME SYNDICATE (DETAILED)

A PREDATOR THAT BLENDS RIGHT IN

6

Copyright 2014 Trend Micro Inc. 7

Lucrative payoff, low penalty for failure Easy access to weapons/expertiseBroad attack surface (mobile, cloud…) Social engineering easier than ever

Impact beyond costResource constrained Many points of defenseUsers cannot be controlled

HACKERS HAVE AN UNFAIR ADVANTAGE!

Copyright 2014 Trend Micro Inc. 8

All that’s needed is a credit card and a mouse!

HACKERS HAVE AN UNFAIR ADVANTAGE!

Copyright 2014 Trend Micro Inc. 9

Limitations in device/OS/file coverage Unmonitored ports and protocols Generic sandbox environments Limited insight on known and

zero-day attacks Lack of visibility into attack evolution &

polymorphic malware

ATTACKERS EXPLOIT THE “GAPS "IN YOUR SECURITY

#CLOUDSECPoison Ivy

Use Multiple Ports

EvilGrab MW

Use Multiple Protocols

IXESHE MW

Evolve/Morph over Time

Copyright 2014 Trend Micro Inc.

91% of targeted attacks begin with a spear-phishing email

Attack Weakest Point: Humans

ATTACKERS CUSTOMIZE ATTACKS TO EVADE YOUR STANDARD DEFENSES

Moves laterally across network seeking valuable data

Gathers intelligence about organization and individuals

Copyright 2013 Trend Micro Inc.

Targets individuals using social engineering

Employees

Establishes link to Command & Control server

Attackers

Extracts data of interest – can go undetected for months!

$$$$

A TARGETED ATTACK IN ACTION: SOCIAL, STEALTHY

www.cloudsec.com | #CLOUDSEC

7 BEHAVIORS OF HIGHLY EFFECTIVE ANTI-APT SOLUTION

EFFECTIVE BEHAVIOR 1 - VISIBILITY

• Breach detection solutions need pervasive trafficvisibility.

• Monitoring Perimeter and all internal network trafficbetween endpoints, servers, and any other devices.

• Mobile device access and activities

• Identify risky applications in use; mobile device access and activities

• unusual traffic and data transfer patterns and more.

13

EFFECTIVE BEHAVIOR 2 - DETECTION

• Network based breach detection solution can discover themalicious content, communications in complex networks

• Monitoring of all critical network segments over MultipleProtocols

• Custom sandbox simulation and threat detection rules toreflect environment risks.

• Is agnostic to devices, operating systems and network traffic

• Can detect network threats activity emanating from any IPbased device detects attacks across all network traffic.

14

EFFECTIVE BEHAVIOR 3 - RISK ASSESSMENT

• Augments automated local threat analysis with relevantglobal intelligence.

• Identify emerging threats, vulnerabilities and associated risk.

• Risk Impact Assessment, Prioritization and Notification.

• Helps in risk mitigation with integration and Informationsharing

• Highlight Infectious unusual network activity

15

EFFECTIVE BEHAVIOR 4 - PREVENTION

• Custom detection, analysis and intelligence to augmentprotection from further attack

• Detect and block current attack activity such as commandand control communications, Lateral Moment etc.

• Includes custom security updates sent from thedetection/analysis platform to all pertinent protection points

• With entire security infrastructure adapts to defend againstthe new attacker.

16

EFFECTIVE BEHAVIOR 5 - REMEDIATION

• In-depth threat profile information will help guidecontainment and remediation actions

• SIEM or other log analysis methods to determine the fullextent of the Attack

• Provides the custom relevant intelligence to guide yourrapid response

• Open Web Services Interfaces allow any product tointegrate

17

EFFECTIVE BEHAVIOR 6 - SECURITY THAT FITS

• Integration with SIEMs; HP, IBM, Splunk, Any

• Sharing of Threat Intelligence with other security products

• Open Web Services Interfaces allow any product tointegrate

18

EFFECTIVE BEHAVIOR 7 – COLLABORATION

Monitor

Detect

Analyse

Compile

Forward

Action

Intel Report

Member Countries19

Copyright 2014 Trend Micro Inc. 20

Global Threat IntelligenceAccurately Analyzes and Identifies Threats Faster• 100TB of data analyzed and correlated daily• 300,000 new threats identified daily• Big data analytics and threat expertise

Global SensornetCollects More Information in More Places

• 150 million sensors• 16 billion threat queries daily• Files, URL’s, vulnerabilities, threat actors…

Proactive ProtectionBlocks Real-World Threats Sooner• 500,000+ businesses• Millions of consumers• 150M threats blocked daily

FUELED BY GLOBAL THREAT INTELLIGENCE

MONITOR & CONTROL:Security administrator alerted andprovided actionable intelligence

DETECT:Suspicious file detected and analyzed by Deep Discovery

ANALYZE:Affected endpoints identifiedwith Trend Micro Endpoint Sensor

RESPOND:Custom signature deployed andmalicious file quarantined; Serversprotected from unpatchedvulnerability used in the attack

PROTECT:Protection improved againstfuture attacks with integratedTrend solutions

#CLOUDSECDeploy protection where it matters most to your organization

InspectorDetect and analyze targeted attacks anywhere on your network

Network-wideattack detection

Analyzer

Improve the threat protection of your existing security investments

Integratedsandboxing

Email Inspector

Stop the targeted attacks that can lead to a data breach

Email attackprotection

Endpoint Sensor

Investigate & respond to attacks with network detection + endpoint intelligence

EndpointInvestigation

22Copyright 2014 TrendMicro Inc.

DEEP DISCOVERY FAMILY PRODUCTS

#CLOUDSEC

Trend Micro Deep Discovery PlatformAdvanced Threat Detection Where it Matters Most

Defends against targeted attacks invisible to standard security products• Advanced malware & exploits• Command & control communication• Attacker activity and lateral movement• Across inbound, outbound & internal

traffic

Copyright 2014 Trend Micro Inc. 23

#CLOUDSEC

24Copyright 2015 Trend Micro Inc.

• Proven results for standard HTTP & SMTP

• Plus additional detection for 100+ protocols & applications across all ports

• Detection of Mac and Mobile malware

• Custom sandboxing

• Monitors all network traffic

• Detect attacker activity

• Single appliance & low TCO

Superior detection & 360°protection

WHY DEEP DISCOVERY?

Tarun GuptaTrend Microtarun_g@trendmicro.com

@tarun_t_g