Enfrentando os Desafios das Ameaças Combinadas.

Enfrentando os desafios das ameaças combinadasRicardo Valente

Sr System’s Engineer

Today’s Environment

Internettwitter

facebookWeb 2.0

ERP

CRMSaaS

Spammers

TargetedAttacks Bots

Today’s Environment

Internettwitter

facebookWeb 2.0

ERP

SalesforceSaaS

Spammers

TargetedAttacks Bots

Fragmented technology management

Multi-product solutions(NAC, Data Protection)

Compliance requirements

Increased operational cost

Data and productivity risk

Reduced business agility

Complexity Impact

McAfee Network Security Portfolio

• Comprehensive threat/vulnerability protection

• Enabled by Global Threat Intelligence

• User-aware policy controls

• Flexible policy definition

• Compliance monitoring

• Common Management framework

• Optimized workflow

• Role-based administration

Protection Policy Management Platform

• High performance• Scalability• Enterprise-class

reliability• Flexible delivery

(appliance, blades, virtual)

Network

Total Protection Suites for the Network

Internet Gateways

NetworkDefense

IntrusionPrevention NAC

UTM

FirewallUser

Behavior

DLPEmailWeb

Global Threat Intelligence Technology Capabilities

• Protocol definition/behavior/ reputation

• Network attack definitions

• Phishing/Malware

• Protocol definition/behavior/ reputation

• Network attack definitions

• IP reputation• Anti-Malware

• Protocol definition/behavior/reputation

• Vulnerability assessment

• Anti-malware

IntrusionPrevention NAC

UTM

FirewallUser

Behavior

DLPEmailWeb

• IP/URL reputation• Spam profiles• Anti-malware

• IP/URL reputation• Content based

malware• Exploits

• IP/URL reputation• Spam profiles• Network attack

profiles• Anti-malware

Global Threat IntelligenceZero Day Response Environment

Internet

BOTSGotyou.com

Firewall - IPSEm

ail Gateway

Web Gateway

1. New phishing email on webmail

2. User clicks

3. Malware detected even without a signature

Global Threat IntelligenceZero Day Response Environment

InternetGlobal ThreatIntelligence

BOTSGotyou.com

Firewall - IPSEm

ail Gateway

Web Gateway

4. Samples Fingerprinted

5. Attributes analyzed in real time

6. Reputations and Signatures Updated

Analysts Agree: McAfee LeadsA

bili

ty t

o E

xecu

te

E-mail

Web IPS

Web

E-mailDLP

Gartner Forrester

Niche Players Visionaries

Challengers Leaders

Completeness of Vision

Strategy

Cu

rre

nt

Offe

rin

g

LeadersStrong Performers

Firewall

April 10, 2023

McAfee Network Security10

McAfee Email Gateway

McAfee Web Gateway

Artemis

User receives email with a short message and a URL, from an IP address with no reputation for SPAM

1

User clicks on link and goes to a fake Reuters' video feed web page with malicious content.”

2

The content coming back is malware, and is blocked at the gateway

3The URL, IP, and the payload - all captured from “an event” is sent Avert Labs

4

Real-time feeds update Firewalls and email and web gateways. Artemis protects the endpoint in real-time

5

Internet

Internet

TrustedSource

TrustedSource

IPSFirewall UTM TrustedSource

Bomb Attacks Require Coordinated ProtectionResearch Capacity Matters

McAfee Web Gateway

Web

• Next Generation Web 2.0 security proxy• Enables Safe Secure Web access• High Performance: robust, enterprise class

proxy cache• Enables Productive use of Web 2.0 applications

• Protects against Web 2.0 blended and targeted malware attacks

• Flexible policy and scalable reporting to enable compliance

• Flexible and agile deployment to fit any infrastructure

Customer Benefits

McAfee Email Gateway

Email

• Inbound Protection against spam, email-borne threats and malware

• Outbound Protection – Complete DLP and Advanced Compliance included; integrated encryption

• Administrative Empowerment – Flexible policy creation and robust reporting

• Reduce costs associated with spam and email-borne malware

• Stop data leakage via email• Comply with regulations requiring email security

Customer Benefits

Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email13

Hacking Exposed: Web and Email Security

• Bookseller site walkthrough• FileInsight examples of deobfuscation• McAfee® TrustedSource™ technology • Anonymous proxies

Confidential McAfee Internal Use Only

Hacme Books

Cross Site Request Forging

April 10, 2023Title of Presentation14


Demo

• Visit and logon to a typical online book-seller site.• Browse selection.• Check that shopping cart is empty.• Visit the author's web site for a particular selection.• Return to book-seller site and check shopping cart.• Notice that a title has been added without authorization.

• Repeat same process using McAfee Web Gateway.• Notice that shopping cart does not get populated by the author's site.

• Why?• Author's site has crafted IFRAME that exploits the book-seller site.• McAfee Web Gateway strips out offending IFRAME and prevents

exploit to book-seller site.



Logon to Online Book Site


Browse Book Selection


Shopping Cart Empty


Visit Author's Web Site


Unauthorized Addition to Shopping Cart


Repeat with McAfee Web Gateway


Browse Book Selections Again


Check Shopping Cart


Visit Author's Web Site Again


Return and Check Shopping CartCart Remains Empty


What Does McAfee Web Gateway Do?



Original Author's Site with IFRAME


Site through MWG with IFRAME Removed

Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email29

additional malware example

April 10, 202329

Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email30 April 10, 202330


TrustedSource



Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malware

Zom

bie

Botnet C

&C

Organize

d Cyb

er

Crooks

Zombie P

roxie

s

Botnet

Legacy

Secu

rity

Solutions

Inte

rnet A

ccess


Web A

pps

Email

Web

apps.y

ourc

o.com

Inte

rnal

Network

Malware

Zom

bie

Botnet C

&C

Organize

d Cyb

er

Crooks

Zombie P

roxie

s

Botnet

Legacy

Secu

rity

Solutions

SQL InjectionAttack

Custom

er

Data

Compromised SitePotential Stolen

Data

11

22

Inte

rnet A

ccess


Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malware

Zom

bie

Botnet C

&C

Organize

d Cyb

er

Crooks

Zombie P

roxie

s

Botnet

Legacy

Secu

rity

Solutions

User OpensEmail & Goes to Compromised Server

SPAMAttack

MalwareDownloaded

11

22

33

Inte

rnet A

ccess


Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malware

Zom

bie

Botnet C

&C

Organize

d Cyb

er

Crooks

Zombie P

roxie

s

Botnet

Legacy

Secu

rity

Solutions

User OpensEmail & Goes to Compromised Server

SPAMAttack

New ZombiesCreated

11

22

44

33

MalwareDownloaded

Inte

rnet A

ccess


Malwar

e Zom

bie

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

208.XXX.XXX.164

Inte

rnet A

ccess


Malwar

e Zom

bie

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Inte

rnet A

ccess

McAfee Email Gateway(formerly IronMail)

McAfee Web Gateway(formerly Webwasher)

McAfee Firewall Enterprise(Sidewinder)


Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

SPAMAttack

Malwar

e Zom

bie

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

Inte

rnet A

ccess





Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malwar

e Zom

bie

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

NewZombie

SPAMAttack

22

User accesses

GMail

11

89.XXX.XXX.84

Inte

rnet A

ccess





Spam Sent to Web Mail Account


Obfuscated JavaScript



MalwareDownloadBLOCKED

Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malwar

e Zom

bie

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

NewZombie

Malware IP& Message Data

sent to TS

22

11

89.XXX.XXX.84

Inte

rnet A

ccess





Web A

pps

Email

Web

apps.y

ourc

o.com

Custom

er

Data

Inte

rnal

Network

Malwar

e Zom

bie

SQL InjectionAttack

Botnet C

&C

Organ

ized C

yber

Crook

s

Zombie P

roxie

sBot

net

NewZombie

Inte

rnet A

ccess

Connections Rejected Based on Reputation




Enfrentando os Desafios das Ameaças Combinadas.

Technology

Transcript of Enfrentando os Desafios das Ameaças Combinadas.