Enfrentando os Desafios das Ameaças Combinadas.
-
Upload
ish-tecnologia -
Category
Technology
-
view
896 -
download
3
description
Transcript of Enfrentando os Desafios das Ameaças Combinadas.
Enfrentando os desafios das ameaças combinadasRicardo Valente
Sr System’s Engineer
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
CRMSaaS
Spammers
TargetedAttacks Bots
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
SalesforceSaaS
Spammers
TargetedAttacks Bots
Fragmented technology management
Multi-product solutions(NAC, Data Protection)
Compliance requirements
Increased operational cost
Data and productivity risk
Reduced business agility
Complexity Impact
McAfee Network Security Portfolio
• Comprehensive threat/vulnerability protection
• Enabled by Global Threat Intelligence
• User-aware policy controls
• Flexible policy definition
• Compliance monitoring
• Common Management framework
• Optimized workflow
• Role-based administration
Protection Policy Management Platform
• High performance• Scalability• Enterprise-class
reliability• Flexible delivery
(appliance, blades, virtual)
Network
Total Protection Suites for the Network
Internet Gateways
NetworkDefense
IntrusionPrevention NAC
UTM
FirewallUser
Behavior
DLPEmailWeb
Global Threat Intelligence Technology Capabilities
• Protocol definition/behavior/ reputation
• Network attack definitions
• Phishing/Malware
• Protocol definition/behavior/ reputation
• Network attack definitions
• IP reputation• Anti-Malware
• Protocol definition/behavior/reputation
• Vulnerability assessment
• Anti-malware
IntrusionPrevention NAC
UTM
FirewallUser
Behavior
DLPEmailWeb
• IP/URL reputation• Spam profiles• Anti-malware
• IP/URL reputation• Content based
malware• Exploits
• IP/URL reputation• Spam profiles• Network attack
profiles• Anti-malware
Global Threat IntelligenceZero Day Response Environment
Internet
BOTSGotyou.com
Firewall - IPSEm
ail Gateway
Web Gateway
1. New phishing email on webmail
2. User clicks
3. Malware detected even without a signature
Global Threat IntelligenceZero Day Response Environment
InternetGlobal ThreatIntelligence
BOTSGotyou.com
Firewall - IPSEm
ail Gateway
Web Gateway
4. Samples Fingerprinted
5. Attributes analyzed in real time
6. Reputations and Signatures Updated
Analysts Agree: McAfee LeadsA
bili
ty t
o E
xecu
te
Web IPS
Web
E-mailDLP
Gartner Forrester
Niche Players Visionaries
Challengers Leaders
Completeness of Vision
Strategy
Cu
rre
nt
Offe
rin
g
LeadersStrong Performers
Firewall
April 10, 2023
McAfee Network Security10
McAfee Email Gateway
McAfee Web Gateway
Artemis
User receives email with a short message and a URL, from an IP address with no reputation for SPAM
1
User clicks on link and goes to a fake Reuters' video feed web page with malicious content.”
2
The content coming back is malware, and is blocked at the gateway
3The URL, IP, and the payload - all captured from “an event” is sent Avert Labs
4
Real-time feeds update Firewalls and email and web gateways. Artemis protects the endpoint in real-time
5
Internet
Internet
TrustedSource
TrustedSource
IPSFirewall UTM TrustedSource
Bomb Attacks Require Coordinated ProtectionResearch Capacity Matters
McAfee Web Gateway
Web
• Next Generation Web 2.0 security proxy• Enables Safe Secure Web access• High Performance: robust, enterprise class
proxy cache• Enables Productive use of Web 2.0 applications
• Protects against Web 2.0 blended and targeted malware attacks
• Flexible policy and scalable reporting to enable compliance
• Flexible and agile deployment to fit any infrastructure
Customer Benefits
McAfee Email Gateway
• Inbound Protection against spam, email-borne threats and malware
• Outbound Protection – Complete DLP and Advanced Compliance included; integrated encryption
• Administrative Empowerment – Flexible policy creation and robust reporting
• Reduce costs associated with spam and email-borne malware
• Stop data leakage via email• Comply with regulations requiring email security
Customer Benefits
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email13
Hacking Exposed: Web and Email Security
• Bookseller site walkthrough• FileInsight examples of deobfuscation• McAfee® TrustedSource™ technology • Anonymous proxies
Confidential McAfee Internal Use Only
Hacme Books
Cross Site Request Forging
April 10, 2023Title of Presentation14
Confidential McAfee Internal Use Only
Demo
• Visit and logon to a typical online book-seller site.• Browse selection.• Check that shopping cart is empty.• Visit the author's web site for a particular selection.• Return to book-seller site and check shopping cart.• Notice that a title has been added without authorization.
• Repeat same process using McAfee Web Gateway.• Notice that shopping cart does not get populated by the author's site.
• Why?• Author's site has crafted IFRAME that exploits the book-seller site.• McAfee Web Gateway strips out offending IFRAME and prevents
exploit to book-seller site.
April 10, 2023Title of Presentation15
Confidential McAfee Internal Use Only
Logon to Online Book Site
Confidential McAfee Internal Use Only
Browse Book Selection
Confidential McAfee Internal Use Only
Shopping Cart Empty
Confidential McAfee Internal Use Only
Visit Author's Web Site
Confidential McAfee Internal Use Only
Unauthorized Addition to Shopping Cart
Confidential McAfee Internal Use Only
Repeat with McAfee Web Gateway
Confidential McAfee Internal Use Only
Browse Book Selections Again
Confidential McAfee Internal Use Only
Check Shopping Cart
Confidential McAfee Internal Use Only
Visit Author's Web Site Again
Confidential McAfee Internal Use Only
Return and Check Shopping CartCart Remains Empty
Confidential McAfee Internal Use Only
What Does McAfee Web Gateway Do?
April 10, 2023Title of Presentation26
Confidential McAfee Internal Use Only
Original Author's Site with IFRAME
Confidential McAfee Internal Use Only
Site through MWG with IFRAME Removed
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email29
additional malware example
April 10, 202329
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email30 April 10, 202330
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email31 April 10, 202331
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email32 April 10, 202332
Confidential McAfee Internal Use Only
TrustedSource
April 10, 2023Title of Presentation33
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
Inte
rnet A
ccess
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
SQL InjectionAttack
Custom
er
Data
Compromised SitePotential Stolen
Data
11
22
Inte
rnet A
ccess
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
User OpensEmail & Goes to Compromised Server
SPAMAttack
MalwareDownloaded
11
22
33
Inte
rnet A
ccess
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
User OpensEmail & Goes to Compromised Server
SPAMAttack
New ZombiesCreated
11
22
44
33
MalwareDownloaded
Inte
rnet A
ccess
Confidential McAfee Internal Use Only
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
208.XXX.XXX.164
Inte
rnet A
ccess
Confidential McAfee Internal Use Only
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
SPAMAttack
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
SPAMAttack
22
User accesses
GMail
11
89.XXX.XXX.84
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
Confidential McAfee Internal Use Only
Spam Sent to Web Mail Account
Confidential McAfee Internal Use Only
Obfuscated JavaScript
April 10, 2023Title of Presentation43
Confidential McAfee Internal Use Only
MalwareDownloadBLOCKED
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
Malware IP& Message Data
sent to TS
22
11
89.XXX.XXX.84
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
SQL InjectionAttack
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
Inte
rnet A
ccess
Connections Rejected Based on Reputation
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)