Protect Against the Known, the Unknown and …...2015 Successful Exploit Traffic2 Top 10...
Transcript of Protect Against the Known, the Unknown and …...2015 Successful Exploit Traffic2 Top 10...
Protect Against the Known, the Unknown and “Known Unknown” Threats in Your Network Elisa Lippincott
Trend Micro TippingPoint
Copyright 2016 Trend Micro Inc. 2
The Current Security Landscape
Copyright 2016 Trend Micro Inc. 3
The Story Behind The Headlines…
The problem is exacerbated by a shortage of resources and security expertise
Your organization’s data, communications, intellectual property and other intangible assets can be monetized by unwanted third parties
Your organization will be exposed to strategic risks, financially material costs, and potential damage to its reputation
Criminals and adversaries engineer and execute attacks across an exploding attack surface that bypass traditional security controls
Copyright 2016 Trend Micro Inc. 4
The Known Vulnerabilities are Still in Vogue
• 29% of all exploit samples discovered in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice.
• All of the top 10 vulnerabilities exploited overall in 2015 continue to be those that are more than a year old
• 48% are five or more years old.
• In 2015, the top 10 vulnerabilities accounted for 85% of successful exploit traffic. The other 15% consisted of over 900 CVEs, which are also being actively exploited in the wild.
29%
13%
6% 5% 5%
4%
4%
4%
3% 2%
24%
Top 10 Vulnerabilities Exploited in 20151
CVE-2010-2568(Microsoft Windows)CVE-2012-6422(Samsung)CVE-2014-6332(Microsoft Windows)CVE-2010-0188(Adobe Reader/Acrobat)CVE-2009-3129(Microsoft Excel)CVE-2012-1723(Oracle Java)CVE-2010-1297(Adobe Flash Player)CVE-2012-0158(Flyspray)CVE-2010-3301(Linux)CVE-2014-0503(Adobe Flash Player)Others
85%
15%
2015 Successful Exploit Traffic2
Top 10 Vulnerabilities
900+ CVEs
1 “Cyber Risk Report 2016.” Hewlett Packard Enterprise. February 2016. 2 “2016 Data Breach Investigations Report.” Verizon. April 2016.
Copyright 2016 Trend Micro Inc. 5
Next-Generation Intrusion Prevention System Requirements
Out-of-the-Box Protection
Recommended settings out-of-the-box with security intelligence from respected research and development team
Centralized Management
Complete network security management with integrated security policy, visibility and responses
Real-Time Protection
In-line, bump in the wire with high performance and low latency
Third Party Integration
Integration with complementary security solutions to enforce a “defense-in-depth” security approach
Copyright 2016 Trend Micro Inc. 6
Breach Detection/Advanced Threat Protection Requirements
Detection Across All Network Traffic
Detect malware, C&C, attacker activity across 100+ protocols and all ports
Anti-evasion Techniques Against Several Methods
• Multi-language and keyboard emulation
• Mimics human interaction • Prevents virtual device look
ups
Custom Sandboxing Analysis
Accurate detection of your attackers
Policy Management
Quarantine, deletion, forward-with-tag are configurable by detection severity. Sandbox analysis can be controlled by attachment type
Copyright 2016 Trend Micro Inc. 7
The “Known Unknown”
Copyright 2016 Trend Micro Inc. 8
Copyright 2016 Trend Micro Inc. 9
Zero Day Initiative
• Largest vendor-agnostic player in the zero-day vulnerability marketplace
• Recognized by Frost & Sullivan as the leader in Vulnerability Research and Discovery since 2010
• Feeds directly into protection for Trend Micro customers
3,000+
• Registered external researchers
$14M+
• Paid to researchers in return for vulnerability submissions
#1
• Source for critical Microsoft and Adobe vulnerabilities
3,000+
• Vulnerabilities discovered and disclosed since inception
Copyright 2016 Trend Micro Inc. 10
Business of Bugs
SECURITY RESEARCHERS and HACKERS have a multitude of options available to sell their BUGS
BLACK MARKET Flaws can be sold to the highest bidder, used to disrupt private or public individuals and groups.
GREY MARKET Some legitimate companies operate in a legal grey zone within the zero-day market, selling exploits to governments and law enforcement agencies in countries across the world.
WHITE MARKET Bug bounty programs, hacking contests and direct vendor communication provide opportunities for responsible disclosure.
Copyright 2016 Trend Micro Inc. 11
Grey Market
Unclear where the flaw will end up and what it will be used for… Some grey market brokers have policies which will only sell to
ethical and approved sources
Used to spy on private citizens suspected of crimes Used to shut down suspected terrorist operations
Implications Sell vulnerability to private broker
Examples of what can happen
Copyright 2016 Trend Micro Inc. 12
Lucrative business
Copyright 2016 Trend Micro Inc. 13
Lucrative business
Copyright 2016 Trend Micro Inc. 14
Option 1: Consultancy services
Copyright 2016 Trend Micro Inc. 15
Option 2: Vulnerability brokers
Copyright 2016 Trend Micro Inc. 16
Bullish marketplace
Copyright 2016 Trend Micro Inc. 17
ZDI Impact on the Industry
Killing Hacking Team Exploits Is the Grey Market Better at Exploitation? Killing VUPEN Exploits
Copyright 2016 Trend Micro Inc. 18
ZDI Competitive Analysis and Customer Ecosystem Impact (1H2016)
0 20 40 60 80 100 120 140 160 180
Cisco Talos
FireEye
Fortinet
IBM
Intel Security
Kaspersky
Palo Alto Networks
Symantec
Tenable
Trend Micro
Vectra Networks
Venustech ADLAB
Zero Day Initiative
Microsoft Acknowledgements
2016 2015 2014
0 20 40 60 80 100 120 140 160 180
Cisco Talos
FireEye
Fortinet
Kaspersky Lab
McAfee
Palo Alto Networks
Tencent
Trend Micro
Vectra Networks
Venustech ADLAB
Zero Day Initiative
Adobe Acknowledgements
2016 2015
0 5 10 15 20 25 30 35 40
Cisco Talos
IBM
Intel Security
IOActive
Kaspersky
Mandiant
Positive Technologies
Qualys
Tenable Network
Versa Networks
Zero Day Initiative
ICS-CERT Acknowledgements
2016 2015
Copyright 2016 Trend Micro Inc. 19
Zero Day Initiative: Preemptive Protection for “Known Unknown” Vulnerabilities
CUSTOMERS PROTECTED AHEAD OF PATCH
CUSTOMERS AT RISK
92 DAYS Average days of zero-day
filter coverage from date of DV filter shipped to ZDI public
disclosure in 2015.
Other Network Security Vendors
Copyright 2016 Trend Micro Inc. 20
Case Studies
Copyright 2016 Trend Micro Inc. 21
Case Study – Stuxnet (2015)
• 2010 vulnerability designed to compromise SCADA systems was not patched
• Vulnerability reported to Zero Day Initiative
• Digital Vaccine filter was available for customers almost two months prior to new Stuxnet disclosure
Copyright 2016 Trend Micro Inc. 22
Case Study – Heartbleed/OpenSSL Heartbleed • OpenSSL vulnerability affecting 2/3 of the world’s web servers • TippingPoint customers were protected on Day 1 via Digital
Vaccine • “Virtual patch” stops attack and theft of critical customer data Second OpenSSL Vulnerability • Second OpenSSL vulnerability similar to Heartbleed appears • Vulnerability reported to Zero Day Initiative • Digital Vaccine provided 43 days of coverage before OpenSSL
Group released a patch
Copyright 2016 Trend Micro Inc. 23
Case Study – QuickTime for Windows • The Zero Day Initiative reported finding two "critical
vulnerabilities" in QuickTime for Windows • The Department of Homeland Security issued a warning that
recommended removing QuickTime for Windows • Apple advised that the product would be out of support on
Windows and published removal instructions for users. • These advisories were released in accordance with the Zero Day
Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability.
• TippingPoint customers were protected for almost five months!
Copyright 2016 Trend Micro Inc. 24
Addressing the Known, Unknown and “Known Unknown” Vulnerabilities in Your Network
INLINE | LOW LATENCY | HIGH THROUGHPUT | NO FALSE POSITIVES
Detect, analyze and respond to unknown malware and advanced threats across all network traffic, all ports and over 100 protocols
KNOWN KNOWN UNKNOWN UNKNOWN
Exclusive insight into undisclosed vulnerability data results in pre-emptive coverage between the discovery of a vulnerability and patch availability
Real-time, accurate threat prevention for known vulnerabilities and all potential attack permutations
Copyright 2016 Trend Micro Inc. 25
For More Information
• www.trendmicro.com
• www.zerodayinitiative.com
• www.trendmicro.com/tippingpoint
• www.trendmicro.com/dvlabs
• blog.trendmicro.com
• blog.trendmicro.com/trendlabs-security-intelligence/