Real World Defense Strategies for Targeted Endpoint Threats
-
Upload
lumension -
Category
Technology
-
view
209 -
download
0
Transcript of Real World Defense Strategies for Targeted Endpoint Threats
![Page 1: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/1.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Real World Defense Strategies
- for -
Targeted Endpoint Threats
![Page 2: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/2.jpg)
2PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Agenda
• Advanced Persistent Threats (APTs)• Targeted Threats Trends• Targeted Threats Framework• Defense in Depth• Q & A
![Page 3: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/3.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION3
Advanced Persistent Threats
Real? Or vender hype?What’s your perspective …
»Something new?
»Merely marketing hype?
»Limited to large companies?
»All about China?
»APT = Malware?
![Page 4: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/4.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION4
Targeted Threat Concerns
Ponemon Research: 2013 State of the Endpoint
ISACA Research: Advanced Persistent Threats Are Real» 93.6% feel APTs are a serious threat» 63% think it is only a matter of time» 79% feel this is the largest gap in APT prevention» 1 in 5 have experienced an APT attack
47%36%
36%24%24%
22%23%
13%
Figure 4: IT security risks of most concern since 2010More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012
Increased use of mobile platforms
Advanced persistent threats
Intrusion and data loss within a virtual environment
2012 2011 2010 * This choice was not available in all fiscal years
*
![Page 5: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/5.jpg)
Targeted Threat Trends
![Page 6: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/6.jpg)
Targeted Attacks by Organization Size
6PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Source: Symantec
50%In 2012
31%In 2012
5%3%2%
93%
![Page 7: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/7.jpg)
External Actors Responsible for Majority of Attacks
7PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Source: Verizon 2013 databreach
![Page 8: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/8.jpg)
Healthcare – Most frequent data breaches
8PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
![Page 9: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/9.jpg)
Targeted Threats - Top 10 Industries Attacked in 2012
9PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Source: Symantec
![Page 10: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/10.jpg)
Threat Environment – Threat Trends
• User endpoints are consistently targeted» 71% of attacks targeted user devices – Source Verizon
![Page 11: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/11.jpg)
Common APT Characteristics
11
• Highly targeted and endpoint-focused• Uses both sophisticated and low-tech techniques
» Delivery: USB keys, social engineering, watering hole, etc.» Zero-day vs. “known” vulnerabilities» Fraudulent certificates
• Centralized Command and Control• Undetected for prolonged periods
» Exfiltration masking» “Hiding in plain sight”
11PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
![Page 12: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/12.jpg)
Targeted ThreatFramework
![Page 13: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/13.jpg)
13PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Threat Framework
![Page 14: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/14.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Discover
14
» Identify the Target
» Plan for Penetration
» Probe the Perimeter
Essentially “casing the joint”
![Page 15: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/15.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Distribute
15
» Package the Payload
» Deliver the Payload
Design and develop not only the payload but delivery vehicle
![Page 16: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/16.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Exploit
16
» Trigger the Payload
» Exploit the Vulnerability
Activation may not be immediate, and may involve multiple vulnerabilities
![Page 17: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/17.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Control
17
» Install Malware on System
» Connect Back to Attacker
» Command & Control
Often involves encrypted communications channel and manual interaction
![Page 18: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/18.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Execute
18
» Upset the CIA Triad • Confidentiality
• Integrity
• Availability
» Obfuscate and Extend
Taking action against planned objectives
![Page 19: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/19.jpg)
19PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Targeted Threat Framework
Phase Detect Deny Disrupt
Discover Web analytics Firewall ACL
Distribute Vigilant end user Web filteringSpearfish detection
AV
Exploit Vigilant end user White listingMemory protectionPatch Management
Sandboxing
Control Next gen FWNIPS
FW ACLNIDS
DNS
Execute SIEMAudit Logs
![Page 20: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/20.jpg)
Defense-in-Depth
![Page 21: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/21.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth Strategy
21
Successful risk mitigation starts with a solid vulnerability management foundation, augmented by additional layered defenses which include:
» Configuration Control
» Application Whitelisting
» Memory Protection
» Data Encryption
» Port / Device Control
» Antivirus
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
![Page 22: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/22.jpg)
Endpoint Defense-in-Depth
22PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Con
figur
atio
n M
anag
emen
t
Pat
ch M
anag
emen
t
Ant
i-Mal
war
e
Por
t /
Dev
ice
Con
trol
DataEncryption
Network Access Physical Access
![Page 23: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/23.jpg)
Additional Information
23PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
• For End User Education» “Be Aware of What You Share” at
www.lumension.com/be-aware
• For Security Pros (www.lumension.com/Resources)» Whitepaper “The State of APT Preparedness” from UBM
Tech at ~/WhitePapers/The-State-of-APT-Preparedness» On-Demand Webcast “Top 9 Mistakes of APT Victims” by
Ultimate Windows Security at ~/Webcasts/Top-9-Mistakes-of-APT-Victims
• More on APT issues and solutions in Optimal Security blog at blog.lumension.com/tag/advanced-persistent-threat/
![Page 24: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/24.jpg)
Q & A
![Page 25: Real World Defense Strategies for Targeted Endpoint Threats](https://reader035.fdocuments.us/reader035/viewer/2022062704/555c9edcd8b42a6f778b533f/html5/thumbnails/25.jpg)
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com