Scribd Logo
Unggah

Selamat datang di Scribd!

  • Palo Alto Fuel AutoFocus

    Diunggah oleh

    Ryanb378
    21 tayangan16 halaman
    Palo Alto Fuel AutoFocus

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Palo Alto Fuel AutoFocus

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    21 tayangan16 halaman

    Palo Alto Fuel AutoFocus

    Diunggah oleh

    Ryanb378
    Palo Alto Fuel AutoFocus

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 16

    5/18/2015

    CYBERSECURITY & AUTOFOCUS


    Scott Simkin
    Sr. Threat Intelligence Manager, Palo Alto Networks

    THE ADVANCED ADVERSARY


    Majority of adversaries are just
    doing their job:
    Bosses, families, bills to pay.
    Want to get in, accomplish their task, and get out (un-detected).
    Goal isnt making your life hard.

    1
    5/18/2015

    UNDERSTANDING THE ATTACK KILL


    CHAIN METHODOLOGY

    Reconnaissance Weaponization Exploitation Installation Command-and-Control Actions on


    and Delivery the Objective

    Unauthorized Access Unauthorized Use

    What you typically see:


    A linear set of steps that adversaries follow to achieve
    their goals moving from one step to the other

    The reality is far different. There is no step-by-step for


    the pragmatic adversary

    CHALLENGES AND CHANGE


    INTRODUCE RISKS
    Social, Mobile, Analytics, Cloud
    Risk Organizational
    Exposure Risk Internet of Things

    Application Economy

    Consumerization of IT

    Decreasing
    Visibility
    and Control
    Rate of Change/Complexity

    Reliance on Multiple Layers of Service Providers

    2
    5/18/2015

    RECONNAISSANCE
    Identify a specific target within an organization:

    SLIDESOURCE Find more webinars and videos Search


    Join | Login
    Presenting a Webinar?
    Content from
    HOME > All SLIDESOURCE > Enterprise Security corporate websites

    Third-party sites to
    Enterprise Security
    Channel Profile Protecting Critical Assets

    Protect your company


    Leading a new era in cybersecurity by
    protecting thousands of enterprise,
    identify key targets
    government
    Our amazing new product provides
    unprecedented protection from 100%
    of all threats. You will never need to
    buy anything else. Common search
    Date | Rating | Views
    techniques
    CIO News
    Channel RSS Feed
    (12,000 Subscribers) Leading a new era in cybersecurity by
    protecting thousands of enterprise,

    Sandboxing is enough
    Leading a new era in cybersecurity by
    protecting thousands of enterprise,

    Find the topics


    Standalone IPS
    that interest you
    Leading a new era in cybersecurity by
    protecting thousands of enterprise,

    RECONNAISSANCE List of Attendees at a National


    Simple Google Search Defense Industrial Association

    3
    5/18/2015

    RECONNAISSANCE
    Identify the tools used to protect an organization

    EXPLOITATION

    Exploiting the user

    1 Why use malware when you


    have legitimate credentials?

    Users are typically the


    path of least resistance.

    4
    5/18/2015

    EXPLOITATION Exploit

    Exploiting the software

    2 Why use a 0-day when


    2012-0158/2010-3333 still
    open?

    Old vulnerabilities may


    not be patched.

    COMMON TOOLS

    Remote Shell
    Direct access to the OS
    as logged in user
    Keylogger
    Audio Capture
    Screen Capture
    Webcam Capture

    10 | 2014, Palo Alto


    Networks. Confidential
    and Proprietary.

    5
    5/18/2015

    COMMON TOOLS

    COMMON TOOLS

    12 | 2014, Palo Alto


    Networks. Confidential
    and Proprietary.

    6
    5/18/2015

    THE UNDERGROUND ECONOMY

    Active
    Easilymarketplace
    purchase
    fortools.
    attacks:
    Conversations
    Remote access
    ontools.
    each aspect
    ofMalware.
    the kill-chain.
    Discuss
    Exploits.tactics
    A tool for creating Botnets on AndroidEtc.[]
    with $4,000
    other
    attackers.

    THE UNDERGROUND ECONOMY

    Peer-to-peer Botnet [] $15,000

    7
    5/18/2015

    AUTOFOCUS

    BREACHES CONTINUE TO HAPPEN


    Time to breach Time to detection

    Minutes or Days Days, weeks, or longer

    8
    5/18/2015

    MORE DEVICES & DATA ISNT THE


    ANSWER

    Gap between
    having data &
    Produces using it
    overwhelming
    amounts of data

    Growing security
    investment

    THE TYPICAL SECURITY OPERATION


    Overwhelming set of tools and dashboards

    Small Security
    Operations

    9
    5/18/2015

    CURRENT GENERIC INDICATORS

    Malware Severity Source IP Target IP URL / Md5sum

    Malware.Binary 10.223.126.89 84.200.77.204 de06a0f345d15fd771ebfa2b48e91d25

    Malware.Binary 10.221.44.12 123.102.17.98 f8b4971afd6f05f42c5c1e68908d9902

    Malware.Binary 10.223.112.87 212.23.66.34 d937e6b52959f3da7e01760eb9135621

    Malware.Binary 10.223.126.23 233.91.43.198 89722a247706fcf559ffddf15bb7f292

    Limited value without context

    DEFINING CONTEXT

    Malicious Campaigns Motivation Infrastructure Related


    actors & goals & tools used indicators

    Context

    10
    5/18/2015

    AUTOMATICALLY SURFACE IMPORTANT


    EVENTS Highly targeted, unique attacks

    1% SHELL CREW

    Ransomware FakeAV
    Generic.dropper
    Downloader.generic Virus.Win32

    Malware.binary Malware.generic
    99% Trojan.downloader
    Malware.generic
    Virus.Win32
    Spybot
    Generic.backdoor
    FakeAV Generic.dropper

    Commodity attacks

    AUTOFOCUS
    Threat intelligence service
    identifies the important
    attacks through additional
    information and context.

    Centralizes threat data


    and applies both unique
    statistical and human
    intelligence analysis.

    Web portal that gives users


    access to this data and
    allows the ability to search
    and tag this data easily.

    11
    5/18/2015

    AUTOFOCUS ARCHITECTURE

    Security 3rd party


    operations WildFire feeds

    NEXT-GENERATION ADVANCED ENDPOINT


    FIREWALL PROTECTION

    WildFire

    24,000 2.5M 15K


    Devices worldwide Samples analyzed Unique malware
    using WildFire per day found per day

    360M 240M 30B


    Sessions Samples Artifacts

    (as of February 2015)

    12
    5/18/2015

    KEY USE-CASES
    Unique or targeted Context around Context around incidents
    indicators of compromise on your network
    events

    223.144.191.23

    premier.espfootball.com
    Espionage group XYZ
    Click fraud

    bank-card90.no-ip.com
    Related indicators
    mutex:mediaCenter Banking trojan
    domain:wincc-ctrl.com

    Seen mostly in paloalt0networks.com

    Energy sector
    Espionage

    DEMO

    13
    5/18/2015

    COMMUNITY ACCESS
    The Community Access program
    provides free limited-time free
    access to current Palo Alto
    Networks customers:
    Full access to the new AutoFocus
    service.
    Gain prioritized, actionable
    intelligence into the attacks you
    must respond to.
    Full context on attacks, including
    adversaries and campaigns.
    Contribute to the future of the
    service and the threat intelligence
    of all AutoFocus users.
    To request an invitation visit:
    www.paloaltonetworks.com/autofou
    s

    PREVENTING ATTACKS EVERYWHERE


    Detect AND Prevent Threats at Every
    Point Across the Organization

    Cloud

    At the At the Between At the Within Private,


    Mobile Device Internet Edge Employees and Data Center Public and
    Devices within Edge and Hybrid Clouds
    the LAN between VMs

    Prevent attacks, both known and unknown


    Protect all users and applications, in the cloud or virtualized
    Integrate network and endpoint security
    Analytics that correlate across the cloud

    14
    5/18/2015

    THE CYBER ATTACK LIFECYCLE


    1 Breach the Perimeter 2 Deliver the Malware 3 Lateral Movement 4 Exfiltrate Data

    Reconnaissance Weaponization Exploitation Installation Command-and-Control Actions on


    and Delivery the Objective

    Unauthorized Access Unauthorized Use

    NEXT-GENERATION SECURITY
    PLATFORM
    THREAT
    INTELLIGENCE
    CLOUD

    AUTOMATED

    NATIVELY
    EXTENSIBLE
    INTEGRATED

    NEXT-GENERATION ADVANCED ENDPOINT


    FIREWALL PROTECTION

    15
    5/18/2015

    16

    Anda mungkin juga menyukai