SlideShare uma empresa Scribd logo

Advanced Persistent Threats Cutting Through The Hype

Symantec
Symantec
TecnologiaNegócios
1 de 20
Advanced Persistent Threats: Cutting Through the Hype Kevin Rowney Director, Breach Response 1
Listen to Reason Advanced Persistent Threats: Cutting Through the Hype 2
Context: Key Security Trends Challenging Strategic Evolving Increasing Threat Importance of Infrastructure Complexity Landscape Information Advanced Persistent Threats: Cutting Through the Hype 3
Why APTs Are Getting Attention Now Adversaries are evolving Attack surface Private is growing now public Advanced Persistent Threats: Cutting Through the Hype 4
Getting it Straight: Definition of an APT • Active, targeted, long-term campaign • Tries to remain in place & undetected for extended period What is an • Includes multiple “kill chains” in parallel to ensure success Advanced • Mutates and adapts to evade detection Persistent • Well organized and resourced Threat? • An individual attack (drive-by-download, SQL injection) What isn’t • Smash & grab cybercriminal op for mere financial gain an Advanced • Run of the mill malware infection Persistent Threat? Advanced Persistent Threats: Cutting Through the Hype 5
How Are Targeted Attacks and APTs Related? An APT is always a targeted attack, but… Targeted Attacks a targeted attack is not necessarily an APT Targeted Attacks APTs Advanced Persistent Threats: Cutting Through the Hype 6
Why Should You Care About APTs? Information is power • It can have strategic value to nation states • Can have immense financial value to your adversaries APT’s are very real and quite serious • Means of attack via APT have advanced considerably • Even if you are not a target, you need to understand them You need to reconsider security protections now in place • Today’s APT technique is tomorrow’s standard practice • Must look at reinforcements to defense-in-depth now Advanced Persistent Threats: Cutting Through the Hype 7
How They Work: Advanced Persistent Threats 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks into the Hacker then maps Accesses data on Data sent to enemy’s network by delivering organization’s defenses unprotected systems “home base” for analysis targeted malware to from the inside and further vulnerable systems and Installs malware to exploitation/fraud employees Creates a battle plan secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 8 8
Key Differences: Incursion 1 Goal: Establish beach head for campaign APT Methods: •Reconnaissance using non-public resources •Innovative social engineering •Exploit 0-day vulnerabilities •Rarely automated INCURSION Attacker breaks into the network by delivering targeted malware to vulnerable systems and employees Advanced Persistent Threats: Cutting Through the Hype 9
Key Differences: Discovery 2 Goal: Ensure kill-chain is not compromised APT Methods: •Examine infected systems •Exploit SW/HW vulnerabilities • Gather credentials & passwords •Monitor for other resources or access points • Deploy multiple parallel “kill chains” • Go “low and slow” to avoid detection DISCOVERY Hacker then maps organization’s defenses from the inside Creates a battle plan Advanced Persistent Threats: Cutting Through the Hype 10
Key Differences: Capture 3 Goals: •Long-term occupancy and/or •Disruption of physical operations •Capture of crucial data APT Methods: •Ongoing capture of data •Manual analysis of data CAPTURE Accesses data on unprotected systems Installs malware to secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 11
Key Differences: Exfiltration 4 Goal: Get valuable data back to home base APT Methods: •P2P networks •Clear text •Onion routing applications •Encryption •Steganography EXFILTRATION Data sent to enemy’s “home base” for analysis and further exploitation/fraud Advanced Persistent Threats: Cutting Through the Hype 12
APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 13
APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 14
Emerging Techniques Used by APTs • Spamming to disguise the intended target • Using off-the-shelf malware to hide real type of attack • Steganography to hide communication with C&C server • Attacking web mail accounts to avoid enterprise network • IP cloaking • Layer -1 attacks Advanced Persistent Threats: Cutting Through the Hype 15
Common Techniques Used by APTs Social Engineering Attacker http://example.com/abc.html Victim Advanced Persistent Threats: Cutting Through the Hype 16
Common Techniques Used by APTs Payload Install and Execution http://example.com/abc.html Victim Malicious Server Backdoor Program Malicious Server Confidential Information Attacker Advanced Persistent Threats: Cutting Through the Hype 17
How Big is the Problem? +3 Billion Malware Attacks in 2010 1 in 25 customer organizations have been targeted U.S. Cyberwarfare Doctrine is under development Sources: Symantec Internet Security Threat Report, 2011 Message Labs Intelligence Report, 2011 Foreign Policy Magazine, May 3, 2011 Advanced Persistent Threats: Cutting Through the Hype 18
What Can You Do? Security Assessments to Reveal Gaps in Protection Data Loss Risk Vulnerability Assessment Assessment Malicious Activity Targeted Attack Assessment Assessment Advisory Services • Penetration Testing • Vulnerability Assessment • Security Program Assessment Advanced Persistent Threats: Cutting Through the Hype 19
Thank you! Kevin Rowney Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Advanced Persistent Threats: Cutting Through the Hype 20

Recomendados

Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp aptJoey Hernandez
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero dayКомсс Файквэе
 
Threat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueThreat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueAvkash Kathiriya
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 

Recomendados

Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp aptJoey Hernandez
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Bilge12 zero day
Bilge12 zero dayBilge12 zero day
Bilge12 zero dayКомсс Файквэе
 
Threat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueThreat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders LeagueAvkash Kathiriya
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Frode Hommedal
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot ProjectManikyala Rao
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 
Southwest monsoon time_scale
Southwest monsoon time_scaleSouthwest monsoon time_scale
Southwest monsoon time_scalegangadhara rao irlapati
 
Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativodiske102
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalei-Faber S.p.A.
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXRoel van Bueren
 

Mais conteúdo relacionado

Mais procurados

Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Frode Hommedal
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackVladyslav Radetsky
 

Mais procurados (18)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 
Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)Taking the Attacker Eviction Red Pill (v2.0)
Taking the Attacker Eviction Red Pill (v2.0)
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
ShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attackShadyRAT: Anatomy of targeted attack
ShadyRAT: Anatomy of targeted attack
 

Destaque

Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativodiske102
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalei-Faber S.p.A.
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXRoel van Bueren
 
Hello. Continuous Integration
Hello. Continuous IntegrationHello. Continuous Integration
Hello. Continuous IntegrationYuki Matsumura
 
Containers technologies
Containers technologiesContainers technologies
Containers technologiesJoris Bonnefoy
 
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGWAVA
 
Makalah Transcon Rizki
Makalah Transcon RizkiMakalah Transcon Rizki
Makalah Transcon RizkiRizki Gunawan
 
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale MaffèPEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffèi-Faber S.p.A.
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Network Trapianti
 
Mussolini
MussoliniMussolini
Mussolinimatt
 
Open Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldOpen Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldGWAVA
 
Micro Focus iPrint
Micro Focus iPrintMicro Focus iPrint
Micro Focus iPrintGWAVA
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker ContainersAttila Kanto
 
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Kelan tutkimus / Research at Kela
 

Destaque (20)

Southwest monsoon time_scale
Southwest monsoon time_scaleSouthwest monsoon time_scale
Southwest monsoon time_scale
 
Software colaborativo
Software colaborativoSoftware colaborativo
Software colaborativo
 
PEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globalePEC Corporate 2016 | Scenario economico globale
PEC Corporate 2016 | Scenario economico globale
 
Future of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppXFuture of Application Deployment on Windows 8: AppX
Future of Application Deployment on Windows 8: AppX
 
Hybrid Level 3
Hybrid Level 3Hybrid Level 3
Hybrid Level 3
 
Hello. Continuous Integration
Hello. Continuous IntegrationHello. Continuous Integration
Hello. Continuous Integration
 
Docker
DockerDocker
Docker
 
Containers technologies
Containers technologiesContainers technologies
Containers technologies
 
Timber
TimberTimber
Timber
 
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblickGroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
GroupWise & Friends: GWAVA Lösungen fürMicro Focus imÜberblick
 
Makalah Transcon Rizki
Makalah Transcon RizkiMakalah Transcon Rizki
Makalah Transcon Rizki
 
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale MaffèPEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
PEC CORPORATE 2015 - Carlo Alberto Carnevale Maffè
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
Centro Nazionale Trapianti Operativo: organizzazione e nuovi criteri di alloc...
 
Mussolini
MussoliniMussolini
Mussolini
 
Open Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows worldOpen Enterprise Server - in a Windows world
Open Enterprise Server - in a Windows world
 
Micro Focus iPrint
Micro Focus iPrintMicro Focus iPrint
Micro Focus iPrint
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
 
OAuth2介紹
OAuth2介紹OAuth2介紹
OAuth2介紹
 
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
Toimeentulotuen saajien psyykenlääkekäyttö Helsingissä vuonna 2010
 

Semelhante a Advanced Persistent Threats Cutting Through The Hype

RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSForgeRock
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Michael Scovetta
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Invincea, Inc.
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Denise Bailey
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't StopSophos
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 

Semelhante a Advanced Persistent Threats Cutting Through The Hype (20)

RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop8 Threats Your Anti-Virus Won't Stop
8 Threats Your Anti-Virus Won't Stop
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 

Mais de Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

Mais de Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Último

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Último (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

Advanced Persistent Threats Cutting Through The Hype

  • 1. Advanced Persistent Threats: Cutting Through the Hype Kevin Rowney Director, Breach Response 1
  • 2. Listen to Reason Advanced Persistent Threats: Cutting Through the Hype 2
  • 3. Context: Key Security Trends Challenging Strategic Evolving Increasing Threat Importance of Infrastructure Complexity Landscape Information Advanced Persistent Threats: Cutting Through the Hype 3
  • 4. Why APTs Are Getting Attention Now Adversaries are evolving Attack surface Private is growing now public Advanced Persistent Threats: Cutting Through the Hype 4
  • 5. Getting it Straight: Definition of an APT • Active, targeted, long-term campaign • Tries to remain in place & undetected for extended period What is an • Includes multiple “kill chains” in parallel to ensure success Advanced • Mutates and adapts to evade detection Persistent • Well organized and resourced Threat? • An individual attack (drive-by-download, SQL injection) What isn’t • Smash & grab cybercriminal op for mere financial gain an Advanced • Run of the mill malware infection Persistent Threat? Advanced Persistent Threats: Cutting Through the Hype 5
  • 6. How Are Targeted Attacks and APTs Related? An APT is always a targeted attack, but… Targeted Attacks a targeted attack is not necessarily an APT Targeted Attacks APTs Advanced Persistent Threats: Cutting Through the Hype 6
  • 7. Why Should You Care About APTs? Information is power • It can have strategic value to nation states • Can have immense financial value to your adversaries APT’s are very real and quite serious • Means of attack via APT have advanced considerably • Even if you are not a target, you need to understand them You need to reconsider security protections now in place • Today’s APT technique is tomorrow’s standard practice • Must look at reinforcements to defense-in-depth now Advanced Persistent Threats: Cutting Through the Hype 7
  • 8. How They Work: Advanced Persistent Threats 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks into the Hacker then maps Accesses data on Data sent to enemy’s network by delivering organization’s defenses unprotected systems “home base” for analysis targeted malware to from the inside and further vulnerable systems and Installs malware to exploitation/fraud employees Creates a battle plan secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 8 8
  • 9. Key Differences: Incursion 1 Goal: Establish beach head for campaign APT Methods: •Reconnaissance using non-public resources •Innovative social engineering •Exploit 0-day vulnerabilities •Rarely automated INCURSION Attacker breaks into the network by delivering targeted malware to vulnerable systems and employees Advanced Persistent Threats: Cutting Through the Hype 9
  • 10. Key Differences: Discovery 2 Goal: Ensure kill-chain is not compromised APT Methods: •Examine infected systems •Exploit SW/HW vulnerabilities • Gather credentials & passwords •Monitor for other resources or access points • Deploy multiple parallel “kill chains” • Go “low and slow” to avoid detection DISCOVERY Hacker then maps organization’s defenses from the inside Creates a battle plan Advanced Persistent Threats: Cutting Through the Hype 10
  • 11. Key Differences: Capture 3 Goals: •Long-term occupancy and/or •Disruption of physical operations •Capture of crucial data APT Methods: •Ongoing capture of data •Manual analysis of data CAPTURE Accesses data on unprotected systems Installs malware to secretly acquire data or disrupt operations Advanced Persistent Threats: Cutting Through the Hype 11
  • 12. Key Differences: Exfiltration 4 Goal: Get valuable data back to home base APT Methods: •P2P networks •Clear text •Onion routing applications •Encryption •Steganography EXFILTRATION Data sent to enemy’s “home base” for analysis and further exploitation/fraud Advanced Persistent Threats: Cutting Through the Hype 12
  • 13. APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 13
  • 14. APT or Not? Hydraq RSA SecurID Anonymous Stuxnet Conficker (Aurora) Incident / LulzSec Advanced Persistent Threats: Cutting Through the Hype 14
  • 15. Emerging Techniques Used by APTs • Spamming to disguise the intended target • Using off-the-shelf malware to hide real type of attack • Steganography to hide communication with C&C server • Attacking web mail accounts to avoid enterprise network • IP cloaking • Layer -1 attacks Advanced Persistent Threats: Cutting Through the Hype 15
  • 16. Common Techniques Used by APTs Social Engineering Attacker http://example.com/abc.html Victim Advanced Persistent Threats: Cutting Through the Hype 16
  • 17. Common Techniques Used by APTs Payload Install and Execution http://example.com/abc.html Victim Malicious Server Backdoor Program Malicious Server Confidential Information Attacker Advanced Persistent Threats: Cutting Through the Hype 17
  • 18. How Big is the Problem? +3 Billion Malware Attacks in 2010 1 in 25 customer organizations have been targeted U.S. Cyberwarfare Doctrine is under development Sources: Symantec Internet Security Threat Report, 2011 Message Labs Intelligence Report, 2011 Foreign Policy Magazine, May 3, 2011 Advanced Persistent Threats: Cutting Through the Hype 18
  • 19. What Can You Do? Security Assessments to Reveal Gaps in Protection Data Loss Risk Vulnerability Assessment Assessment Malicious Activity Targeted Attack Assessment Assessment Advisory Services • Penetration Testing • Vulnerability Assessment • Security Program Assessment Advanced Persistent Threats: Cutting Through the Hype 19
  • 20. Thank you! Kevin Rowney Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Advanced Persistent Threats: Cutting Through the Hype 20