SlideShare uma empresa Scribd logo

Addressing the cyber kill chain

Symantec Brasil
Symantec Brasil

Conceito militar, agora aplicado a Cibersegurança, o "the cyber kill chain" foi desenvolvido pela Lockheed Martin em 2011. Ele descreve as fases que um adversário seguirá para alvejar uma Organização. São 7 fases bem definidas e este ataque é considerado bem sucedido se / quando todas as fases foram realizadas. (DOCUMENTO EM INGLÊS)

Tecnologia
1 de 26
Baixar para ler offline
Addressing the Cyber Kill Chain André Carraretto, CISSP Security Strategist
Agenda 1 Current Threat Landscape Challenges 2 The Cyber Kill Chain 3 How Symantec can help 4 Q&A Copyright © 2015 Symantec Corporation 2
Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 6
Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 8
Top Breaches in 2014 Copyright © 2015 Symantec Corporation 9
Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 10
Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 11
The Cyber Kill Chain Copyright © 2015 Symantec Corporation 12
The Cyber Kill Chain • Military concept, now applied to Cyber Security • Developed by Lockheed Martin in 2011 • Describes the phases an Adversary will follow to target an Organization • It has 7 well defined phases • Attack is considered successfull if/when all phases have been accomplished Copyright © 2015 Symantec Corporation 13
Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
Addressing the Cyber Kill Chain Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Web analytics, Internet scannning reports, vuln. scanning, pen testing, SIEM, DAST/SAST, threat intelligence, TIP Firewall ACL, system and service hardening, network obfuscation, logical segmentation Honeypot SAST/DAST Weaponization sentiment analysis, vuln. announcements, vuln. assessm. NIPS, NGFW, patch management, configuration hardening, application remediation SEG, SWG Delivery user training, security analytics, network behavior analysis, threat intelligence, NIPS, NGFW, WAF, DDoS, SSL inspection, TIP SWG, NGIPS, ATD, TIP EPP Backup or EPP cleanup Exploitation EPP, NIPS, SIEM, WAF EPP, NGIPS, ATD, WAF NIPS, NGFW, EPP, ATD data restoration from backups Installation EPP, endpoint forensics or ETDR, sandboxing, FIM EPP, MDM, IAM, endpoint containerization/app wrapping EPP, HIPS, incidente forensic tools incident response, ETDR Command and Control NIPS, NBA, network forensics, SIEM, DNS security,TIP IP/DNS reputation blocking, DLP, ATA DNS redirect, threat intelligence on DNS, egress filtering, NIPS incident response, system restore Action on Targets Logging, SIEM, DLP, honeypot, TIP, DAP egress filtering, SWG, trust zones, DLP QoS, DNS, DLP, ATA incident response Copyright © 2015 Symantec Corporation 15 Source: Gartner (August 2014) – G00263765
How Symantec can help Copyright © 2015 Symantec Corporation 16
Symantec Enterprise Security | STRONG FRANCHISES 17 #1 share; AAArating 12 quarters in a row Endpoint Security #1 share; 100% uptime with <0.0003% FPs 5 years in a row Email Security #1 DLP share; 100% of Fortune 100 Data Protection #1 share 6B certificate lookups/day Trust Services 13B validations every day 100% uptime last 5 years Authentication & Authorization Managed Security Services 12 Yrs Gartner MQ leader 30B logs analyzed/day Copyright © 2015 Symantec Corporation
Symantec Enterprise Security | UNIQUE VISIBILITY 18 57M attack sensors in 157 countries 175M endpoints 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 9 threat response centers 500+ rapid security response team 30% of world’s enterprise email traffic scanned/day 1.8 Billion web requests Copyright © 2015 Symantec Corporation
Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
Addressing the Cyber Kill Chain with Symantec Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Deepsight Threat Intelligence, Managed Security Services (MSS) Control Compliance Suite Control Compliance Suite, Datacenter Security N/A N/A Weaponization Deepsight Managed Adversary Threat Intelligence (MATI) Control Compliance Suite, Altiris ITMS Messaging Gateway, Symantec.cloud (email/web) N/A Delivery MSS, Deepsight Threat Intelligence, Blackfin acquisition (user training, phishing tests) ATP Suite, Deepsight Threat Intelligence Endpoint Protection Endpoint Protection (Power Eraser), Veritas Exploitation Endpoint Protection, Datacenter Security, MSS Endpoint Protection, Datacenter Security, ATP Suite, Deepsight Threat Intelligence Endpoint Protection, ATP Suite, Datacenter Security Veritas Installation Endpoint Protection, Advanced Threat Protection Suite (ATP Suite), Datacenter Security Endpoint Protection, Moblity Suite, Authentication Manager, VIP, Managed PKI Endpoint Protection, ATP Suite, Datacenter Security Incident Response Retainer Services Command and Control MSS, Deepsight Threat Intelligence Deepsight Threat Intelligence, DLP, ATP Suite Deepsight Threat Inteligence Incident Response Retainer Services Action on Targets MSS, Data Loss Prevention (DLP), Deepsight Threat Intelligence Data Loss Prevention DLP, ATP Suite Incident Response Retainer Services Copyright © 2015 Symantec Corporation 20 Source: Gartner (August 2014) – G00263765
Recommendations Reconnaissance • Regular external scannings / pentest • Deepsight MATI: Monitor underground Internet • DCS:SA: Enforce least privilegie concept on Internet-facing servers • MSS: Analytics to detect indicators of unwanted activity against Internet-facing servers • Employ SLDC to guarantee applications are processing untrusted input correctly Weaponization • Deepsight Intelligence: keep informed of recently discovered vulnerabilities and weaponized exploits available to them • Deepsight MATI: Monitor possible/future activities planned against your organization and to track adversaries Copyright © 2015 Symantec Corporation 21
Recommendations Delivery • Keep using your traditional controls (NGFW, NGIPS, SWG, DDoS, WAF) to provide visibility and prevent compromise attempts • ATP Suite: inspect suspicious files through sandboxing analysis • Analyze DNS resolution to unwanted or malicious hosts Exploitation • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior • Email Security.cloud, Endpoint Protection: those can help limit most of the attack attempts • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. • ATP Suite: inspect suspicious files through sandboxing analysis Copyright © 2015 Symantec Corporation 22
Recommendations Installation • Endpoint Protection: to provide greater protection over advanced malware, browser attacks and application white/blacklisting • SAM/VIP/MPKI: employ strong authentication to reduce likelyhood of installation and data access • Incident Response Retainer: helps with incidente response practices and containment Command and Control • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. It can also be used to create a “DNS Sinkhole” to divert malicious connections • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior, including C&C connections Copyright © 2015 Symantec Corporation 23
Recommendations Action on Targets • Data Loss Prevention: to perform continous monitoring of user behavior/data access • Employ Database monitoring tools to detect/block suspicious data access (excess in volume, abnormal times, locations, etc) Copyright © 2015 Symantec Corporation 24
&Q A Copyright © 2015 Symantec Corporation 25
Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. André Carraretto, CISSP andre_carraretto@symantec.com @andrecarraretto https://br.linkedin.com/in/andrecarraretto

Recomendados

Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 

Recomendados

Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
Miriam Celi, CISSP, GISP, MSCS, MBA
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
InnoTech
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 

Mais conteúdo relacionado

Mais procurados

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 

Mais procurados (20)

DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Secure Coding and Threat Modeling
Secure Coding and Threat ModelingSecure Coding and Threat Modeling
Secure Coding and Threat Modeling
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 

Destaque

kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Cyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threatCyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threat
SogetiLabs
 

Destaque (7)

Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
Cyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threatCyber security the cybersecurity kill chan - myth or threat
Cyber security the cybersecurity kill chan - myth or threat
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 

Semelhante a Addressing the cyber kill chain

Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Blue Coat
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 

Semelhante a Addressing the cyber kill chain (20)

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Information Security
Information SecurityInformation Security
Information Security
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems Today
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 

Mais de Symantec Brasil

Symantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec CynicSymantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec Cynic
Symantec Brasil
 
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e RespostaAmeaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Symantec Brasil
 

Mais de Symantec Brasil (20)

Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1Symantec -Executive Report - edicao 1
Symantec -Executive Report - edicao 1
 
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
A Symantec Fornece Solução Automatizada para Proteção contra o Comprometiment...
 
Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)Por dentro da la transformación - Entrevista Sheila Jordan (BR)
Por dentro da la transformación - Entrevista Sheila Jordan (BR)
 
Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)Por dentro da transformação - Entrevista Sheila Jordan (BR)
Por dentro da transformação - Entrevista Sheila Jordan (BR)
 
Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?Be Aware - Eu sou o próximo alvo?
Be Aware - Eu sou o próximo alvo?
 
Ameaças de Junho 2016
Ameaças de Junho 2016 Ameaças de Junho 2016
Ameaças de Junho 2016
 
Como garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dadosComo garantir um maior nívelde proteção de dados
Como garantir um maior nívelde proteção de dados
 
Customer Super Care
Customer Super CareCustomer Super Care
Customer Super Care
 
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
Segurança da Informação na era do IoT: conectividade, e ameaças, por todos os...
 
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
Be Aware Webinar Symantec - O que há de novo? Data Loss Prevention 14.5
 
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
Be Aware Webinar Symantec - Spear-phishing: Seus usuários estão preparados pa...
 
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TIBe Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
Be Aware Webinar Symantec - Reduza as vulnerabilidades do seu ambiente de TI
 
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
Be Aware Webinar Symantec - Relatório de Ameaças à Segurança na Internet de 2...
 
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
Be Aware Webinar - Criptografia, uma forma simples de proteger seus dados pes...
 
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
Be Aware Webinar Symantec - O que devo considerar com o suporte de pós vendas...
 
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
Be Aware Webinar - Segurança de email: Ameaças, SPAM e Sequestros, uma máquin...
 
Be Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares MultiplataformasBe Aware Webinar - Malwares Multiplataformas
Be Aware Webinar - Malwares Multiplataformas
 
A Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças AvançadasA Abordagem Symantec para Derrotar Ameaças Avançadas
A Abordagem Symantec para Derrotar Ameaças Avançadas
 
Symantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec CynicSymantec Advanced Threat Protection: Symantec Cynic
Symantec Advanced Threat Protection: Symantec Cynic
 
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e RespostaAmeaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
Ameaças Persistentes Avançadas: Passando da Detecção para a Prevenção e Resposta
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Addressing the cyber kill chain

  • 1. Addressing the Cyber Kill Chain André Carraretto, CISSP Security Strategist
  • 2. Agenda 1 Current Threat Landscape Challenges 2 The Cyber Kill Chain 3 How Symantec can help 4 Q&A Copyright © 2015 Symantec Corporation 2
  • 3. Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
  • 4. Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
  • 5. Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
  • 6. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 6
  • 7. Current Threat Landscape Challenges Copyright © 2015 Symantec Corporation 3
  • 8. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 8
  • 9. Top Breaches in 2014 Copyright © 2015 Symantec Corporation 9
  • 10. Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 10
  • 11. Top Breaches in 2015 (so far...) Copyright © 2015 Symantec Corporation 11
  • 12. The Cyber Kill Chain Copyright © 2015 Symantec Corporation 12
  • 13. The Cyber Kill Chain • Military concept, now applied to Cyber Security • Developed by Lockheed Martin in 2011 • Describes the phases an Adversary will follow to target an Organization • It has 7 well defined phases • Attack is considered successfull if/when all phases have been accomplished Copyright © 2015 Symantec Corporation 13
  • 14. Enterprise Threat Landscape 4 Attackers Moving Faster Digital extortion on the rise Malware gets smarter Zero-Day Threats Many Sectors Under Attack 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware 24 all-time high Top 5 unpatched for 295 days 24 Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report 2015
  • 15. Addressing the Cyber Kill Chain Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Web analytics, Internet scannning reports, vuln. scanning, pen testing, SIEM, DAST/SAST, threat intelligence, TIP Firewall ACL, system and service hardening, network obfuscation, logical segmentation Honeypot SAST/DAST Weaponization sentiment analysis, vuln. announcements, vuln. assessm. NIPS, NGFW, patch management, configuration hardening, application remediation SEG, SWG Delivery user training, security analytics, network behavior analysis, threat intelligence, NIPS, NGFW, WAF, DDoS, SSL inspection, TIP SWG, NGIPS, ATD, TIP EPP Backup or EPP cleanup Exploitation EPP, NIPS, SIEM, WAF EPP, NGIPS, ATD, WAF NIPS, NGFW, EPP, ATD data restoration from backups Installation EPP, endpoint forensics or ETDR, sandboxing, FIM EPP, MDM, IAM, endpoint containerization/app wrapping EPP, HIPS, incidente forensic tools incident response, ETDR Command and Control NIPS, NBA, network forensics, SIEM, DNS security,TIP IP/DNS reputation blocking, DLP, ATA DNS redirect, threat intelligence on DNS, egress filtering, NIPS incident response, system restore Action on Targets Logging, SIEM, DLP, honeypot, TIP, DAP egress filtering, SWG, trust zones, DLP QoS, DNS, DLP, ATA incident response Copyright © 2015 Symantec Corporation 15 Source: Gartner (August 2014) – G00263765
  • 16. How Symantec can help Copyright © 2015 Symantec Corporation 16
  • 17. Symantec Enterprise Security | STRONG FRANCHISES 17 #1 share; AAArating 12 quarters in a row Endpoint Security #1 share; 100% uptime with <0.0003% FPs 5 years in a row Email Security #1 DLP share; 100% of Fortune 100 Data Protection #1 share 6B certificate lookups/day Trust Services 13B validations every day 100% uptime last 5 years Authentication & Authorization Managed Security Services 12 Yrs Gartner MQ leader 30B logs analyzed/day Copyright © 2015 Symantec Corporation
  • 18. Symantec Enterprise Security | UNIQUE VISIBILITY 18 57M attack sensors in 157 countries 175M endpoints 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 9 threat response centers 500+ rapid security response team 30% of world’s enterprise email traffic scanned/day 1.8 Billion web requests Copyright © 2015 Symantec Corporation
  • 19. Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 5 Copyright © 2015 Symantec Corporation
  • 20. Addressing the Cyber Kill Chain with Symantec Phase Detect Deny or Contain Disrupt, Eradicate or Deceive Recover Reconnaissance Deepsight Threat Intelligence, Managed Security Services (MSS) Control Compliance Suite Control Compliance Suite, Datacenter Security N/A N/A Weaponization Deepsight Managed Adversary Threat Intelligence (MATI) Control Compliance Suite, Altiris ITMS Messaging Gateway, Symantec.cloud (email/web) N/A Delivery MSS, Deepsight Threat Intelligence, Blackfin acquisition (user training, phishing tests) ATP Suite, Deepsight Threat Intelligence Endpoint Protection Endpoint Protection (Power Eraser), Veritas Exploitation Endpoint Protection, Datacenter Security, MSS Endpoint Protection, Datacenter Security, ATP Suite, Deepsight Threat Intelligence Endpoint Protection, ATP Suite, Datacenter Security Veritas Installation Endpoint Protection, Advanced Threat Protection Suite (ATP Suite), Datacenter Security Endpoint Protection, Moblity Suite, Authentication Manager, VIP, Managed PKI Endpoint Protection, ATP Suite, Datacenter Security Incident Response Retainer Services Command and Control MSS, Deepsight Threat Intelligence Deepsight Threat Intelligence, DLP, ATP Suite Deepsight Threat Inteligence Incident Response Retainer Services Action on Targets MSS, Data Loss Prevention (DLP), Deepsight Threat Intelligence Data Loss Prevention DLP, ATP Suite Incident Response Retainer Services Copyright © 2015 Symantec Corporation 20 Source: Gartner (August 2014) – G00263765
  • 21. Recommendations Reconnaissance • Regular external scannings / pentest • Deepsight MATI: Monitor underground Internet • DCS:SA: Enforce least privilegie concept on Internet-facing servers • MSS: Analytics to detect indicators of unwanted activity against Internet-facing servers • Employ SLDC to guarantee applications are processing untrusted input correctly Weaponization • Deepsight Intelligence: keep informed of recently discovered vulnerabilities and weaponized exploits available to them • Deepsight MATI: Monitor possible/future activities planned against your organization and to track adversaries Copyright © 2015 Symantec Corporation 21
  • 22. Recommendations Delivery • Keep using your traditional controls (NGFW, NGIPS, SWG, DDoS, WAF) to provide visibility and prevent compromise attempts • ATP Suite: inspect suspicious files through sandboxing analysis • Analyze DNS resolution to unwanted or malicious hosts Exploitation • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior • Email Security.cloud, Endpoint Protection: those can help limit most of the attack attempts • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. • ATP Suite: inspect suspicious files through sandboxing analysis Copyright © 2015 Symantec Corporation 22
  • 23. Recommendations Installation • Endpoint Protection: to provide greater protection over advanced malware, browser attacks and application white/blacklisting • SAM/VIP/MPKI: employ strong authentication to reduce likelyhood of installation and data access • Incident Response Retainer: helps with incidente response practices and containment Command and Control • Deepsight Datafeeds: provide intelligence over malicious IPs/Domains to your SIEM. It can also be used to create a “DNS Sinkhole” to divert malicious connections • MSS: collect and correlate logs from various control points to provide better visibility of malicious behavior, including C&C connections Copyright © 2015 Symantec Corporation 23
  • 24. Recommendations Action on Targets • Data Loss Prevention: to perform continous monitoring of user behavior/data access • Employ Database monitoring tools to detect/block suspicious data access (excess in volume, abnormal times, locations, etc) Copyright © 2015 Symantec Corporation 24
  • 25. &Q A Copyright © 2015 Symantec Corporation 25
  • 26. Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. André Carraretto, CISSP andre_carraretto@symantec.com @andrecarraretto https://br.linkedin.com/in/andrecarraretto