More information on this webcast: http://ow.ly/IyNdF
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way.
You'll learn:
How attackers exploit vulnerabilities to take control of systems
What they do next to find & exfiltrate valuable data
How to catch them before the damage is done with AlienVault USM
Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
How to Detect System Compromise & Data Exfiltration with AlienVault USM
1. Live Demo: How to Detect Data
Exfiltration & System Compromise
2. About AlienVault
AlienVault has unified the security products, intelligence and
community essential for mid-sized businesses to defend against
today’s modern threats
4. Agenda
• The changing threat landscape
• Data infiltration methods
• Data exfiltration methods
• Tips to mitigate these threats
• Demo: using USM to detect system compromise
• Correlation directives
• Incident investigation
5. • More and more organizations are finding
themselves in the crosshairs of various bad
actors for a variety of reasons.
• The number of organizations experiencing high
profile breaches is unprecedented.
• The “security arms race” cannot continue
indefinitely as the economics of securing your
organization is stacked so heavily in favor of
those launching attacks that incremental
security investments are seen as impractical.
Threat landscape: Our new reality
84%
of organizations breached
had evidence of the
breach in their log files…
Source: Verizon Data Breach Report, 2014
6. “There are two types of companies that use
computers. Victims of crime that know they are
victims of crime and victims of crime that don’t
have a clue yet.”
- James Routh, 2007
CISO Depository Trust Clearing Corporation
Prevention is elusive
7.
8. “How would you change your strategy if you
knew for certain that you were going to be
compromised?”
- Martin Roesch, 2013
Founder & CTO Sourcefire, Author SNORT
9. Infiltration (How they get in)
• Man in the middle
• Ad-hoc methods (sniffin packets)
• Purpose-built devices (wifi pineapple)
• Social Engineering
• Easier than you think (who has the keys to your castle?)
• Brute Force password enumeration
• Used in iCloud hack
• Watering Hole/Drive by/Spearphishing
• Deploying RootKits/Trojans
10. Exfiltration (How they get it out)
• Simple encrypted transmission
• HTTP/HTTP
• Posting to WordPress or other sites
• FTP/SFTP/SCP
• Slow & low
• Hide & Seek
• Images
• Video
• Audio (via VOIP)
• New Methods created every day
11. Prevent Detect & Respond
The basics are in
place for most
companies…but
this alone is a
‘proven’ failed
strategy.
New capabilities to develop
Get (Very) good at detection & response
12. Mitigation
• Educate your users to prevent
• Phishing, Social Engineering, etc
• Monitoring
• Netflow/Sflow
• Service Availability
• Direct Monitoring of traffic
• Tagging
• Prevention at proxy level to detect sensitive docs
• Identification of known bad actors
13. Firewalls/Antivirus are not enough
• Firewalls are usually not the target – too difficult to effectively penetrate
• Endpoints are the target, usually via email, url redirects, misc malicious
files, etc.
• With 160,000 new malware
samples seen every day,
antivirus apps will not find
every threat
• Needs to be bolstered by
regular and comprehensive
monitoring
15. AlienVault Labs Threat Intelligence
• Weekly updates to correlation directives to detect emerging threats
• Recent updates related to data exfiltration methods:
• AV Malware, Ajax Security Team Data
Exfiltration
• AV Malware, Operation Machete FTP
exfiltration
• AV attack, malware sending exfiltrating
command output
16. Now for some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Questions? hello@alienvault.com
Notas do Editor
\
Most organizations look like this… there’s a myriad of security solutions in their environment all promising to deliver greater visibility.