Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Slides Deck 1

Advanced Persistent
Threat
Sachin Deshmanya & Srinivas Matta
© Copyright 2011 EMC Corporation. All rights reserved.
1
Agenda
• Defining APT
• Evolution of threat models
• Intention of such threats
• How to gear up for such a threat
© Copyright 2011 EMC Corporation. All rights reserved.
2
What is APT
• Advanced
– Sophisticated.
– Targeted.
– With a purpose.
• Persistent
– Continued efforts to achieve the goal.
– Month after month, even years.
• Threat
– Are resourceful, capable.
– Are determined to achieve the goals.
© Copyright 2011 EMC Corporation. All rights reserved.
3
Intrusion kill chain
Chain is a series of process such as find, fix, track, target, engage and assess.
So find the targets for engagement, fix their location, track and keep an eye, target with
suitable weapon, engage, assess the effects. This is called a chain because any
interruption breaks the entire process.
Different Stages
Reconnaissance
Research, identification and selection of targets.
Weaponization
Coupling a remote access Trojan with an exploit into a
deliverable payload.
Delivery
Transmission of weapon into the target network.
Exploitation
Once a weapon is delivered, the intruders code
exploits a vulnerability of an application OR operating
system.
Installation
Installation of remote access Trojan, allows backdoor
entry.
Command and Control Compromised host forms a channel to controlled
servers.
Actions on objectives
© Copyright 2011 EMC Corporation. All rights reserved.
Once the above phases are complete, intruders take
actions to achieve original goal.
4
Differentiator, evolution of threats
Traditional Virus/Malware
APT
Target random networks/hosts.
Target specific network/hosts.
Probably of getting detected are
high by AV as their signatures
get detected.
Combination of malware used,
signatures go undetected
because of this.
The effects become visible over
a period of time, as large
network/hosts get infected.
The idea is to lay low over a
significant period of time.
A good firewall OR intrusion
detection system can prevent
entry by signature checking.
Carrier is mostly through
content, which uses well known
ports (80, 443 etc.) and known
protocol http, https etc.
© Copyright 2011 EMC Corporation. All rights reserved.
5
Different techniques used in an APT
• Social engineering
emails
• Spear phishing emails
© Copyright 2011 EMC Corporation. All rights reserved.
6
Different techniques used in an APT
• Zero Day exploits
© Copyright 2011 EMC Corporation. All rights reserved.
7
Am I a APT victim, how to gear up?
• How to figure out you are a victim of APT attack?
• What to look out for?
•
•
•
•
•
•
May get unnoticed by a single AV/IDS.
Analyzing network layered packets is good way to start.
Log analyses from various sources with co-relation should help.
Monitoring end points for suspicious behavior.
Good asset management should be in place, guard critical systems.
Monitoring critical asset’s is very important.
Finding needle in a hay stack.
© Copyright 2011 EMC Corporation. All rights reserved.
8
Am I a APT victim, how to gear up?
• What to look out for?
• Multi layered defense is
needed.
• We are moving towards intelligence driven security
systems.
© Copyright 2011 EMC Corporation. All rights reserved.
9
RSA Security Analytics
RSA Security Analytics gives security teams the ability to unleash their full potential and
stand tall against today’s attackers by evolving from a traditional log-centric approach to
one with better visibility, analysis, and workflow
© Copyright 2011 EMC Corporation. All rights reserved.
10
Related documents
report on CG:APT - Computational Geometry Pages
report on CG:APT - Computational Geometry Pages
PL_AutoAdvice503
PL_AutoAdvice503
Enabling traceability and transparency with standards
Enabling traceability and transparency with standards
Minutes - Santiago Canyon College
Minutes - Santiago Canyon College
Host Environment
Host Environment
Preparation for GP - JJC General Paper Wiki
Preparation for GP - JJC General Paper Wiki
Data Center Infrastructure
Data Center Infrastructure
Online File Synchronization and Sharing for the
Online File Synchronization and Sharing for the
EMC Product Portfolio – August, 2014
EMC Product Portfolio – August, 2014
all
all
EMC_Cloud_Tiering_Appliance_Technical_Overview
EMC_Cloud_Tiering_Appliance_Technical_Overview
R_MOD_14-Basic_Network_Configuration_for_File
R_MOD_14-Basic_Network_Configuration_for_File
DRAFT
DRAFT
EMC-Data Domain First Call Pitch Sept 09
EMC-Data Domain First Call Pitch Sept 09
R_MOD_02-Storage_System_Configuration_and_Management
R_MOD_02-Storage_System_Configuration_and_Management
Link to Presentation
Link to Presentation
Eastcape Midlands College-Walsall Consortium
Eastcape Midlands College-Walsall Consortium
Title Only
Title Only
Graduate Student Opportunities for MS and PHD Students
Graduate Student Opportunities for MS and PHD Students
Quality Management
Quality Management
EMC INFORMATION INFRASTRUCTURE PRODUCTS DIVISION
EMC INFORMATION INFRASTRUCTURE PRODUCTS DIVISION
TITLE 44 POINT META NORMAL LF ALL CAPS
TITLE 44 POINT META NORMAL LF ALL CAPS
Download