Technology in Action Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye, Inc. All rights reserved. 1 AGENDA Disrupting the Malware Killchain – Yogi Chandiramani, System Engineer Director EMEA Key capabilities a Cyber Strategy Needs to Address – Manish Gupta, SVP Products The Cyber Security Maturity Curve – Thibaud Signat – System Engineer Manager Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye,CONFIDENTIAL Inc. All rights reserved. 2 Using Technology to Disrupt the Malware Kill Chain Yogi Chandiramani, Systems Engineer Director - EMEA Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye, Inc. All rights reserved. 3 Kill Chain Model Introduction What is Kill Chain Model …. • Introduced by Lockheed Martin • Defined process to win against Advanced Persistent Threats (APT) • Seven phases characterize the progression of intrusion How will Kill Chain help my Organization…. • Methodology to defend the enterprise network every day • Helps organizations understand how adversaries operate http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf Copyright © 2015, FireEye, Inc. All rights reserved. 4 Kill Chain Process States Copyright © 2015, FireEye, Inc. All rights reserved. 5 Multi vector attacks? Block dynamically outbound connections? Time to deploy? Multi flow attacks? Patch Inline-AV Reconnaissance Weaponization Foolproof to avoid data exfiltration? AV Current Model Firewall IPS Delivery Exploit Copyright © 2015, FireEye, Inc. All rights reserved. Installation Effective Security Efficacy Effective Kill Chain Solution Command & Control Action 6 FireEye Adaptive Defense TECHNOLOGY IDENTIFIES KNOWN, UNKNOWN, AND NON MALWARE BASED THREATS INTEGRATED TO PROTECT ACROSS ALL MAJOR ATTACK VECTORS PATENTED VIRTUAL MACHINE TECHNOLOGY INTELLIGENCE 50 BILLION+ OBJECTS ANALYZED PER DAY FRONT LINE INTEL FROM HUNDREDS OF INCIDENTS MILLIONS OF NETWORK & ENDPOINT SENSORS HUNDREDS OF INTEL AND MALWARE EXPERTS HUNDREDS OF THREAT ACTOR PROFILES DISCOVERED 16 OF THE LAST 22 ZERO-DAYS EXPERTISE “GO-TO” RESPONDERS FOR SECURITY INCIDENTS HUNDREDS OF CONSULTANTS AND ANALYSTS Copyright © 2015, FireEye, Inc. All rights reserved. UNMATCHED EXPERIENCE WITH ADVANCED 7 ATTACKERS WHAT VECTORS DO YOU NEED TO PROTECT? WHAT DO YOU WANT TO KNOW ABOUT THE ATTACKER? HOW DO YOU WANT TO MANAGE AND RESPOND? HOW DO YOU WANT TO ACCOUNT FOR IT? Copyright © 2015, FireEye, Inc. All rights reserved. 8 QUESTIONS? Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye,CONFIDENTIAL Inc. All rights reserved. 9 Key capabilities a Cyber Strategy Needs to Address Manish Gupta, SVP Products Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye, Inc. All rights reserved. 10 FireEye Approach DETECT SIGNATURE-LESS AND MULTI FLOW VIRTUAL MACHINE BASED APPROACH THAT LEVERAGES SUPERIOR THREAT INTELLIGENCE RESPOND REMEDIATION SUPPORT AND THREAT INTELLIGENCE TO RECOVER AND IMPROVE RISK POSTURE Copyright © 2015, FireEye, Inc. All rights reserved. PREVENT MULTI-VECTOR INLINE KNOWN AND UNKNOWN THREAT PREVENTION ANALYZE CONTAINMENT, FORENSICS INVESTIGATION AND KILL CHAIN RECONSTRUCTION 11 Technology to support an Investigation How did the attacker gain initial access to the environment? How did the attacker maintain access? What is the storyline of the attack? What data was stolen from the environment? Have you contained the incident? All stakeholders should understand the answers to avoid creating inaccurate or inconsistent messages when speaking publicly. Copyright © 2015, FireEye, Inc. All rights reserved. 12 FireEye Platform: Magic of MVX 1 FireEye Hardened Hypervisor 2 • Custom hypervisor with built-in countermeasures • Designed for threat analysis Multi-modal Virtual Execution • • • • Multiple Multiple Multiple Multiple operating systems service packs applications file types DTI Enterprise Parallel execution environments Threat Protection at Scale 3 • Over 2,000 simultaneous executions • Multi-stage analysis DTI Cloud Multi-modal Virtual Execution v1 v2 v3 v1 v2 v3 Over 10 micro-tasks FireEye Hardened Hypervisor Hardware Copyright © 2015, FireEye, Inc. All rights reserved. MVX Core 13 Predictive CAMPAIGN TRACKING Proactive HOST FORENSICS Controlled SIEM ACTIONABLE THREAT INTEL SIGNATURELESS TOOLS H/N IPS PROXY Reactive INTEL SHARING FOUNDATIONAL CONTROLS Managed NETWORK FORENSICS TREND & SECURITY ANALYTICS TOOLING CAPABILITIES Evolving Cyber Capabilities THREAT & VULN MGT FW AV AGILE GOVERNANCE & COMMUNICATION Etc… Time / Effort Copyright © 2015, FireEye, Inc. All rights reserved. 14 FireEye Product Update Copyright © 2015, FireEye, Inc. All rights reserved. 15 Questions? Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye, Inc. All rights reserved. 16 WALK THROUGH THE CYBER MATURITY CURVE Thibaud Signat, Systems Engineer Manager Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye, Inc. All rights reserved. 17 The Problem Is The Hacker! IT’S A “WHO,” NOT A “WHAT” THEY ARE PROFESSIONAL, ORGANIZED AND WELL FUNDED IF YOU KICK THEM OUT THEY WILL RETURN THERE’S A HUMAN AT A KEYBOARD NATION-STATE SPONSORED THEY HAVE SPECIFIC OBJECTIVES HIGHLY TAILORED AND CUSTOMIZED ATTACKS ESCALATE SOPHISTICATION OF TACTICS AS NEEDED THEIR GOAL IS LONG-TERM OCCUPATION TARGETED SPECIFICALLY AT YOU RELENTLESSLY FOCUSED ON THEIR OBJECTIVE Copyright © 2015, FireEye, Inc. All rights reserved. PERSISTENCE TOOLS ENSURE ONGOING ACCESS 18 The Risk Conundrum The LIKELIHOOD of a compromise has increased across the board The IMPACT of attacks can be phenomenal The requirement to DETECT & UNDERSTAND PROMPTLY has increased - Cyber savvy public - Breach disclosure Legislation Copyright © 2015, FireEye, Inc. All rights reserved. 19 New Security Paradigm Organizations Must Seek to Eliminate or Reduce the Consequences and Impact of Security Breaches Ability to Operate Through Compromise Threat Intelligence Holistic Visibility (Network & Endpoint) Actionable Threat Intelligence Shift to Threat Centric Security Security Monitoring Copyright © 2015, FireEye, Inc. All rights reserved. Incident Response 20 Reducing the Impact Create Innovative Ways to Detect and Respond to Every Incident in < 10 Minutes Time to Detect Cost of Detection Cost of Response Reputation Risk Minimize organizational risk and allow business to function while under continuous attack • Predictive – Continuously measure enterprise attack surface and model potential threat vectors targeted at critical assets and data • Proactive – Hunt for intrusions. Discover and remediate / compensate for vulnerabilities. • Responsive – Rapid analysis and containment of threats Copyright © 2015, FireEye, Inc. All rights reserved. 21 Where are we on the Cyber Maturity Curve Predictive Proactive FOUNDATIONAL CONTROLS Managed Controlled Reactive AGILE GOVERNANCE & COMMUNICATION Time / Effort Copyright © 2015, FireEye, Inc. All rights reserved. 22 Predictive CAMPAIGN TRACKING Proactive HOST FORENSICS Controlled SIEM ACTIONABLE THREAT INTEL SIGNATURELESS TOOLS H/N IPS PROXY Reactive INTEL SHARING FOUNDATIONAL CONTROLS Managed NETWORK FORENSICS TREND & SECURITY ANALYTICS TOOLING CAPABILITIES Where are you on the Maturity Curve? THREAT & VULN MGT FW AV AGILE GOVERNANCE & COMMUNICATION Etc… Time / Effort Copyright © 2015, FireEye, Inc. All rights reserved. 23 Threat Analytics Platform (TAP) Proactive Managed Controlled FireEye SIEM Web (NX) SIGNATURELESS TOOLS FireEye H/N IPS PROXY Reactive FW AV Continuous TREND & Malware Lab CAMPAIGNVigilance SECURITY ANALYTICS Analysis (AX) TRACKING (CV) Threat Intel (ATI+) HOST FORENSICS ACTIONABLE THREAT INTEL Email (EX) THREAT & VULN MGT FireEye File (FX) Etc… NETWORK FORENSICS Host Network Protection Forensics (HX) (PX) INTEL SHARING Intel Portal (FIC) Mobile Threat Prevention (MTP) Proactive Consulting Services FOUNDATIONAL CONTROLS Predictive TOOLING CAPABILITIES Where Does FireEye Contribute? AGILE GOVERNANCE & COMMUNICATION Time / Effort Copyright © 2015, FireEye, Inc. All rights reserved. 24 QUESTIONS? Copyright © 2015, FireEye, Copyright Inc. All©rights 2015,reserved. FireEye,CONFIDENTIAL Inc. All rights reserved. 25