Technology in Action
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye, Inc. All rights reserved.
1
AGENDA
Disrupting the Malware Killchain – Yogi Chandiramani, System Engineer Director EMEA
Key capabilities a Cyber Strategy Needs to Address – Manish Gupta, SVP Products
The Cyber Security Maturity Curve – Thibaud Signat – System Engineer Manager
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye,CONFIDENTIAL
Inc. All rights reserved.
2
Using Technology to Disrupt the Malware Kill Chain
Yogi Chandiramani, Systems Engineer Director - EMEA
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye, Inc. All rights reserved.
3
Kill Chain Model Introduction
What is Kill Chain Model ….
• Introduced by Lockheed Martin
• Defined process to win against Advanced Persistent
Threats (APT)
• Seven phases characterize the progression of intrusion
How will Kill Chain help my Organization….
• Methodology to defend the enterprise network every day
• Helps organizations understand how adversaries operate
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
Copyright © 2015, FireEye, Inc. All rights reserved.
4
Kill Chain Process States
Copyright © 2015, FireEye, Inc. All rights reserved.
5
Multi vector
attacks?
Block
dynamically
outbound
connections?
Time to
deploy?
Multi flow
attacks?
Patch
Inline-AV
Reconnaissance Weaponization
Foolproof to
avoid data
exfiltration?
AV
Current Model
Firewall
IPS
Delivery
Exploit
Copyright © 2015, FireEye, Inc. All rights reserved.
Installation
Effective Security
Efficacy
Effective Kill Chain Solution
Command &
Control
Action
6
FireEye Adaptive Defense
TECHNOLOGY
IDENTIFIES KNOWN, UNKNOWN, AND NON
MALWARE BASED THREATS
INTEGRATED TO PROTECT ACROSS ALL MAJOR
ATTACK VECTORS
PATENTED VIRTUAL MACHINE TECHNOLOGY
INTELLIGENCE
50 BILLION+ OBJECTS ANALYZED PER DAY
FRONT LINE INTEL FROM HUNDREDS OF INCIDENTS
MILLIONS OF NETWORK & ENDPOINT SENSORS
HUNDREDS OF INTEL AND MALWARE EXPERTS
HUNDREDS OF THREAT ACTOR PROFILES
DISCOVERED 16 OF THE LAST 22 ZERO-DAYS
EXPERTISE
“GO-TO” RESPONDERS FOR SECURITY INCIDENTS
HUNDREDS OF CONSULTANTS AND ANALYSTS
Copyright © 2015, FireEye, Inc. All rights reserved.
UNMATCHED EXPERIENCE WITH ADVANCED
7
ATTACKERS
WHAT VECTORS DO
YOU NEED TO PROTECT?
WHAT DO YOU WANT TO
KNOW ABOUT THE ATTACKER?
HOW DO YOU WANT TO
MANAGE AND RESPOND?
HOW DO YOU WANT
TO ACCOUNT FOR IT?
Copyright © 2015, FireEye, Inc. All rights reserved.
8
QUESTIONS?
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye,CONFIDENTIAL
Inc. All rights reserved.
9
Key capabilities a Cyber Strategy Needs to Address
Manish Gupta, SVP Products
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye, Inc. All rights reserved.
10
FireEye Approach
DETECT
SIGNATURE-LESS AND MULTI
FLOW VIRTUAL MACHINE
BASED APPROACH THAT
LEVERAGES SUPERIOR
THREAT INTELLIGENCE
RESPOND
REMEDIATION SUPPORT
AND THREAT INTELLIGENCE
TO RECOVER AND IMPROVE
RISK POSTURE
Copyright © 2015, FireEye, Inc. All rights reserved.
PREVENT
MULTI-VECTOR
INLINE KNOWN AND
UNKNOWN THREAT
PREVENTION
ANALYZE
CONTAINMENT, FORENSICS
INVESTIGATION AND KILL
CHAIN RECONSTRUCTION
11
Technology to support an Investigation
 How did the attacker gain initial access to the environment?
 How did the attacker maintain access?
 What is the storyline of the attack?
 What data was stolen from the environment?
 Have you contained the incident?
All stakeholders should understand the answers to avoid creating
inaccurate or inconsistent messages when speaking publicly.
Copyright © 2015, FireEye, Inc. All rights reserved.
12
FireEye Platform: Magic of MVX
1
FireEye Hardened Hypervisor
2
• Custom hypervisor with built-in
countermeasures
• Designed for threat analysis
Multi-modal Virtual Execution
•
•
•
•
Multiple
Multiple
Multiple
Multiple
operating systems
service packs
applications
file types
DTI Enterprise
Parallel execution
environments
Threat Protection at Scale
3
• Over 2,000 simultaneous executions
• Multi-stage analysis
DTI Cloud
Multi-modal Virtual Execution
v1
v2
v3
v1
v2
v3
Over 10 micro-tasks
FireEye Hardened Hypervisor
Hardware
Copyright © 2015, FireEye, Inc. All rights reserved.
MVX
Core
13
Predictive
CAMPAIGN
TRACKING
Proactive
HOST
FORENSICS
Controlled
SIEM
ACTIONABLE
THREAT INTEL
SIGNATURELESS TOOLS
H/N IPS
PROXY
Reactive
INTEL
SHARING
FOUNDATIONAL
CONTROLS
Managed
NETWORK
FORENSICS
TREND &
SECURITY
ANALYTICS
TOOLING
CAPABILITIES
Evolving Cyber Capabilities
THREAT &
VULN MGT
FW AV
AGILE GOVERNANCE & COMMUNICATION
Etc…
Time / Effort
Copyright © 2015, FireEye, Inc. All rights reserved.
14
FireEye Product Update
Copyright © 2015, FireEye, Inc. All rights reserved.
15
Questions?
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye, Inc. All rights reserved.
16
WALK THROUGH THE CYBER MATURITY CURVE
Thibaud Signat, Systems Engineer Manager
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye, Inc. All rights reserved.
17
The Problem Is The Hacker!
IT’S A “WHO,”
NOT A “WHAT”
THEY ARE
PROFESSIONAL,
ORGANIZED AND
WELL FUNDED
IF YOU KICK THEM
OUT THEY WILL
RETURN
THERE’S A HUMAN AT A
KEYBOARD
NATION-STATE
SPONSORED
THEY HAVE SPECIFIC
OBJECTIVES
HIGHLY TAILORED AND
CUSTOMIZED ATTACKS
ESCALATE
SOPHISTICATION OF
TACTICS AS NEEDED
THEIR GOAL IS LONG-TERM
OCCUPATION
TARGETED SPECIFICALLY
AT YOU
RELENTLESSLY FOCUSED
ON THEIR OBJECTIVE
Copyright © 2015, FireEye, Inc. All rights reserved.
PERSISTENCE TOOLS ENSURE
ONGOING ACCESS
18
The Risk Conundrum
 The LIKELIHOOD of a compromise has increased across the
board
 The IMPACT of attacks can be phenomenal
 The requirement to DETECT & UNDERSTAND PROMPTLY has
increased
- Cyber savvy public
- Breach disclosure Legislation
Copyright © 2015, FireEye, Inc. All rights reserved.
19
New Security Paradigm
Organizations Must Seek to Eliminate or
Reduce the Consequences and Impact of
Security Breaches
 Ability to Operate Through Compromise
Threat
Intelligence
 Holistic Visibility (Network & Endpoint)
 Actionable Threat Intelligence
 Shift to Threat Centric Security
Security
Monitoring
Copyright © 2015, FireEye, Inc. All rights reserved.
Incident
Response
20
Reducing the Impact
Create Innovative Ways to Detect and Respond to Every Incident in < 10 Minutes
Time to
Detect
Cost of
Detection
Cost of
Response
Reputation
Risk
Minimize organizational risk and allow business to function while under continuous attack
• Predictive – Continuously measure enterprise attack surface and model potential threat vectors
targeted at critical assets and data
• Proactive – Hunt for intrusions. Discover and remediate / compensate for vulnerabilities.
• Responsive – Rapid analysis and containment of threats
Copyright © 2015, FireEye, Inc. All rights reserved.
21
Where are we on the Cyber Maturity Curve
Predictive
Proactive
FOUNDATIONAL
CONTROLS
Managed
Controlled
Reactive
AGILE GOVERNANCE & COMMUNICATION
Time / Effort
Copyright © 2015, FireEye, Inc. All rights reserved.
22
Predictive
CAMPAIGN
TRACKING
Proactive
HOST
FORENSICS
Controlled
SIEM
ACTIONABLE
THREAT INTEL
SIGNATURELESS TOOLS
H/N IPS
PROXY
Reactive
INTEL
SHARING
FOUNDATIONAL
CONTROLS
Managed
NETWORK
FORENSICS
TREND &
SECURITY
ANALYTICS
TOOLING
CAPABILITIES
Where are you on the Maturity Curve?
THREAT &
VULN MGT
FW AV
AGILE GOVERNANCE & COMMUNICATION
Etc…
Time / Effort
Copyright © 2015, FireEye, Inc. All rights reserved.
23
Threat
Analytics
Platform
(TAP)
Proactive
Managed
Controlled
FireEye
SIEM
Web (NX)
SIGNATURELESS TOOLS
FireEye
H/N IPS
PROXY
Reactive
FW AV
Continuous TREND &
Malware Lab CAMPAIGNVigilance SECURITY
ANALYTICS
Analysis (AX) TRACKING (CV)
Threat
Intel
(ATI+)
HOST
FORENSICS
ACTIONABLE
THREAT INTEL
Email (EX)
THREAT &
VULN MGT FireEye
File (FX)
Etc…
NETWORK
FORENSICS
Host
Network
Protection
Forensics
(HX)
(PX)
INTEL
SHARING
Intel Portal
(FIC)
Mobile Threat
Prevention (MTP)
Proactive
Consulting
Services
FOUNDATIONAL
CONTROLS
Predictive
TOOLING
CAPABILITIES
Where Does FireEye Contribute?
AGILE GOVERNANCE & COMMUNICATION
Time / Effort
Copyright © 2015, FireEye, Inc. All rights reserved.
24
QUESTIONS?
Copyright © 2015, FireEye,
Copyright
Inc. All©rights
2015,reserved.
FireEye,CONFIDENTIAL
Inc. All rights reserved.
25