Published on March 6, 2014
Advanced Targeted Attack Enabling a Smart Protection Strategy – Trend Micro Approach Manas Sarkar Head Technical Consultancy – India & SAARC
2.4B Internet Users 1 665M Web Sites 1 Trillion+ 3 URLs indexed by Google 2 54% 1B of Facebook Access is via Mobile Facebook Users 6 427M 4 Smart Phones Sold Last Year 5 Sources – 1: Internet World Stats, Dec 2012; 2: Google, 2008; 3: NetCraft Site Data, July 2012; 4: Facebook, Oct 2012; 5: Gartner 2012; 6: SocialBakers, May 2012; Copyright 2013 Trend Micro Inc.
Unprecedented Adoption Rates 66.1M iPads 21.2M iPhones 1.3M 0 1 iPods 2 Source: KPCB, Apple Quarterly Results Copyright 2013 Trend Micro Inc. 3 4 5 6 7 8
Source: Asymco.com, June 2012 Copyright 2013 Trend Micro Inc.
1 Million Users 9 Days 9 Months 9 Years Source: ReadWriteWeb, March 2012 Copyright 2013 Trend Micro Inc.
90 2.5 % INFORMATION CREATED IN HAS BECOME QUINTILLION BYTES OF YEARS LAST 2 DATA/DAY! YOUR MOST STRATEGIC ASSET Source: IBM Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013
Payment Card Industry (PCI) Protected Health Information (PHI) 1 55 90 COMMERCIAL EXPLOIT KITS NEW THREAT CREATED ORGANIZATIONS HAVE NOT EVEN AWARE OF USED BY VIRTUALLY ALL EVERY SECOND ACTIVE MALWARE INTRUSIONS % EASTERN EUROPEAN CYBERCRIMINALS Intellectual Property (IP) Personally Identifiable Information (PII) Copyright 2013 Trend Micro Inc. SALES KICKOFF 2013
Threat Landscape DAMAGE CAUSED • Now, it’s personal • Financially motivated. Evolution to Cybercrime most valuable assets • Targeting CRIMEWARE Intelligent Botnets Worm Outbreaks Vulnerabilities 2001 Spam Mass Mailers 2003 Web Threats Mobile Targeted Attacks Attacks Spyware 2004 2005 2007 2010 2012+
What do modern attacks have in common?
What do they need to make money?
Challenges with current security controls • AV just doesn’t work with APT – 63% of malware used in APT are customized • Employees are the weakest link in security – Spear-phishing a common tactic • Firewall and IDS/IPS are ineffective – Open standard ports and protocols for access • Vulnerabilities & Zero-day Exploits – What percentage of your servers and endpoints are patched? • Organizations don’t know they’re being targeted – Low and Slow – stealthy, unlike a virus outbreak.
Today’s Attacks: Social, Sophisticated, Stealthy! Gathers intelligence about organization and individuals Targets individuals using social engineering Attacker Establishes Command & Control server $$$$ Extracts data of interest – can go undetected for months! Moves laterally across network seeking data of interest Employees
Gathers intelligence about organization and individuals Targets individuals using social engineering $$$$ Attacker Extracts data of interest – can go undetected for months! Establishes Command & Control server Moves laterally across network seeking data of interest Employees A Custom Attack NEEDS a Custom Defense! Security Malicious Content Network Admin Suspect Communication Attacker Behavior
A Custom Defense Lifecycle Detect malware, communicati ons and behavior invisible to standard defenses Network-wide Detection Analyze the risk and characteristics of the attack and attacker Custom Sandboxes Advanced Threat Analysis Adapt security automatically (IP black lists, custom signatures…) Threat Intelligence Automated Security Updates Custom Defense Strategy Security Network Admin Respond using the insight needed to respond to your specific attackers Services and Support
Visibility of Network Malicious content • Embedded doc exploits • Drive-by downloads • Zero-day • Malware Suspicious communication • C&C access • Data stealing • Worms • Backdoor activity… Attack behavior • Propagation & dropper • Vuln. scan & bruteforce • Data exfiltration… DDI 0100100 0101 FW Gateway IPS Anti-virus software
... Big Data Analytics, Networking, Cloud Computing & Security ... Shri Manas Sarkar, Trendmicro ... Big Data Analytics: ...