Published on June 6, 2008
FireEye Network Malware Control System Chad Harrington VP of Marketing FireEye, Inc. Proprietary
Overview Crimeware’s rise to prominence Traditional security barriers collapsing FireEye Network Malware Control System FireEye, Inc. Proprietary 2
Understanding Crimeware Targeted malware for profit Funded by criminal orgs & online markets Allows remote control by external parties Computer-based crimes caused $14.2 billion in damages to businesses around the globe in 2005 Cybercrime now ranks among the FBI’s top priorities behind terrorism & espionage. FireEye, Inc. Proprietary 3
The Crimeware Economy FireEye, Inc. Proprietary 4
Impact of Crimeware Attacks Bottom line losses 20% of notiﬁed Product/service theft customers have Intellectual property stolen ended business PC & bandwidth exploited relationship due to breach Liability & clean-up Customer notifications & lawsuits Data restoration & downtime Brand erosion & loss of customers FireEye, Inc. Proprietary 5
How Does Targeted Malware Infiltrate? 1 Customized attack Common vectors Mobile laptop Employee home machine 3rd party, guest PC Enterprise desktop FireEye, Inc. Proprietary 6
How Does Targeted Malware Infiltrate? 2 Command & control Customized attack Remote Control Established Begin probing network Identify high-value victims Install additional malware Steal data & information FireEye, Inc. Proprietary 7
How Does Targeted Malware Infiltrate? 3 Command & control Customized attack Targeted infiltration FireEye, Inc. Proprietary 8
How Does Targeted Malware Infiltrate? 4 Command Keyloggers & control Customized Password crackers attack Trojans Spam/Phishbots FireEye, Inc. Proprietary 9
Traditional Security Barriers Collapsing “Botnet worm infections can occur even when the impacted organization has the very latest antivirus signatures and is automatically pushing out OS and application patches.” US-CERT whitepaper Crimeware is designed to escape attention Exploits bypass traditional security, such as Firewalls – use open ports Antivirus – be slightly new & different Anomaly detectors – remain calm & look normal FireEye, Inc. Proprietary 10
Targeted Malware Simply Undetectable by Traditional Security Techniques Vulnerable Vulnerability Signature Software Discovered/ or Patch Released Disclosed Released Window of Exploitability Targeted malware has 2 to 6 year window FireEye, Inc. Proprietary 11
FireEye Network Malware Control System Fire Stops botnet & malware infiltration others do not Ensures only compliant PCs gain network access Continuous network traffic analysis Automatic prevention & enforcement FireEye, Inc. Proprietary 12
What is Network Malware Control? Ensure On-connect network access controls ensures only Compliance compliant machines gain network access Continuous Continuous analysis of network activities for botnet Analysis transmissions & infection attempts Automatic Automatically filter out malicious packets, botnet Enforcement transmissions, and block infected machines FireEye, Inc. Proprietary 13
Ensure Compliant Network Access Network access controls - Limit network access to machines with updated AV signatures & OS patches Remote & LAN users Wireless users WAN/VPN Internet Wireless FireEye, Inc. Proprietary 14
Continuous Analysis using the FireEye Attack Confirmation Technology (FACT) An infinite supply of virtual victim machines analyzes network traffic flows for targeted attacks Mirrored network traffic flows FireEye, Inc. Proprietary 15
Automated Prevention & Enforcement Mobility controllers MAC exclusion, VLAN re- assignment to block infected machines from network et Switches ern Close off / restrict network Int access to infected machines to protect customer data and company resources Packet filtering Productive traffic can continue to flow, but malicious traffic is blocked FireEye, Inc. Proprietary 16
Typical FireEye Deployments Eliminate Network Borne Crimeware from Wireless Users Eliminate Network Borne Crimeware From Remote Branch Offices and Stores WAN Data Center Protect Data Center Windows Eliminate Crimeware Servers from Crimeware From Infiltrating from Internet Backbone Internet FireEye, Inc. Proprietary 17
The FireEye Ecosystem Active collaboration with law enforcement, industry, & security researchers to root out crimeware Law enforcement & Military Research institutions Industry participants Enterprise customers Internet Service Providers FireEye, Inc. Proprietary 18
About FireEye, Inc. Dedicated to eradicating malware from the world’s networks Based in Menlo Park, CA Led by an experienced team from Sun, Cisco, Aruba, Symantec, Check Point, & McAfee Online at www.fireeye.com FireEye, Inc. Proprietary 19
www.fireeye.com FireEye, Inc. Proprietary 20
FireEye (FEYE) is a leader in cyber security, protecting organizations from advanced malware, ... Network. Network Security NX Series;
Fire eye spearphishing ... Eye Of The Fire, Network Malware Control System FireEye, Inc. is the leader in network malware control, ...
U, Robot (by Paul W. Smith) By ... The FireEye 4200 is a self-sufficient system performing continuous threat analysis ... FireEye network malware control ...
The system and method ... intrusion detection device analyzes the information in the communication line for indicia of attempts to compromise the network.
Our Ecosystem Partners solve customer ... of the physical and virtual network. Gigamon and its ... Fire Eye-Stealth Malware Security ...
Gigamon > Resources . ... Automating Visibility inside the Cisco Live Network with Gigamon and JDSU. ... intrusion detection system, out-of-band malware, ...
Contact FireEye for a security assessment, ... Network. Network Security NX Series; ... File System and Storage.
Network Access Control; Network Security Best ... FireEye details Cisco router malware in ... Cisco said the system's components can be deployed ...