Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Defending Against Targeted Attacks Nilesh Bhandari
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Request for review
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope alls well since Verizon.
Best regards,
Sean
Sean Porter
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Evolution of Threat Landscape
Evolution of Outbound Protection
HIGH
Volume
HIGH
$ IMPACT
LOW
Volume
LOW
$ IMPACT
HIGH
Volume
LOW
$ VALUE
LOW
Volume
HIGH
$ VALUE
CEO
CFO
SPAM MASS EMAIL ADOPTION
Custom URL
Targeted Attacks
Image Spam
Botnets
Conficker Aurora
Covert, Sponsored Targeted Attacks
CUSTOMER ASSETS COMPLIANCE Identity Aware
Data Classification
TLS
Encrypt Everything
HIPAA
State Regulations
Brand
Quarantine Filter
DLP
Intellectual Property
Social Security Numbers PCI
PHISHING
VIRUS OUTBREAKS
T O D A Y P A S T
Attachment-based
Slammer
Worms
Network Evasions Polymorphic Code
Code Red Stuxnet
IPv6-based Attacks
Integrated DLP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Attributes:
Very low volume
Focus on individual or group with highly-personalized data
Typically rely on malware to harvest information
Typically transparent to end-user
Examples:
Spearphishing
Personalized Scams
Targeted Malware Emails
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Industry in Transition
$0
$200
$400
$600
$800
$1,000
$1,200
$1,400
2008 2009 2010 2011
Spearphishing Attacks
Personalized Scams and Malicious Attacks
Spam
Personalized Attacks
Targeted Malware
Cyb
erc
rim
ina
l B
en
efi
t ($
M)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
EXAMPLE OF A
TYPICAL CAMPAIGN
MASS PHISHING ATTACK
(Single Campaign)
SPEARPHISHING ATTACK
(Single Campaign)
Total Messages Sent in Campaign 1,000,000 1,000
Victims 8 2
Value per Victim $2,000 $80,000
Total Value from Campaign $16,000 $160,000
Total Cost for Campaign $2,000 $10,000
Total Profit from Campaign $14,000 $150,000
Cybercriminal Perspective
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Targeted Attacks have quadrupled in the last year.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Request for review
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope alls well since Verizon.
Best regards,
Sean
Sean Spoofed
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Fast, Accurate Protection
Cisco AnyConnect
Any Device, Anywhere
Corporate Headquarters
Web
ISP Datacenter
Firewall/IPS
Branch Office
Threat Telemetry Threat Telemetry Cisco SIO
30% Email Visibility 7 Million NEW URLs 1 Million Devices Millions Globally
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Outbreak Filters IPAS Reputation Filters
? ? ?
Block 90%
of Spam
>99% Catch Rate
< 1/1M False Positives
?
?
? ?
?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Request for review
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope alls well since Verizon.
Best regards,
Sean
Sean Spoofed
After
http://www.threatlink.com/
Before
http://secure-web.cisco.com/
auth=X&URL=www.threatlink.com
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Identified: Targeted Attack
Content: Malware Payload
Vector: Email
Action: Blocked
7 MUpdates per Day
1TbThreat Telemetry
Request for review
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope alls well since Verizon.
Best regards,
Sean
Sean Spoofed
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Malware Payload Blocked
http://secure-web.cisco.com…
The requested web page has been blocked
http://www.threatlink.com
Cisco Email and Web Security protects your
organization’s network from malicious software.
Malware is designed to look like a legitimate email
or website which accesses your computer, hides
itself in your system, and damages files.
Cisco Security
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
INBOUND SECURITY
Spam and Malware
Targeted Attacks
OUTBOUND SECURITY
Data Loss Prevention
Encryption
Centralized Management and Reporting
Mobility Enabled
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Comprehensive
• 100+ Pre-defined policies
• Integrated tracking/reporting
Accurate
• Multiple parameters
• Key words, proximity, etc.
Easy
• One-click activation
• Identity based policies
Extensible
• Email Policies can apply to Network, Endpoints and DC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Free 30 Day Trial
Security Reports:
www.cisco.com/go/targetedattacks
www.cisco.com/go/security
Contact Your Cisco Rep
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Thank you.