1Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
Technology in Action
2Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL
AGENDA
Disrupting the Malware Killchain – Yogi Chandiramani, System Engineer Director -
EMEA
Key capabilities a Cyber Strategy Needs to Address – Manish Gupta, SVP Products
The Cyber Security Maturity Curve – Thibaud Signat – System Engineer Manager
3Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
Using Technology to Disrupt the Malware Kill Chain
Yogi Chandiramani, Systems Engineer Director - EMEA
4Copyright © 2015, FireEye, Inc. All rights reserved.
Kill Chain Model Introduction
What is Kill Chain Model ….
• Introduced by Lockheed Martin
• Defined process to win against Advanced Persistent
Threats (APT)
• Seven phases characterize the progression of intrusion
How will Kill Chain help my Organization….
• Methodology to defend the enterprise network every day
• Helps organizations understand how adversaries operate
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
5Copyright © 2015, FireEye, Inc. All rights reserved.
Kill Chain Process States
6Copyright © 2015, FireEye, Inc. All rights reserved.
Effective Kill Chain Solution
Effe
ctive
Se
cu
rity
Current ModelIPS
Inline-AVPatch
AV
Firewall
Reconnaissance Weaponization Delivery Exploit Installation Command &
Control
Action
Effic
acy
Multi vector
attacks?
Multi flow
attacks?
Time to
deploy?
Block
dynamically
outbound
connections?
Foolproof to
avoid data
exfiltration?
7Copyright © 2015, FireEye, Inc. All rights reserved.
TECHNOLOGY
IDENTIFIES KNOWN, UNKNOWN, AND NON
MALWARE BASED THREATS
INTEGRATED TO PROTECT ACROSS ALL MAJOR
ATTACK VECTORS
PATENTED VIRTUAL MACHINE TECHNOLOGY
EXPERTISE
“GO-TO” RESPONDERS FOR SECURITY INCIDENTS
HUNDREDS OF CONSULTANTS AND ANALYSTS
UNMATCHED EXPERIENCE WITH ADVANCED
ATTACKERS
INTELLIGENCE
50 BILLION+ OBJECTS ANALYZED PER DAY
FRONT LINE INTEL FROM HUNDREDS OF INCIDENTS
MILLIONS OF NETWORK & ENDPOINT SENSORS
HUNDREDS OF INTEL AND MALWARE EXPERTS
HUNDREDS OF THREAT ACTOR PROFILES
DISCOVERED 16 OF THE LAST 22 ZERO-DAYS
FireEye Adaptive Defense
8Copyright © 2015, FireEye, Inc. All rights reserved.
HOW DO YOU WANT
TO ACCOUNT FOR IT?
WHAT VECTORS DO
YOU NEED TO PROTECT?
WHAT DO YOU WANT TO
KNOW ABOUT THE ATTACKER?
HOW DO YOU WANT TO
MANAGE AND RESPOND?
9Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL
QUESTIONS?
10Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
Key capabilities a Cyber Strategy Needs to Address
Manish Gupta, SVP Products
11Copyright © 2015, FireEye, Inc. All rights reserved.
FireEye Approach
MULTI-VECTOR
INLINE KNOWN AND
UNKNOWN THREAT
PREVENTION
ANALYZE
SIGNATURE-LESS AND MULTI
FLOW VIRTUAL MACHINE
BASED APPROACH THAT
LEVERAGES SUPERIOR
THREAT INTELLIGENCE
REMEDIATION SUPPORT
AND THREAT INTELLIGENCE
TO RECOVER AND IMPROVE
RISK POSTURE
CONTAINMENT, FORENSICS
INVESTIGATION AND KILL
CHAIN RECONSTRUCTION
RESPOND
DETECT PREVENT
12Copyright © 2015, FireEye, Inc. All rights reserved.
Technology to support an Investigation
How did the attacker gain initial access to the environment?
How did the attacker maintain access?
What is the storyline of the attack?
What data was stolen from the environment?
Have you contained the incident?
All stakeholders should understand the answers to avoid creating
inaccurate or inconsistent messages when speaking publicly.
13Copyright © 2015, FireEye, Inc. All rights reserved.
FireEye Platform: Magic of MVX
• Custom hypervisor with built-in
countermeasures
• Designed for threat analysis
FireEye Hardened Hypervisor 1 Multi-modal Virtual Execution2• Multiple operating systems
• Multiple service packs
• Multiple applications
• Multiple file types
Threat Protection at Scale3• Over 2,000 simultaneous executions
• Multi-stage analysis
Hardware
FireEye Hardened Hypervisor
Multi-modal Virtual Execution
Parallel execution
environments
Over 10 micro-tasks
v1v1 v2 v3 v2 v3
MVX
Core
DTI Enterprise DTI Cloud
14Copyright © 2015, FireEye, Inc. All rights reserved.
Evolving Cyber Capabilities
Predictive
Proactive
Managed
Controlled
Reactive
Time / Effort
GOVERNANCE & COMMUNICATIONAGILE
AVFW
PROXY
H/N IPS THREAT &
VULN MGT
SIGNATURE-
LESS TOOLS
SIEM ACTIONABLE
THREAT INTEL
HOST
FORENSICSINTEL
SHARINGNETWORK
FORENSICS
CAMPAIGN
TRACKING
TREND &
SECURITY
ANALYTICS
FO
UN
DA
TIO
NA
L
CO
NT
RO
LS
TO
OL
ING
CA
PA
BIL
ITIE
S
Etc…
15Copyright © 2015, FireEye, Inc. All rights reserved.
FireEye Product Update
16Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
Questions?
17Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.
WALK THROUGH THE CYBER MATURITY CURVE
Thibaud Signat, Systems Engineer Manager
18Copyright © 2015, FireEye, Inc. All rights reserved.
The Problem Is The Hacker!
IT’S A “WHO,”NOT A “WHAT”
THERE’S A HUMAN AT A
KEYBOARD
HIGHLY TAILORED AND
CUSTOMIZED ATTACKS
TARGETED SPECIFICALLY
AT YOU
THEY ARE PROFESSIONAL, ORGANIZED AND WELL FUNDED
NATION-STATE
SPONSORED
ESCALATE
SOPHISTICATION OF
TACTICS AS NEEDED
RELENTLESSLY FOCUSED
ON THEIR OBJECTIVE
IF YOU KICK THEM OUT THEY WILL RETURN
THEY HAVE SPECIFIC
OBJECTIVES
THEIR GOAL IS LONG-TERM
OCCUPATION
PERSISTENCE TOOLS ENSURE
ONGOING ACCESS
19Copyright © 2015, FireEye, Inc. All rights reserved.
The Risk Conundrum
The LIKELIHOOD of a compromise has increased across the
board
The IMPACT of attacks can be phenomenal
The requirement to DETECT & UNDERSTAND PROMPTLY has
increased
- Cyber savvy public
- Breach disclosure Legislation
20Copyright © 2015, FireEye, Inc. All rights reserved.
New Security Paradigm
Ability to Operate Through Compromise
Holistic Visibility (Network & Endpoint)
Actionable Threat Intelligence
Shift to Threat Centric Security
Threat Intelligence
Incident Response
Security Monitoring
Organizations Must Seek to Eliminate or
Reduce the Consequences and Impact of
Security Breaches
21Copyright © 2015, FireEye, Inc. All rights reserved.
Reducing the Impact
Create Innovative Ways to Detect and Respond to Every Incident in < 10 Minutes
Time to
Detect
Cost of
Response
Cost of
Detection
Reputation
Risk
Minimize organizational risk and allow business to function while under continuous attack
• Predictive – Continuously measure enterprise attack surface and model potential threat vectors
targeted at critical assets and data
• Proactive – Hunt for intrusions. Discover and remediate / compensate for vulnerabilities.
• Responsive – Rapid analysis and containment of threats
22Copyright © 2015, FireEye, Inc. All rights reserved.
Where are we on the Cyber Maturity Curve
Predictive
Proactive
Managed
Controlled
Reactive
Time / Effort
GOVERNANCE & COMMUNICATIONAGILE
FO
UN
DA
TIO
NA
L
CO
NT
RO
LS
23Copyright © 2015, FireEye, Inc. All rights reserved.
Where are you on the Maturity Curve?
Predictive
Proactive
Managed
Controlled
Reactive
Time / Effort
GOVERNANCE & COMMUNICATIONAGILE
AVFW
PROXY
H/N IPS THREAT &
VULN MGT
SIGNATURE-
LESS TOOLS
SIEM ACTIONABLE
THREAT INTEL
HOST
FORENSICSINTEL
SHARINGNETWORK
FORENSICS
CAMPAIGN
TRACKING
TREND &
SECURITY
ANALYTICS
FO
UN
DA
TIO
NA
L
CO
NT
RO
LS
TO
OL
ING
CA
PA
BIL
ITIE
S
Etc…
24Copyright © 2015, FireEye, Inc. All rights reserved.
Where Does FireEye Contribute?
Predictive
Proactive
Managed
Controlled
Reactive
Time / Effort
GOVERNANCE & COMMUNICATIONAGILE
AVFW
PROXY
H/N IPS THREAT &
VULN MGT
SIGNATURE-
LESS TOOLS
SIEM ACTIONABLE
THREAT INTEL
HOST
FORENSICSINTEL
SHARINGNETWORK
FORENSICS
CAMPAIGN
TRACKING
TREND &
SECURITY
ANALYTICS
FO
UN
DA
TIO
NA
L
CO
NT
RO
LS
TO
OL
ING
CA
PA
BIL
ITIE
S
Etc…
FireEye
Web (NX)
FireEye
Email (EX)
Host
Protection
(HX)
Network
Forensics
(PX)
Threat
Intel
(ATI+)Intel Portal
(FIC)
Threat
Analytics
Platform
(TAP)
Proactive
Consulting
Services
Continuous
Vigilance
(CV)
FireEye
File (FX)
Malware Lab
Analysis (AX)
Mobile Threat
Prevention (MTP)
25Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL
QUESTIONS?