Upload
seculert
View
186
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Over the last few years Seculert and other leading security companies have discovered many advanced malwares lurking on company networks that have gone undetected by standard advanced threat prevention solutions. Enterprises are now realizing that they need to find alternative solutions to protect their network. Learn why depending on malware prevention alone is no longer an option. Join Seculert’s CTO Aviv Raff for an in-depth webinar. Aviv Raff will address: - How recent malware such as Dexter and Shamoon entered company networks despite their APT prevention systems - How Seculert discovered Shamoon - Why your peers are moving to malware detection instead of prevention - How Big Data is an indispensable tool to fight Advanced Persistent Threats Raff is responsible for the fundamental research and design of Seculert’s core technology. Don’t miss out on hearing from the expert.
Citation preview
© 2013 Seculert Company, All Rights Reserved
Why Depending On Malware Prevention Alone Is No Longer An Option
WEBINAR
July 18, 2013
Welcome
Aviv RaffChief Technology Officer
2© 2013 Seculert Company, All Rights Reserved
Debbie Cohen-AbravanelVP Online Marketing
Are you on Twitter? Use #seculertjuly2013 to connect with us during and after the presentation.
Advanced Threats in the News
3#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
Define Target
Create/Acquire Malware
Researchthe Target
"QA" for Detection
Infect the Target"Call ..Home"
ExpandAccess
ExtractData
EnhancePresence
Stay Undetected .
How Advanced Threats Work
4
1. Preparation
2. Infection
3. Deployment
4. Persistence
AdvancedPersistent
Threat
1
23
4
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
Define Target
Create/Acquire Malware
Researchthe Target
"QA" for Detection
Infect the Target"Call ..Home"
ExpandAccess
ExtractData
EnhancePresence
Stay Undetected .
Traditional Defenses
5
• Focus on prevention:– Endpoint products– Firewalls– IPS / IDS
• Is 100% prevention really feasible?– 0-day exploits– Spear-phishing– Remote access (VPN)
– BYOD– Partners– Physical access
AdvancedPersistent
Threat
1
23
4
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
• Shamoon is a 2-stage attack targeting Oil & Energy companies
• Comprised of 3 modules– Dropper– Reporter– Wiper
• Extracting data via an internal infected machine proxy
6
Shamoon Targeted Attack
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved
• Spreading itself on the local network via Scheduled Tasks
• Abuse a legitimate & signed RawDisk driver to wipe MBR
• Wiper module Time Bomb– Wipe drive and MBR at
specified dates and times– Others copycat this capability
Shamoon Targeted Attack
#seculertjuly2013© 2013 Seculert Company, All Rights Reserved 7
• Initial attack vector is still unknown– Physical access / Insider– Partner– Spear phishing
• Time based attack (time bomb)• Worm spreading in local network• Using local machine as a proxy• Most of the victim companies were using
solutions which are focused on prevention
Shamoon – Why It Wasn’t Prevented?
#seculertjuly2013 8© 2013 Seculert Company, All Rights Reserved
• A customer uploaded a suspicious file to the Seculert Elastic Sandbox
• Malware behavioral profile was automatically created
• Shamoon was detected on another customer using Big Data analysis of their gateway traffic logs
• Customers use Seculert API to enhance their on-premises security devices to protect against Shamoon
How Seculert Identified Shamoon?
#seculertjuly2013 9© 2013 Seculert Company, All Rights Reserved
From Prevention to Protection
Persistent attacks require a new approach
Big Data analytics
Long-term analysis
Advanced malware profiling
Automated expertise
#seculertjuly2013 10© 2013 Seculert Company, All Rights Reserved
11 © 2013 Seculert Company Confidential, All Rights Reserved
Don’t forget to use
#seculertjuly2013 on Twitter!
Visit us at: TT17
Q & A
#seculertjuly2013 12© 2013 Seculert Company, All Rights Reserved
Thank Youseculert.com/signup
13© 2013 Seculert Company, All Rights Reserved
Don’t forget to use
#seculertjuly2013 on Twitter!