advanced cyber attacks - is-summit.com · sr. systems engineer. what would you do if you had 101...
TRANSCRIPT
Advanced Cyber AttacksInnovative Security Summit 2018
7th May 2018
Aidmar Househ, CISSP, CEH, ECSA, PMPSr. Systems Engineer
What would you do if youhad 101 days of time?
©2018 FireEye | Private & Confidential
Zoom in to EMEA
©2018 FireEye | Private & Confidential
EMEA organizations investigated in 2017, by industry
4
7%
5%
18%
7%
4%
22% 12%2%
24%
Other
Business &
Professional Services
Energy
Healthcare
High Tech
Government
Retail &
Hospitality
Entertainment &
Media
Financial
©2018 FireEye | Private & Confidential
Notification by Source
5
External Notification
Internal Notification
©2018 FireEye | Private & Confidential
Newly Named APT Groups
Mar. 20, 2017 Nov. 14, 2017
TEMP EVIL TRACKING X 1000s
Aug. 21, 2017 Dec. 15, 2017
TTP TargetProfile
AttackMotivation
SponsoringNation
The raise of Iran
7
©2018 FireEye | Private & Confidential
Uniquely Positioned to Understand AttackersAn unparalleled knowledge repository on all stages of attacker operations
Adversary IntelligenceDeploying global researchers
with local knowledge
• 22 countries
• 30+ languages
• 150+ analysts and
researchers
Machine IntelligenceGenerating attack telemetry globally
• 15,000 network sensors
• 56 countries
• Generating tens of millions of MVX
detonations per hour
Victim Intelligence
Responding to the most significant
breaches
• 14+ years of investigative
expertise
• 200+ of the Fortune 500
• 26 countries with consultants
Campaign Intelligence
Witnessing attacks as they unfold
• 7 Security Operations Centers
• 99m+ events ingested
• 21m+ alerts validated by Intel
• 33,700+ incidents dispositioned
©2018 FireEye | Private & Confidential
Strengthen
Position within
Target
Establish
Foothold
Package and
Steal Target Data
Complete
Mission
Initial
Compromise
Lateral
Movement
Maintain
Presence
Initial
Recon
Steal Valid User
Credentials
Escalate
Privileges
Identify
Target Data
Internal
Recon
Identify
Exploitable
Vulnerabilities
Gain Initial
Access
Into Target
Attack Lifecycle
PREVENTION
DWELL TIME / IMPACT 175 Days!
RESPONSE
DETECTION
Malware Problem Human Attacker Problem
Endpoint EPP Endpoint EDR
Tactical Intelligence Operational Threat Intelligence
MSSP Managed Defence
Breach
©2018 FireEye | Private & Confidential
Detection and Investigation… along the Attack Lifecycle
10
Att
ac
k L
ife
cy
cle
Ph
ase
s
14%
22%
20%
10%
7%
19%
8%
0% 5% 10% 15% 20% 25%
Complete Mission
Maintain Persistence
Lateral Movement
Internal Reconnaissance
Escalate Privileges
Establish Foothold
Initial Compromise
Percentage of Evidence Provided
LESSONS LEARNED AND OUTLOOK
11
©2018 FireEye | Private & Confidential
IT’S ALL ABOUT THE PLAN-HYGIENE
ASSESS & PLAN
Security Risk
Management
Identity and
Access Mgmt
Data
Protection
Incident
ResponseNetwork, Cloud
& DC ProtectionHost and Endpoint
Protection
©2018 FireEye | Private & Confidential
INTELLIGENCE
INTELLIGENCE LED SECURITY AS A PROGRAM
Threat Profile
Threat Modeling Defensive Planning
Tactical Prioritization
Automated Workflows
Response Efficiency
Proactive Hunting
©2018 FireEye | Private & Confidential
VISIBILITY
YOU NEED TO SEE, TO UNDERSTAND
Network
Host
Application
©2018 FireEye | Private & Confidential
RESPONSIVENESS
TIME, TIME IS ALL ABOUT TIME
Thank [email protected]