how to detect system compromise & data exfiltration with alienvault usm
TRANSCRIPT
![Page 1: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/1.jpg)
Live Demo: How to Detect Data Exfiltration & System Compromise
![Page 2: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/2.jpg)
About AlienVault
AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against
today’s modern threats
![Page 3: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/3.jpg)
Introductions
Garrett GrossSr. Technical Product Marketing Mgr
Mark AllenTechnical Sales Engineer
![Page 4: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/4.jpg)
Agenda
• The changing threat landscape
• Data infiltration methods
• Data exfiltration methods
• Tips to mitigate these threats
• Demo: using USM to detect system compromise
• Correlation directives
• Incident investigation
![Page 5: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/5.jpg)
• More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons.
• The number of organizations experiencing high profile breaches is unprecedented.
• The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical.
Threat landscape: Our new reality
84%of organizations breached
had evidence of the breach in their log files…
Source: Verizon Data Breach Report, 2014
![Page 6: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/6.jpg)
“There are two types of companies that use computers. Victims of crime that know they are victims of crime and victims of crime that don’t
have a clue yet.”
- James Routh, 2007 CISO Depository Trust Clearing Corporation
Prevention is elusive
![Page 7: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/7.jpg)
![Page 8: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/8.jpg)
“How would you change your strategy if you knew for certain that you were going to be
compromised?”
- Martin Roesch, 2013 Founder & CTO Sourcefire, Author SNORT
![Page 9: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/9.jpg)
Infiltration (How they get in)
• Man in the middle
• Ad-hoc methods (sniffin packets)
• Purpose-built devices (wifi pineapple)
• Social Engineering
• Easier than you think (who has the keys to your castle?)
• Brute Force password enumeration
• Used in iCloud hack
• Watering Hole/Drive by/Spearphishing
• Deploying RootKits/Trojans
![Page 10: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/10.jpg)
Exfiltration (How they get it out)
• Simple encrypted transmission
• HTTP/HTTP
• Posting to WordPress or other sites
• FTP/SFTP/SCP
• Slow & low
• Hide & Seek
• Images
• Video
• Audio (via VOIP)
• New Methods created every day
![Page 11: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/11.jpg)
Prevent Detect & Respond
The basics are in place for most
companies…but this alone is a ‘proven’ failed
strategy.
New capabilities to develop
Get (Very) good at detection & response
![Page 12: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/12.jpg)
Mitigation
• Educate your users to prevent
• Phishing, Social Engineering, etc
• Monitoring
• Netflow/Sflow
• Service Availability
• Direct Monitoring of traffic
• Tagging
• Prevention at proxy level to detect sensitive docs
• Identification of known bad actors
![Page 13: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/13.jpg)
Firewalls/Antivirus are not enough
• Firewalls are usually not the target – too difficult to effectively penetrate
• Endpoints are the target, usually via email, url redirects, misc malicious
files, etc.
• With 160,000 new malware
samples seen every day,
antivirus apps will not find
every threat
• Needs to be bolstered by
regular and comprehensive
monitoring
![Page 14: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/14.jpg)
@AlienVault
Asset Discovery• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability Testing
• Remediation Verification
Threat Detection• Network IDS
• Host IDS
• Wireless IDS
• File Integrity Monitoring
Behavioral Monitoring• Log Collection
• Netflow Analysis
• Service Availability Monitoring
Security Intelligence• SIEM Event Correlation
• Incident Response
![Page 15: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/15.jpg)
AlienVault Labs Threat Intelligence
• Weekly updates to correlation directives to detect emerging threats
• Recent updates related to data exfiltration methods:
• AV Malware, Ajax Security Team Data
Exfiltration
• AV Malware, Operation Machete FTP
exfiltration
• AV attack, malware sending exfiltrating
command output
![Page 16: How to Detect System Compromise & Data Exfiltration with AlienVault USM](https://reader033.vdocument.in/reader033/viewer/2022042512/55a7a2661a28ab3f438b48f1/html5/thumbnails/16.jpg)
Now for some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Questions? [email protected]