technology in action - fireeye...create innovative ways to detect and respond to every incident in...

1Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved.

Technology in Action

2Copyright © 2015, FireEye, Inc. All rights reserved. Copyright © 2015, FireEye, Inc. All rights reserved. CONFIDENTIAL

AGENDA

Disrupting the Malware Killchain – Yogi Chandiramani, System Engineer Director -

EMEA

Key capabilities a Cyber Strategy Needs to Address – Manish Gupta, SVP Products

The Cyber Security Maturity Curve – Thibaud Signat – System Engineer Manager


Using Technology to Disrupt the Malware Kill Chain

Yogi Chandiramani, Systems Engineer Director - EMEA

4Copyright © 2015, FireEye, Inc. All rights reserved.

Kill Chain Model Introduction

What is Kill Chain Model ….

• Introduced by Lockheed Martin

• Defined process to win against Advanced Persistent

Threats (APT)

• Seven phases characterize the progression of intrusion

How will Kill Chain help my Organization….

• Methodology to defend the enterprise network every day

• Helps organizations understand how adversaries operate

http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf

http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf


Kill Chain Process States


Effective Kill Chain Solution

Effe

ctive

Se

cu

rity

Current ModelIPS

Inline-AVPatch

AV

Firewall

Reconnaissance Weaponization Delivery Exploit Installation Command &

Control

Action

Effic

acy

Multi vector

attacks?

Multi flow

attacks?

Time to

deploy?

Block

dynamically

outbound

connections?

Foolproof to

avoid data

exfiltration?


TECHNOLOGY

IDENTIFIES KNOWN, UNKNOWN, AND NON

MALWARE BASED THREATS

INTEGRATED TO PROTECT ACROSS ALL MAJOR

ATTACK VECTORS

PATENTED VIRTUAL MACHINE TECHNOLOGY

EXPERTISE

“GO-TO” RESPONDERS FOR SECURITY INCIDENTS

HUNDREDS OF CONSULTANTS AND ANALYSTS

UNMATCHED EXPERIENCE WITH ADVANCED

ATTACKERS

INTELLIGENCE

50 BILLION+ OBJECTS ANALYZED PER DAY

FRONT LINE INTEL FROM HUNDREDS OF INCIDENTS

MILLIONS OF NETWORK & ENDPOINT SENSORS

HUNDREDS OF INTEL AND MALWARE EXPERTS

HUNDREDS OF THREAT ACTOR PROFILES

DISCOVERED 16 OF THE LAST 22 ZERO-DAYS

FireEye Adaptive Defense


HOW DO YOU WANT

TO ACCOUNT FOR IT?

WHAT VECTORS DO

YOU NEED TO PROTECT?

WHAT DO YOU WANT TO

KNOW ABOUT THE ATTACKER?

HOW DO YOU WANT TO

MANAGE AND RESPOND?


QUESTIONS?


Key capabilities a Cyber Strategy Needs to Address

Manish Gupta, SVP Products


FireEye Approach

MULTI-VECTOR

INLINE KNOWN AND

UNKNOWN THREAT

PREVENTION

ANALYZE

SIGNATURE-LESS AND MULTI

FLOW VIRTUAL MACHINE

BASED APPROACH THAT

LEVERAGES SUPERIOR

THREAT INTELLIGENCE

REMEDIATION SUPPORT

AND THREAT INTELLIGENCE

TO RECOVER AND IMPROVE

RISK POSTURE

CONTAINMENT, FORENSICS

INVESTIGATION AND KILL

CHAIN RECONSTRUCTION

RESPOND

DETECT PREVENT


Technology to support an Investigation

How did the attacker gain initial access to the environment?

How did the attacker maintain access?

What is the storyline of the attack?

What data was stolen from the environment?

Have you contained the incident?

All stakeholders should understand the answers to avoid creating

inaccurate or inconsistent messages when speaking publicly.


FireEye Platform: Magic of MVX

• Custom hypervisor with built-in

countermeasures

• Designed for threat analysis

FireEye Hardened Hypervisor 1 Multi-modal Virtual Execution2• Multiple operating systems

• Multiple service packs

• Multiple applications

• Multiple file types

Threat Protection at Scale3• Over 2,000 simultaneous executions

• Multi-stage analysis

Hardware

FireEye Hardened Hypervisor

Multi-modal Virtual Execution

Parallel execution

environments

Over 10 micro-tasks

v1v1 v2 v3 v2 v3

MVX

Core

DTI Enterprise DTI Cloud


Evolving Cyber Capabilities

Predictive

Proactive

Managed

Controlled

Reactive

Time / Effort

GOVERNANCE & COMMUNICATIONAGILE

AVFW

PROXY

H/N IPS THREAT &

VULN MGT

SIGNATURE-

LESS TOOLS

SIEM ACTIONABLE

THREAT INTEL

HOST

FORENSICSINTEL

SHARINGNETWORK

FORENSICS

CAMPAIGN

TRACKING

TREND &

SECURITY

ANALYTICS

FO

UN

DA

TIO

NA

L

CO

NT

RO

LS

TO

OL

ING

CA

PA

BIL

ITIE

S

Etc…


FireEye Product Update


Questions?


WALK THROUGH THE CYBER MATURITY CURVE

Thibaud Signat, Systems Engineer Manager


The Problem Is The Hacker!

IT’S A “WHO,”NOT A “WHAT”

THERE’S A HUMAN AT A

KEYBOARD

HIGHLY TAILORED AND

CUSTOMIZED ATTACKS

TARGETED SPECIFICALLY

AT YOU

THEY ARE PROFESSIONAL, ORGANIZED AND WELL FUNDED

NATION-STATE

SPONSORED

ESCALATE

SOPHISTICATION OF

TACTICS AS NEEDED

RELENTLESSLY FOCUSED

ON THEIR OBJECTIVE

IF YOU KICK THEM OUT THEY WILL RETURN

THEY HAVE SPECIFIC

OBJECTIVES

THEIR GOAL IS LONG-TERM

OCCUPATION

PERSISTENCE TOOLS ENSURE

ONGOING ACCESS


The Risk Conundrum

The LIKELIHOOD of a compromise has increased across the

board

The IMPACT of attacks can be phenomenal

The requirement to DETECT & UNDERSTAND PROMPTLY has

increased

- Cyber savvy public

- Breach disclosure Legislation


New Security Paradigm

Ability to Operate Through Compromise

Holistic Visibility (Network & Endpoint)

Actionable Threat Intelligence

Shift to Threat Centric Security

Threat Intelligence

Incident Response

Security Monitoring

Organizations Must Seek to Eliminate or

Reduce the Consequences and Impact of

Security Breaches


Reducing the Impact

Create Innovative Ways to Detect and Respond to Every Incident in < 10 Minutes

Time to

Detect

Cost of

Response

Cost of

Detection

Reputation

Risk

Minimize organizational risk and allow business to function while under continuous attack

• Predictive – Continuously measure enterprise attack surface and model potential threat vectors

targeted at critical assets and data

• Proactive – Hunt for intrusions. Discover and remediate / compensate for vulnerabilities.

• Responsive – Rapid analysis and containment of threats


Where are we on the Cyber Maturity Curve

Predictive

Proactive

Managed

Controlled

Reactive

Time / Effort


FO

UN

DA

TIO

NA

L

CO

NT

RO

LS


Where are you on the Maturity Curve?

Predictive

Proactive

Managed

Controlled

Reactive

Time / Effort


AVFW

PROXY

H/N IPS THREAT &

VULN MGT

SIGNATURE-

LESS TOOLS

SIEM ACTIONABLE

THREAT INTEL

HOST

FORENSICSINTEL

SHARINGNETWORK

FORENSICS

CAMPAIGN

TRACKING

TREND &

SECURITY

ANALYTICS

FO

UN

DA

TIO

NA

L

CO

NT

RO

LS

TO

OL

ING

CA

PA

BIL

ITIE

S

Etc…


Where Does FireEye Contribute?

Predictive

Proactive

Managed

Controlled

Reactive

Time / Effort


AVFW

PROXY

H/N IPS THREAT &

VULN MGT

SIGNATURE-

LESS TOOLS

SIEM ACTIONABLE

THREAT INTEL

HOST

FORENSICSINTEL

SHARINGNETWORK

FORENSICS

CAMPAIGN

TRACKING

TREND &

SECURITY

ANALYTICS

FO

UN

DA

TIO

NA

L

CO

NT

RO

LS

TO

OL

ING

CA

PA

BIL

ITIE

S

Etc…

FireEye

Web (NX)

FireEye

Email (EX)

Host

Protection

(HX)

Network

Forensics

(PX)

Threat

Intel

(ATI+)Intel Portal

(FIC)

Threat

Analytics

Platform

(TAP)

Proactive

Consulting

Services

Continuous

Vigilance

(CV)

FireEye

File (FX)

Malware Lab

Analysis (AX)

Mobile Threat

Prevention (MTP)


QUESTIONS?

technology in action - fireeye...create innovative ways to detect and respond to every incident in...

Documents