advanced presisten threats conference mile2
Post on 19-Oct-2014
191 views
DESCRIPTION
Raymond Friedman Conferencia en México Septiembre de 2013TRANSCRIPT
Preventing Advanced Persistent Threats, the Future of IT
SecurityRay Friedman
CEO, Mile2
Introduction
What is an APT?
Impact of APT
Verizon Report 2012
97% - 3%
Counter-measures
Penetration testing
User Education
Mile2
Discussion Topics
APT´s
ATP - Persistent
VS.Black Hat Professional
• They are persistent because of their methods
• Tenaciously calculated
• Stealth
• Long term gain
• Financially lucrative reward
Amateur Kiddy Hacker
• Focuses on short term gain
• Sloppy with their methods
• Usually detected
ATP - Threat
It’s a threat because the perpetrators have:
• Resources
• Motivation to succeed
• Financial gain is great
• Sizeable financial blow to their competitors
Advanced Persistent Threats
APT is characterized as: “slow and low” cyber attacks against servers containing valuable intellectual property.• Unauthorized software • Dormant and undetected • Information is sent remotely to
servers
Value of data retrieved by APTs• Avoid costly research• Procure sensitive
utility/military information
APTs
The threats are real because these hackers are just that…
• Advanced
• Persistent
• Threats
Should we be concerned? Does it apply to me?
APT - Advanced
Not Hackers – Black hat professionals
Skilled
Resourceful
Sophisticated supporting infrastructure
Intelligently managed
APT Life Cycle
Advanced persistent threats create a growing and changing risk to organizations’ financial assets, intellectual property, and reputation by following a continuous process:
Target organizati
ons
Gain foothold in the environment through spear
phishing emails.
Use compromised systems
Deploy tools to attack
Cover tracks
Verizon Report
Verizon Report 2011/2012
• Verizon Data Breach 97% of attacks were avoidable through simple or intermediate controls.
• Over 60% of attacks were targets of opportunity, not APTs.
Verizon Case Study 97% - Ignorance is Bliss
• On average, it takes months for a company to become aware that they have been compromised.
• 92% of the incidents were discovered by a third party.
• In most cases, evidence of the intrusion was clearly present in the company's log files.
The Real Threat
• Company Technology or Social Engineering?
• Awareness is key
• Repetition is necessary
So What is REALITY?
• We have a lot of work to do
• New skills
• New vectors
• Focus on the 97% -basics
What is the 3% APT
• Real Advance Persistent threats only entailed 3% of all the hacks according to the Verizon report
• Example: Sophisticated Malware Attack
• Remote access backdoors
• Persistent reputation
3%
Countermeasures
What happens when you are attacked?
Locate the system or systems under attack.
Find and preserve all log files.
Purge and clean the infected network.
Test the entire network for potential future attacks.
If needed, implement new security measures.
Penetration Test
Phase 1 Planning & Preparation
Phase 2 Assessment
Phase 3 Report
• Info Gather
• Network Mapping
• Vulnerability ID
• Penetration Testing
• Privilege Escalation
• Enumeration
• Compromise User/Sites
• Maintaining Access
• Cover Tracking• Clean up • Reporting
What Should You Do Overall?
Verizon Data Breach Report states that we should:
• Eliminate unnecessary data; keep tabs on what’s left
• Ensure essential controls are met
• Assess remote access services
• Test and review web applications
• Audit user accounts and monitor privileged activity
• Monitor event logs
• Examine Payment Mediums / Devices of ATMs
• Educate- Personal
Countermeasure: User Education
It is extremely important to inform end-users about the dangers of running software obtained from untrusted sources.
Instead of having users simply read and sign-off on the company computer usage policy, actually discuss computer security issues (picking strong passwords, malicious software, etc) in a face-to-face meeting.
Remember, there is no ‘patch’ for stupidity!
Summary
Effective Security is Efficient Security
Most attacks are avoidable
Design, develop, and evaluate your
security program
continuously
Count on Mile2
Mile2 will help you:
• Protect your company, network and system from attacks.
• Protect your intellectual property.
• Enforce acceptable use policies and investigate offenders.
• Learn how to plan, implement, build & maintain a complete security strategy.
• Stay abreast of the most current information and methods relating to IT Security.
• Gain CPE credits: mile2 classes can be submitted to other certification organizations for continuing professional education (CPE) credits.
What Makes Mile2 Superior?
• Mile2's famous penetration testing and IT Security training classes have become the de facto standard for the US Military; US Air Force, Marines, Army and National Guard.
• Mile2 has also taught personnel from the United Nations, DND, DOD, NATO, NASA foreign Military and Government personnel and a large number of fortune 100 companies.
• Traditionally, student participation has also come from a wide spectrum ranging from charities, banking, insurance, health, communications, transport, and law enforcement.
• We practice what we preach!
• Mile2 is a certification governing body with certifications not only known globally but also well respected.
• With a Mile2 Cyber Security certification behind your name, you will be recognized!
• You will have the competence to do your job function… Successfully!
C
Competence
C
onfidence
redibility
Career Income
Income range: $45,000 - $131,000
Mile2 Course Road Map