dissecting the top five network attack methods - a thief's perspective
TRANSCRIPT
2
““
Things have changed lately.I can make a lot of money doing this. This is my
job now.Thief’s Perspective
3
42%
36%
7% 9%6%
StealthyEvasive SSL
Network Abuse
Browser1 2 3 4
5
Top Network Attack Methods
The game has changedAdvanced targeted attacks are creating complexity
Understand who you are dealing withThey know you better than you know them
Strength through knowledgeThe more you know the stronger you grow
54,627,468
Network Attacksin Q1 2015
1
1. McAfee Labs Q1 2015 Threat Report
4
Browser Attacks1
Seems I can always get through the next new product that is
supposed to stop me. It’s often not about the technology but
the user. They’re just so easy to trick.
“
“Thief’s
Perspective
You See a Browser, I See a Door
The new DMZUsers are easier to trick than IT
Easy to hideMalicious content is rarely obvious
Flexible platformRobust scripting increases attack surface
5
Keep users safe from wrong turns
Web Content Filtering
Understand complete intent of inbound web content
Sandboxing
Find malicious scripts in incoming browser files
Deep File Analysis
Simulate browser activity in a safe environment
Emulation
Win Back the Browser1
6
Evasive Attacks2
Most of my targets don’t believe
evasions are a concern. Out of
sight, out of mind—just like my attacks. Their mistake is my
gain.
“
“
If There’s a Crack, We’ll Find it
Foundational gapsHoles exist in even the best laid security strategies
Trick any deviceDifferent methods used depending on the inspection device
Nothing to seeEvasions leave detection left in the dark
Thief’s Perspective
7
Find and blocks evasive patterns in network attack
traffic
Full Stack Normalization
Find evasive callbacks and exfiltration with network-endpoint
visibility
Endpoint Intelligence
Find files attempting to evade the sandbox
Static Code Analysis
Stay Safe from Evasions2
8
Stealthy Attacks3
I love breaching a company that spends tons of money
on gear but can’t get it working
together. I know I leave traces, but by the time the
admins connect all the dots I’m long gone.
“
“
I’m Getting to Know all About You
Doing their homeworkExtensive reconnaissance of your network
Customized for youCustom attacks designed around your defenses
Hide in the noiseFragmented visibility from information overload
Thief’s Perspective
9
Identify targeted and custom attacks
Sandboxing
Learn context and eliminate fragmented visibility
Security Connected
Empower all gateway devices with robust sandboxing access
Integration
Enable all devices to share and learn in real time
Threat Intelligence Exchange
Stop the Stealth3
10
SSL Attacks4
Why not hide in encrypted traffic? Most
companies don’t have the right
equipment to inspect it. Since they can’t see it,
I can even use easy attacks.
“
“
Lets Play a Game of Hide and Seek
Hiding in plain sightYou can’t block what you can’t see
Expensive visibilityMost organizations lack comprehensive SSL visibility
New SSL channelsIncreased cloud usage provides plenty of places to hide
Thief’s Perspective
11
Peel back SSL layers for visibility into inbound web
traffic
Integrated Inbound SSL Decryption
Maintain throughput and performance with hardware based
decryption
Throughput Performance
Minimize expense by bringing next generation inspection to SSL
Consolidated Inspection
Exposing the SSL Attacker4
12
Network Abuse Attacks4
For $6 in Bitcoin, I can rent time on a DDoS tool
and bring down most websites. Better yet, if I
send just the right type of packet to their web servers, I can crash
the site for free.
“
“
How Much is Your Internet Presence Worth?
Simple and effectiveAbuse of networks with DDoS gets the job done quick
Finding hay in a haystackDifficult to identify abusive traffic.
Target the applicationIncreased challenges stopping application level attacks
Thief’s Perspective
13
Completely understand abusive traffic hitting your site
On-Premise Packet Inspection
Expose the malicious application attack hiding in encrypted traffic
SSL Inspection
Isolate the small and disguised changes in traffic patterns
Volumetric Analysis
Protect yourself from DDoS4
14
It’s Time to Shift Your Perspective
Avoid “Shiny
New Toy”syndrome
Learn from the bad
guys
Embrace a platform that grows with
you
Drive for connected visibility