+ All Categories
Home > Documents > Removing Blind Spots in Network Visibility to Stop Data...

Removing Blind Spots in Network Visibility to Stop Data...

Date post: 21-Jul-2020
Category:

Documents
Upload: others
View: 5 times
Download: 0 times
Download Report this document
Share this document with a friend
12
Removing Blind Spots in Network Visibility to Stop Data Theft Stephen Newman, CTO, Damballa Thursday, October 29 11:20 AM - 11:50 AM CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA
Transcript
Page 1: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

Removing Blind Spots in Network Visibility to Stop Data TheftStephen Newman, CTO, DamballaThursday, October 2911:20 AM - 11:50 AM

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

Page 2: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CLUES TO A CRIME

Photo Source: NBC

Page 3: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

CYBERCRIMES IN 1H 2015

577 Breaches

155M+ Records

Source: Identity Theft Resource Center, 2015 Data Breach Category Summary

Page 4: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

DETECTION TAKES TOO LONG

229 days to discover a breach

67% discovered by 3rd parties

Source: Mandiant’s 2014 M-Trends Report

Minutes

11%

Hours

13%

Days

17%

Weeks

25%

Months

29%

Years

5%

Page 5: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

Tsunami of Noise Layers of Security Prevention Products

BLINDED BY ALERTS

Uncertainty About Actual Threats

Overwhelming volume

High rate of false positives

Snapshot-in-time data

Information without context

Page 6: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

Unknown indicators

Known indicators

AV HIPS FW DNS FW IDSIPS

WSGProxy

VMSandbox

Endpoint Security Network Security

Proof of Infection

LOTS OF EVIDENCE BUT NO PROOF

Page 7: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

PREVENTION IS BLIND TO EVASIVE MALWARE

Initial Infection

Dropper

Update/Repurpose

Updater Site Downloader Site

Initial C&C and 2nd Repurpose

C&C Portals

C&C Proxies

Repository

Page 8: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

Initial Infection

Files Downloaded

HOW CAN YOU REMOVE THE BLINDERS?

Initial C&C and 2nd Repurpose

C&C Portals

C&C Proxies

Automation

Emergent Threat

Domain Fluxing

Update/Repurpose

Queries

P2P Activity

HTTP Attempts

Communications with C&C

Executed files

Page 9: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

WHAT IF YOU COULD ELIMINATE GUESSWORK?

Slog through alerts

Dig through logs

Chase false positives

Correlate data

Make assumptions

Act/Don’t Act?

Instrument the network for detection

Indicators of compromise are monitored

Pieces of evidence are corroborated

Proof of infection is verified

High-risk devices are prioritized

Data theft is averted

Page 10: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

NETWORK SECURITY MONITORING BY DAMBALLA

YOUR NETWORK TRAFFIC

& DEVICES

RISK PROFILERSAc

tivity

Impo

rtanc

e

Inte

nt

DETECTION ENGINES

Behaviors

Content

Threats

CASE ANALYZER & MANAGER TRUE POSITIVES CONFIRMED

CLOSED CASES

Threat Discovery

Center

IR TEAM

Page 11: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA

TAKEAWAYS

Prevent what you canUnderstand how malware evades detectionInstrument the network to discovery hidden threatsA compromise doesn’t have to led to a breachRespond in a prioritized way based on risk factors

Page 12: Removing Blind Spots in Network Visibility to Stop Data Theftfbcinc.com/e/.../tracka/...Newman-Removing_Security_Blind_Spots-FI… · Removing Blind Spots in Network Visibility to

Thank [email protected]

CONFIDENTIAL AND PROPRIETARY | ©2014 DAMBALLA


Recommended
BLIND SPOTS EXPLAINED VISIBILITY IS CRITICALm.b5z.net/i/u/10031075/i/Blind_Spots_Explained_White_Paper.pdf · In Figure 5 below see the view out of the passenger side window of a

BLIND SPOTS EXPLAINED VISIBILITY IS CRITICALm.b5z.net/i/u/10031075/i/Blind_Spots_Explained_White_Paper.pdf · In Figure 5 below see the view out of the passenger side window of a

Documents

OpenHouse08 SPOTS

OpenHouse08 SPOTS

Documents

Direct Distribution€¦ · visibility and tracking resources that will enhance your service to your customers, save internal costs by removing manual processes, reducing time and

Direct Distribution€¦ · visibility and tracking resources that will enhance your service to your customers, save internal costs by removing manual processes, reducing time and

Documents

Safety solutions · 2020-05-14 · does not limit visibility and fits into any interior. Installation without tools, ready to use immediately after unpacking and removing the protective

Safety solutions · 2020-05-14 · does not limit visibility and fits into any interior. Installation without tools, ready to use immediately after unpacking and removing the protective

Documents

Research Article A New Technique of Removing Blind Spots ......InternationalJournal of Antennas and Propagation erefore, the main research objectives are illustrated as follows: (i)

Research Article A New Technique of Removing Blind Spots ......InternationalJournal of Antennas and Propagation erefore, the main research objectives are illustrated as follows: (i)

Documents

CATALOGO SPOTS

CATALOGO SPOTS

Documents

Seeing Spots

Seeing Spots

Documents

CAT 777Fv2 hd052 - Spillard Safety Systems Ltd 777Fv2_hd052.pdf · x w =0.5m Machine Visibility Distances where blind spots intersect machine reference lines A= 2.9m B= 3.6m C= 7.6m

CAT 777Fv2 hd052 - Spillard Safety Systems Ltd 777Fv2_hd052.pdf · x w =0.5m Machine Visibility Distances where blind spots intersect machine reference lines A= 2.9m B= 3.6m C= 7.6m

Documents

Fishing spots

Fishing spots

Sports

Removing the bottlenecks and Key Facts blind spots in IT ......standardize access and cut risk. “Giving department heads and researchers the ability to manage access to their systems

Removing the bottlenecks and Key Facts blind spots in IT ......standardize access and cut risk. “Giving department heads and researchers the ability to manage access to their systems

Documents

Visibility Blind Spots on the Construction Site

Visibility Blind Spots on the Construction Site

Documents

Republic of South Africa Systematic Country Diagnostic · removing punctuation; removing symbols; removing numbers; removing twitter-related symbols; removing embedded URLs; removing

Republic of South Africa Systematic Country Diagnostic · removing punctuation; removing symbols; removing numbers; removing twitter-related symbols; removing embedded URLs; removing

Documents

Supply Chain Visibility removing Bullwhip Effect and …Accenture] Supply chain... · Supply Chain Visibility removing Bullwhip Effect and Inventory-Values, challenges and opportunities

Supply Chain Visibility removing Bullwhip Effect and …Accenture] Supply chain... · Supply Chain Visibility removing Bullwhip Effect and Inventory-Values, challenges and opportunities

Documents

The Chewing Gum Removerkeelanchemicals.com/media/wysiwyg/cg-removal.pdf70 chewing-gum spots to remove with 1litre GumFree®fluid The Power is perfect for removing 120 chewing-gum spots

The Chewing Gum Removerkeelanchemicals.com/media/wysiwyg/cg-removal.pdf70 chewing-gum spots to remove with 1litre GumFree®fluid The Power is perfect for removing 120 chewing-gum spots

Documents

M.P.T. ZAM Trading · Cleansing milk suitable for oily and impure skins. It removes makeup and deeply cleanses the face skin by removing impurities, excess of sebum and black spots.

M.P.T. ZAM Trading · Cleansing milk suitable for oily and impure skins. It removes makeup and deeply cleanses the face skin by removing impurities, excess of sebum and black spots.

Documents

Power Spots

Power Spots

Documents

Picnic Spots

Picnic Spots

Documents

Workout Spots

Workout Spots

Documents