Date post: | 08-Aug-2015 |
Category: |
Technology |
Upload: | ingram-micro-cloud |
View: | 206 times |
Download: | 2 times |
Nightingale Floors: Mitigating Cyber Attacks in 2015
Tom Kellermann, CISMChief Cybersecurity Officer, Trend Micro Inc.
Advanced Malware Targeted Attacks
Advanced Malware
Targeted Attacks
Employee Data Leaks
Traditional Malware
Vulnerability Exploits
300K new malware programs daily!
Thriving Underground Market
Malware offered for $249 with a service level agreement (SLA) and replacement warranty if the creation is detected by any antivirus within 9 months
Copyright 2014 Trend Micro Inc.
Malware checking
Botnet Framework
Bulletproof hosting
Exploit Kit
DDOS Attack for 24 hours
Dropper file and crypt
Modules
$30
$125
monthly onetime
$50
$40
$0$52
$38 $120
$0 $20
$205$70
$80$8
Total:$238 $600
Menu for Full Service Hacking
Trends of Attack 2015
• IOS will become the bull's-eye of malware.
• Zero Day’s for Web applications explode.
• Cloud App Attacks.
• Secondary infections are leveraged to facilitate long-term campaigns against the fortune 100.
• Ransomware
• The use of destructive payloads as part of counter incident response.
04/15/2023
Advanced Malware
Detection
Attacker Activity Detection
Threat Impact Assessment
Contextual Threat Analysis
Detect malware, C&C, and attacker activity invisible to standard defenses
Analyze the risk, context, timeline and full extent of the attack
Respond with automatic security updates & the insight to shut down the attack
Custom Defense is the Foundation
Custom Defense
Advanced MalwareDetection
ContextualThreat Analysis
AutomatedSecurity Updates
Command & ControlDetection
AttackerActivity Detection
Threat Impact Assessment
Risk Management 1. Conduct Pen test of all third parties.2. Use Two-factor authentication.3. Utilize a host based intrusion prevention system.4. Deploy file integrity monitoring.5. Implement virtual shielding for zero day exploits.6. Deploy both an MDM and Mobile Application Reputation
software.7. Sandbox your cloud apps.8. Implement whitelisting.9. Manage the crypto keys for your cloud data.10. Web Application Security (OWASP).11. Deploy context aware Threat Intelligence.12. Utilize a Breach Detection System.