Más contenido relacionado La actualidad más candente (20) Similar a You can't detect what you can't see illuminating the entire kill chain (20) You can't detect what you can't see illuminating the entire kill chain2. © Fidelis Cybersecurity
Today’s Speakers
Dr. Chenxi Wang
Founder, Rain Capital
@chenxiwang
Tim Roddy
VP Cybersecurity Product Strategy
Fidelis Cybersecurity
2
3. © Fidelis Cybersecurity
Today’s IT Environment Is Complex
Company
Hack
Attacks
Firewalls,
IPS, VPN
Email
Attacks
Active Content
Flash,
Javascript
80
443
25
3
5. © Fidelis Cybersecurity
Office 365 Adoption
5
Source: https://blog.barracuda.com/2017/10/12/office-365-active-usage-soars-some-still-unclear-on-security/
7. © Fidelis Cybersecurity
Your Visibility Is Fragmented
Company
Hack
Attacks
Firewalls,
IPS, VPN
Email
Attacks
Active Content
Flash,
Javascript
80
443
25
7
CASB
Web/Email
Gateways
EDR/AV
? ? ? ?
9. © Fidelis Cybersecurity
See patterns in
network activity
Security Analyst’s Day-to-Day Reality
What’s the Solution?
Monitor for and prevent
exfiltration of data
See beaconing and
block it
Identify and stop malicious
network behavior
See lateral
movement
Perform real-time and
historical analysis
See all endpoint activity
and respond to threats
9
10. © Fidelis Cybersecurity
Illuminate the Kill Chain - Follow These Steps
Build Core competency
1. Get visibility into network, cloud apps, and endpoints
2. Deploy EDR to endpoints and servers
3. Integrate endpoint and network data to increase SOC efficiency
4. Ensure you have historical visibility … what happened in the past matters
5. Utilize Deception wherever meaningful
Don’t forget these
1. Shine a light on IoT and other assets where you can’t deploy an agent
2. Don’t go at it alone - look at MDR to augment your capacity
10
11. © Fidelis Cybersecurity
Look In (All of) the Right Places
Existing breach detection and data loss prevention solutions don’t dig deep.
Can’t find malware hidden
deep inside content
WHAT they see WHEN they see it
Initial Compromise
Establish Foothold
Escalate Privileges
Lateral Propagation
Data Staging
& Exfiltration
Don’t see attackers after
the initial compromise
ATTACK LIFECYCLE
Email & Attachment
Archive
PDF
Malicious
Binary
Blind to attackers operating
on non-standard ports
WHERE they look
HTTP (port 80)
HTTPS (port 443)
Mail (port 25)
Thousands of
ports and
protocols
11
12. © Fidelis Cybersecurity
Look In (All of) the Right Places
Existing detection solutions don’t dig as deep as attackers hide.
Can’t find malware hidden
deep inside content
WHAT they see WHEN they see it
Initial Compromise
Establish Foothold
Escalate Privileges
Lateral Propagation
Data Staging
& Exfiltration
Don’t see attackers after
the initial compromise
ATTACK LIFECYCLE
Email & Attachment
Archive
PDF
Malicious
Binary
Blind to attackers operating
on non-standard ports
WHERE they look
HTTP (port 80)
HTTPS (port 443)
Mail (port 25)
Thousands of
ports and
protocols
Most Security Solutions Only Look HERE
But Attackers Live Here
12
13. © Fidelis Cybersecurity
Unpeel the Content Onion
What You Want to SeeWhat FW’s, IPS’s & Network
Forensics Systems See
13
Same Information in Motion on the Network
14. © Fidelis Cybersecurity
See Embedded Network Content
(Inbound and Outbound)
PDF
DeflateText
Malware
ExcelText
ZIP
PPT
MIME
HTTP
Text
Gmail
Malicious
Inbound
Content
Classified
Sensitive
Outbound
Content
14
15. © Fidelis Cybersecurity
Gain Greater Endpoint Visibility and Insights to
Ensure Faster Response
1 INCREASE
visibility to
see all endpoint activity and
detect threats
2
REDUCE
time to
respond to threats
3 AUTOMATE
Endpoint Response
4
ENHANCE
your endpoint protection
- in one agent
15
16. © Fidelis Cybersecurity
The Value of Integrating Network and Endpoint Data
VISIBILITY
Trigger intelligent actions
from dynamic analysis;
close security lifecycle loop
Instantly validate alerts by
correlating network/
endpoint data with threat
correlation engine
Monitor endpoint activity;
find compromised systems
DETECTION RESPONSE
Decrease Theft of
Assets & IP
Lower Overall Cost of
Response
Minimize Disruption
to Business
Mitigate Damage to
Reputation/Integrity
16
17. © Fidelis Cybersecurity
Look into the Past as Well as the Present via
Rich Metadata
Application & Protocol-Level
Metadata Collected by Fidelis
Content-Level Metadata
Collected by Fidelis
Web Applications
Social Media
Email
Encrypted Web Access
Internal File Share
Other Attributes
Documents
Executable Files
Archives (zip, rar, tar, gzip, etc.)
Certificates
Embedded Objects
Other Attributes
17
18. © Fidelis Cybersecurity
See Attackers’ Lateral Movements
• Phish/Email
• Drive-by Attack
• Social Engineer
• Open Exploit
Human attackers
lured to decoys by
unstructured data
(files, email, docs)
Malware lured to
decoys with
structured data
(apps, browsers)
Attacks rarely land
on desired asset,
lateral movement
is next step.
* - breadcrumb
Active
Directory
*
*
Automation discovers,
creates, deploys and
maintains ‘realistic’
deception layers.
Active response
with automated
workflow and
investigation.
Decoys with
interaction services
and applications to
engage attacks.
18
19. © Fidelis Cybersecurity
Shine a Light on Blind Spots
Where You Can’t DeployAgents
19
Gain insight into your resources
Passive identification, profiling and classification
Assets – Devices (servers, endpoint, IoT, legacy systems)
Data – OS, Applications, Ports
Communication Channels and Network Server Usage
Shadow-IT tools, Home-grown appliances, App servers, Tools
Servers: FTP, SSH, DNS, Proxy
Discover
Automatic processes vs. Human browsing sessions
Internal and External activities
Visualization graphs of asset connectivity
20. © Fidelis Cybersecurity
Illuminate the SSL Blindspot
20
https
proxy
ICAP
Malware and DLP scanning
https
80% of Network traffic is now SSL and 50% of organizations don’t decrypt
21. © Fidelis Cybersecurity
Augment your Staff with 24x7 Managed
Detection and Response (MDR)
Outsource Your Threat Hunting and Data Leakage Mitigation to Experts
Contextual Perspective, Deep Visibility and Automated
Detection and Response across your Network,
Endpoints, Cloud and Enterprise IoT Devices
Full service solution focused on detection, response and
remediation - managed and monitored by security experts
Discover and Classify Network Assets
Enforce Network Detection and Response
Data Leakage Prevention (DLP)
Endpoint Detection and Response (EDR)
Deception
Verifies and enforces your security policies and compliance
requirements to ensure the highest standards
21
22. © Fidelis Cybersecurity
Key Security Capabilities For Your Networks,
Endpoints, Cloud and IoT Environments
Visibility + Intelligence
Visibility:
Network Activity and Content; Endpoint
Activity; Asset and Data Classification;
Decoys
Intelligence:
From experienced IR and security
operations analysts, sandboxing, machine
learning, IOC feeds, and research
Automated
Detection and Response
Automated Detection:
Applies world-class intelligence to full
visibility for contextual perspective
Automated Response:
Comes from understanding every
detection and knowing what an
experienced analyst would do next
=
22
23. © Fidelis Cybersecurity
Monitor theAttack Lifecycle and Data Exfiltration
Identify activity
on devices
Breadcrumbs lure
attackers & malicious
insiders into decoys
Distract
attacker and
defend
Identify
exfiltration
Decoys
activation &
interaction
Adversary Tool
Usage
Identify
Exfiltration TTPs
Network Network
Inside your network
DeceptionEndpoint
Observe all
traffic
23
24. © Fidelis Cybersecurity
Leader inAutomated Detection & Response
PROVEN SECURITY EXPERTISE
• Established 2002, HQ in Washington, DC
• Fortune 100 & DoD enterprise proven
• 12 of the Fortune 50
• 24 of the Fortune 100
• Backed by Marlin Equity Partners
• Experts in Incident Response and Security
Assessments
PATENTED INNOVATION
• Fidelis Elevate Platform
• Network Detection and Response
• Endpoint Detection and Response (EDR)
• Data Loss Prevention (DLP)
• Deception
• Discovery and Classification of
Data and Assets
• Gartner Cool Vendor 2017 for Deception
• Gartner Visionary 2017 for DLP
24
25. © Fidelis Cybersecurity
Questions and Next Steps
25
Read the Datasheet
www.fidelissecurity.com/resources/fidelis-elevate-overview
Request a Personalized Demonstration
www.fidelissecurity.com/products/security-operations-platform/demo
See an On-Demand Fidelis Elevate Demo
www.fidelissecurity.com/products/security-operations-platform/demo/video