SlideShare una empresa de Scribd logo

Issa jason dablow

I
ISSA LA

Issa jason dablow

Tecnología
1 de 76
Descargar para leer sin conexión
Jason Dablow Sr. Sales Engineer What is a Breach? … Exploited Weaknesses of Traditional Security 6/20/2015 Confidential | Copyright 2013 Trend Micro Inc.Copyright 2014 Trend Micro Inc.
Advanced Malware Targeted Attacks Advanced Malware Targeted Attacks Employee Data Leaks Traditional Malware Vulnerability Exploits 220K new malware programs daily! 2
Who’s committing Attacks & Why  90% perpetrated by outsiders  10% committed by insiders  Motivating factors:  73% Financial  22% Espionage  5% Ideology/Fun Copyright 2014 Trend Micro Inc. Source: http://www.verizonenterprise.com/DBIR/
Victim The Boss Mercenary Attackers Data Fencing The Captain Garant Bullet Proof Hoster Crime Syndicate (Simplified)
$4 Victim Blackhat SEO Attacker $10 Attacker Keywords (Botherder) $2 Compromised Sites (Hacker) $6 $10 Programmer $10 Cryptor $10 Virtest $5 Worm Exploit Kit Bot Reseller $1 $1 $1 Traffic Direction System $5 Garant $10 SQL Injection Kit $3 Carder $4 Money Mule Droppers $1 Card Creator $2 Bullet Proof Hoster $5 Crime Syndicate (Detailed)
Attack Stages Confidential | Copyright 2015 Trend Micro Inc. 1. Intelligence Gathering Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack. 2. Point of Entry The initial compromise is typically malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. 3. Command & Control (C&C) Communication Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases. 4. Lateral Movement Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control. 5. Asset/Data Discovery Several techniques and tools are used to identify the noteworthy servers and the services that house the data of interest. 6. Data Exfiltration Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations.
Stage 1 - Intelligence Gathering Acquire strategic information about the targets IT environment and organizational structure. “res://” protocol Confidential | Copyright 2015 Trend Micro Inc.
Data at Risk • Corporate / Financial—board meeting records, legal proceedings, strategic plans, contracts, purchase agreements, pre-earnings announcements, executive salaries, M&A plans and pending patent filings. • Manufacturing—Intellectual Property and manufacturing methods • Retail—Financial records & transactions, customer profiles to generate revenue for identity theft • Internal Organization—employee records and health claims for identity and insurance fraud Confidential | Copyright 2015 Trend Micro Inc.
Stage 2 - Point of Entry Gain entry into a target network using weaknesses found. Weaponized Attachment Malicious URLs Attack Weakness found in: • Infrastructure • Systems • Applications • People • 3rd Party Organizations Confidential | Copyright 2015 Trend Micro Inc.
Infection Options Island Hopping Customers Trusted Partner Attackers Cloning websites of conferences victims will attend Craft email for registration and have a fake registration page (Repeatable) Watering Hole Attacks
Spearphishing
Arrival Vectors in APT - Email
Attackers Try Everything Poison Ivy Multiple Ports HTTPS HTTP IMAP IMAP POP3 SMTP DNS POP3S HYPER TEXT HTTP_ALT Monitoring a few ports is not sufficient Apps & protocols Evilgrab Monitoring a few apps & protocols is not sufficient Morphing IXESHE It’s extremely difficult to track the attack Changes in C&C, IP addresses, signatures & behavior 13
Evade detection with customized malware Attacker Malicious C&C websites Ahnlab's Update Servers wipe out files Destroy MBR Destroy MBR wipe out files Unix/Linux Server Farm Windows endpoints Victimized Business A total of 76 tailor-made malware were used, in which 9 were destructive, while the other 67 were used for penetration and monitoring. Confidential | Copyright 2015 Trend Micro Inc.
Code for Sale Confidential | Copyright 2015 Trend Micro Inc. Ultra Hackers Tools for sale Price is 0.0797 BTC (bitcoin) = $25 Virus Builders 1. Nathan's Image Worm 2. Dr. VBS Virus Maker 3. p0ke's WormGen v2.0 4. Vbswg 2 Beta 5. Virus-O-Matic Virus Maker Scanners 1. DD7 Port Scanner 2. SuperScan 4.0 3. Trojan Hunter v1.5 4. ProPort v2.2 5. Bitching Threads v3.1 DoSers, DDoSers, Flooders and Nukers 1. rDoS 2. zDoS 3. Site Hog v1 4. Panther Mode 2 5. Final Fortune 2.4 Fake Programs 1. PayPal Money Hack 2. Windows 7 Serial Generator 3. COD MW2 Keygen 4. COD MW2 Key Generator 5. DDoSeR 3.6 Cracking Tools 1.VNC Crack 2.Access Driver 3.Attack Toolkit v4.1 & source code included 4.Ares 5.Brutus Analysis : · OllyDbg 1.10 & Plugins - Modified by SLV *NEW* · W32Dasm 8.93 - Patched *NEW* · PEiD 0.93 + Plugins *NEW* · RDG Packer Detector v0.5.6 Beta - English *NEW* Rebuilding : · ImpRec 1.6 - Fixed by MaRKuS_TH-DJM/SnD *NEW* · Revirgin 1.5 - Fixed *NEW* · LordPE De Luxe B *NEW* LIST OF SOFTWARE INCLUDED IN THIS PACKAGE: Host Booters 1. MeTuS Delphi 2.8 2. XR Host Booter 2.1 3. Metus 2.0 GB Edition 4. BioZombie v1.5 5. Host Booter and Spammer Stealers 1. Dark Screen Stealer V2 2. Dark IP Stealer 3. Lab Stealer 4. 1337 Steam Stealer 5. Multi Password Stealer v1.6 Remote Administration Tools/Trojans 1. Cerberus 1.03.4 BETA 2. Turkojan 4 GOLD 3. Beast 2.07 4. Shark v3.0.0 5. Archelaus Beta Binders: 1. Albertino Binder 2. BlackHole Binder 3. F.B.I. Binder 4. Predator 1.6 5. PureBiND3R by d3will HEX Editor : · Biew v5.6.2 · Hiew v7.10 *NEW* · WinHex v12.5 *NEW* Decompilers : · DeDe 3.50.04 · VB ?Decompiler? Lite v0.4 *NEW* · Flasm Unpackers : · ACProtect - ACStripper · ASPack - ASPackDie · ASProtect > Stripper 2.07 Final & Stripper 2.11 RC2 *NEW* · DBPE > UnDBPE Keygenning : *NEW* · TMG Ripper Studio 0.02 *NEW* Packers : · FSG 2.0 · MEW 11 1.2 SE · UPX 1.25 & GUI *NEW* · SLVc0deProtector 0.61 *NEW* · ARM Protector v0.3 *NEW* · WinUpack v0.31 Beta *NEW* Patchers : · dUP 2 *NEW* · CodeFusion 3.0 · Universal Patcher Pro v2.0 · Universal Patcher v1.7 *NEW* · Universal Loader Creator v1.2 *NEW* Crypters 1. Carb0n Crypter v1.8 2. Fly Crypter v2.2 3. JCrypter 4. Triloko Crypter 5. Halloween Crypter 6. Deh Crypter 7. Hatrex Crypter 8. Octrix Crypter 9. NewHacks Crypter 10. Refruncy Crypter 100’s of Items
Today’s Reality – One & Done! 99 10% of malware infect < victims 80 1% of malware infect = victim ? Confidential | Copyright 2015 Trend Micro Inc.
Stage 3 - Command & Control Communications Ensure continued communication between the compromised target and the attackers. Common Traits • Uses typical protocols (HTTP) • Uses legitimate sites as C&C • Uses internal systems as C&C • Uses 3rd party apps as C&C • May use compromised internal systems Advantages • Maintains persistence • Avoids detection Threat Actor C&C Server Confidential | Copyright 2015 Trend Micro Inc.
Trend Micro C&C Research Confidential | Copyright 2015 Trend Micro Inc. 54% of C&C Lifespan < 1 Day
Stage 4 - Lateral Movement Seek valuable hosts that house sensitive information. Pass the Hash Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc.
Stage 5 - Data Discovery Noteworthy assets are identified within the infrastructure then isolated for future data exfiltration. Email servers are identified so attackers can read important email in order to discover valuable information. File lists in different directories are sent back so attackers can identify what are valuable.
Data at Risk Confidential | Copyright 2015 Trend Micro Inc. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Credit Cards Birth & Phone records Customer PII User Credentials Credit Cards PII leads to fraud Movies, Ransoms, Terrorism
Social Media Accounts Copyright 2014 Trend Micro Inc.
Stage 6 - Exfiltration Transmit data to a location that the threat actors control. Common Traits • Built-in file transfer (RATs) • FTP, HTTP • Tor network/Encryption • Public File Sharing sites Confidential | Copyright 2015 Trend Micro Inc.
Maintenance Stage (Anti-Forensics) Maintain persistence within network for future attacks Confidential | Copyright 2015 Trend Micro Inc.
Confidential | Copyright 2015 Trend Micro Inc. Source: http://krebsonsecurity.com/2012/10/the- scrap-value-of-a-hacked-pc-revisited/
Build an Security Ecosystem Copyright 2014 Trend Micro Inc. Timely Global Threat Intelligence Essential Technologies – Combat Current Threat Techniques Integrated Product Strategy – Automated Protection
150 Million+ Worldwide Sensors Web Crawler Trend Micro SolutionsTest Labs 3rd Party Feeds Honeypot CDN / xSP Researcher Intelligence Copyright 2014 Trend Micro Inc. Block malicious URL within 15 minutes once it goes online! Timely Global Threat Intelligence
Data Science is Multidisciplinary http://eduardoarea.blogspot.tw/2012/11/el-camino-de-un-data-scientist.html
Essential Technologies Copyright 2014 Trend Micro Inc. The challenges uncovered during the stages of a targeted attack demonstrate the need for sophisticated technologies and services to secure the enterprise.
Essential Technologies: Community File Reputation • Determines the prevalence and maturity of PE files • Prevalence is a statistical concept referring to the number of times a file was detected by Trend Micro sensors at a given time • If a file has not triggered any detections, we will become suspicious of that file if we have only seen it once or a few times • Today over 80% of the malware is only seen once 2
Essential Technologies: Social Engineering Attack Protection 35
Essential Technologies: Advanced Threat Scan Engine (ATSE) How does ATSE determine a document is bad? ….d2hi.df..ga @$#5^%&..so 60788-9-80- =.//// ..)]}[....... Malicious payload Gotcha!! • Uses heuristic scanning and employs a rule-based system – Analyses the document to get malicious/uncommon characteristics • Payloads, malformed, obfuscation, Name tricks,…etc. – Uses both CVE rules & heuristic rules • Zero-day exploits are malware taking advantage of unpatched vulnerabilities but with similar exploitation techniques • Therefore looking for “characteristics” of an exploit 36
Essential Technologies: Memory Inspection Analysis • Protect against most packer and variation solution which obfuscate the file but not in memory 37 Execute Unpack Log prefix with “RAV_”
Confidential | Copyright 2013 Trend Micro Inc. Essential Technologies: Behavioral Trigger Analysis Cryptoware Protection
Essential Technologies: URL Time Of Click • It is important to evaluate URLs not only when they are first received but also when they are accessed, in order to defend against modified URLs. 39 Internet Trend Datacenter Mail Server Mail Gateway Hosted Email Security InterScan Messaging Security Endpoint Risk! No Risk Block! Mobile Workers Web Gateway Inside Customer’s Network Perimeter Outside Customer’s Network Perimeter Risk! No Risk Block! Check URL Reputation when Clicked Check URL Reputation when Clicked Check URL Reputation In real time URL has NO reputation Rewrite URL to point to Trend Cloud
Essential Technologies: Patching and Intrusion Prevention • Each stage of an attack uses exploits to reach its goal. • Typical patching cycle in an enterprise Risk: • Window of opportunity for hacker: 1 month, often 2 months • Potentially “high risk” periods of 1-2 months (public exploit, patch not yet available, or patch not yet installed) 40 Virtual Patching
• In this day and age where new Workloads get instantiated at a high rate, Security Automation is a“must have” • Operations and Security teams can focus on their core responsibilities • Without touching the machine, any new VM gets the right protection • Inventory and ensure protection throughout your environment 41 Essential Technologies: Security Automation Deep Security
Essential Technologies: Virtual Analyzer/Sandboxing • A virtual environment used to analyze potential malware samples • It allows for the observation of file as well as network behavior in order to identify malware via potentially malicious characteristics • Trend Solutions use custom sandboxes based on our customers environment – Targeted malware validates it is on the right environment before infecting the machine, whether it is targeted against one company, one geography or one sector. • Samples can be submitted by Trend products, via APIs or manually (depending on the implementation) 42
Interconnected Product Strategy – Automated Protection Copyright 2014 Trend Micro Inc. The Interconnected Threat Response Cycle is the key to providing real-time response from just discovered threat information from your own environment
Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 44 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases - Prevent System Lockdown • Hardens the system by not allowing any new applications from executing • Can be used in conjunction with other application control features to have a flexible, layered policy for each user • Example: – Lock down the system – Block all Browsers, P2P and Online Storage apps – Allow OS updates, IE, Office, Adobe and SafeSync 45 MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE Application Control
ITR Use Cases - Prevent Data Discovery and Encryption 46 TMCM OSCE Server OSCE Client DLP Data Discovery SQLlite DB Data Discovery Policy WCU Data Discovery Widgets Data Discovery Log Query Data Discovery Reports Database OSCE proxy OfcCMAgent Scan Configuration Scan Report Scan Configuration Scan Report DLP SDK Interface Scan Policy & Command Scan Report Scan Engine Match Engine Policy Engine Scan Result Cache LogProcessor MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 47 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases – Detect OfficeScan USB Sensor Deep Discovery Analyzer IWSVAScanMail for MS Exchange ScanMail for Domino IMSVA Deep Discover Inspector MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases - Detect C&C alerting via local intelligence OfficeScan InterScan Messaging Security Deep Security InterScan Web Security Deep Discovery Analyzer 1. C&C list shared with local SPN 2. SPN enabled products will obtain the latest C&C list SPN Enabled Trend product Local SPN MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE Custom Defense
ITR Use Cases - Detect Suspicious Object sharing via local intelligence 50 Control Manager OfficeScan InterScan Messaging Security InterScan Web Security Deep Discovery Inspector ScanMailEndpoint Sensor 1. Suspicious object list 2. Suspicious objects list shared MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE IP URL Domain File hashes Open IOC information
Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 51 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
Analyze Impact and Scope (Endpoints) 52 From To To Confidential | Copyright 2014 | © Trend Micro Inc. | Internal Usage Only. MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
Visualize the Attack Phases (Network) MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 54 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases - Respond Outbreak Prevention via Mutex Sharing 55 Deep Discovery Inspector/ Analyzer OfficeScan Endpoint Endpoint EndpointControl Manager MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases - Respond File Hash Based Blocking 56 Deep Discovery Inspector/ Analyzer Application Control / Officescan Endpoint Endpoint EndpointControl Manager MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases – Respond: Suspicious objects can feed into 3rd party products to extend protection: • Bluecoat • HP SMS/Tipping Point • Palo Alto Networks • IBM XGS • And Others… 57 MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
ITR Use Cases – Respond : Outbreak Prevention via NSX Security Tagging 58 • Mechanism: Automatic VM Quarantining – If Deep Security detects (uncleanable/unblockable) malware (and in 9.5sp1 also IPS rules) – Then Deep Security adds an NSX tag to the VM – VMWare NSX adds the VM to a Security Group based on the tag value (dynamic membership) – This NSX Security group has firewall settings that isolates the VM to a management network for remediation and to prevent further infections MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
CENTRALIZED VISIBILITY & CONTROL
60 vCloud Air Security that Fits
Thank You!
Backup Slides Copyright 2014 Trend Micro Inc.
Deep Discovery – Custom Defense Advanced Threat Protection Across the Attack Sequence Malicious Content Copyright 2014 Trend Micro Inc. Suspect Communication Attack Behavior 360 degree view 80 + Protocol across all ports Custom Sandboxing – Windows, Android, Mac Custom Defense – Gateway, Messaging, Endpoints Threat Intelligence across platforms – Windows, Mobile, Mac, Linux Security Echosystem SOC in a Box
Complete User Protection Anti-Malware Encryption Application Control Device Management Data Loss Prevention Content Filtering Employees IT Admin Security Email & Messaging Web Access Device Hopping Collaboration Cloud Sync & Sharing Social Networking File/Folder & Removable Media 65
66 Cloud and Data Center Security Anti-Malware Integrity Monitoring EncryptionSSL Intrusion Prevention Application Scanning Copyright 2014 Trend Micro Inc. Data Center Ops Security Data Center Physical Virtual Private Cloud Public Cloud
67Copyright 2014 Trend Micro Inc.
68
• Identified 65M unique cyber security incidents (more than 180K per day on average) Note: We blocked 80B threats targeting our customers. • Discovered 65M unique malware infections due to ALL activity (almost 180K per day on average) • Logged over 160 million command-and- control (CnC) communications (more than five every second on average) • Analyzed 39,504 unique cyber security incidents (more than 100 per day on average) • Discovered 17,995 unique malware infections due to APT activity (almost 50 per day on average) • Logged over 22 million command-and- control (CnC) communications (less than one every second on average) Source: https://www2.fireeye.com/advanced-threat-report-2013.htmlConfidential | Copyright 2014 Trend Micro Inc.
Smart Protection Network – Web Requests/Day Source: http://www.symantec.com/security_response/publications/threatreport.jsp 6,000,000,000 1,700,000,000 0 10,000,000,000 Trend Micro Symantec Confidential | Copyright 2014 Trend Micro Inc.
Smart Protection Network – Web Attacks Blocked/Day Source: http://www.symantec.com/security_response/publications/threatreport.jsp 13,700,000 568,000 0 10,000,000 20,000,000 Trend Micro Symantec Confidential | Copyright 2014 Trend Micro Inc.
Why Trend Micro Over McAfee? 480 BILLION Queries/Month 6B Queries/Day 150M Nodes Confidential/Copyright 2014 Trend Micro Inc. 2.5B Queries/Day 120M Nodes
Broader Coverage Confidential | Copyright 2015 Trend Micro Inc. Consumers Government AgenciesSMB Partners & OEMEnt/VLE Endpoints Servers Virtual Servers Messaging Network SaaSGateway
6 Billion URLs Processed Daily User Traffic / Sourcing CDN vender Rating Server for Known Threats Unknown & Prefilter Page Download Threat Analysis 6 billion/day 3 billion/day 300 million/day 50% filtered 90% filtered 50,000 malicious URL /day 99.95% filtered Trend Micro Products / Technology CDN Cache High Throughput Web Service Hadoop Cluster Web Crawling Machine Learning Data Mining Technology Process Operation Block malicious URL within 15 minutes once it goes online! Copyright 2014 Trend Micro Inc.
Endpoint Security -- Consumer Products 2009 5.2 h 38.0 h 15.6 h 7.5 h 19.6 h 39.5 h 46.1 h 31.9 h 30.5 h 0 h 5 h 10 h 15 h 20 h 25 h 30 h 35 h 40 h 45 h 50 h Trend Micro Kaspersky Norton McAfee Norman F‐Secure AVG Panda ESET Average time to protect New socially engineered malware Average time to protect 2010 New socially engineered malware 2014
2014 Tests Co 99.60% 70.53% 95.52% 70.00% 80.00% 90.00% 100.00% Trend Micro Microsoft Vendor Average 0-Day Protection: 2014 99.83% 86.10% 96.60% 85.00% 90.00% 95.00% 100.00% Trend Micro Microsoft (Baseline) Vendor Average Real-World Protection 2014 Averages (Mar-Nov) 99.99% 96.99% 95.00% 96.00% 97.00% 98.00% 99.00% 100.00% Trend Micro Vendor Average Malicious Apps - Avg Nov'13 - Nov'14 98.31% 97.20% 98.06% 97.34% 96.64% 97.09% 97.40% 93.55% 93.67% 94.56% 94.63% 93.68% 95.00% 95.77% 90.00% 92.00% 94.00% 96.00% 98.00% 100.00% Q1'12 Q2'12 Q4'12 Q1'13 Q2'13 Q2'14 Q3'14 Opus One Anti-Spam Results Q1'12-Q3'14 Trend Micro Vendor Average
2014 Tests Cont’d Co
2015 Attacks Confidential | Copyright 2015 Trend Micro Inc.

Recomendados

festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterVMUG IT
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 

Recomendados

festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 
TrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterTrendMicro - Security Designed for the Software-Defined Data Center
TrendMicro - Security Designed for the Software-Defined Data CenterVMUG IT
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Talos threat-intelligence
Talos threat-intelligenceTalos threat-intelligence
Talos threat-intelligencexband
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat Security Conference
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
 
Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Acrodex
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 

Más contenido relacionado

La actualidad más candente

Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat Security Conference
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime OpsGreg Foss
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in PerspectiveDragos, Inc.
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
 

La actualidad más candente (20)

Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs realityBlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality
 
Cloud Crime Ops
Cloud Crime OpsCloud Crime Ops
Cloud Crime Ops
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
TRISIS in Perspective
TRISIS in PerspectiveTRISIS in Perspective
TRISIS in Perspective
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
 

Destacado

Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Acrodex
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604ISSA LA
 
Regina Technology Innovation Day
Regina Technology Innovation DayRegina Technology Innovation Day
Regina Technology Innovation DayAcrodex
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.ISSA LA
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
 
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...festival ICT 2016
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015festival ICT 2016
 
Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergISSA LA
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...festival ICT 2016
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 

Destacado (20)

Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
 
Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604
 
Regina Technology Innovation Day
Regina Technology Innovation DayRegina Technology Innovation Day
Regina Technology Innovation Day
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.
 
Microsoft
MicrosoftMicrosoft
Microsoft
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
 
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
 
Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenberg
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 

Similar a Issa jason dablow

Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovDetecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovEric Vanderburg
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKACODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKACODE BLUE
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Nancy Nimmegeers
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 

Similar a Issa jason dablow (20)

Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovDetecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKACODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA
CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
 
Malware
MalwareMalware
Malware
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 

Más de ISSA LA

Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseISSA LA
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laISSA LA
 
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529ISSA LA
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015ISSA LA
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumISSA LA
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mrISSA LA
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panelISSA LA
 
Irari rules
Irari rulesIrari rules
Irari rulesISSA LA
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation ISSA LA
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-topISSA LA
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezISSA LA
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarISSA LA
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideISSA LA
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015ISSA LA
 

Más de ISSA LA (16)

Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defense
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_la
 
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranum
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panel
 
Irari rules
Irari rulesIrari rules
Irari rules
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-top
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prez
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovar
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collide
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Issa jason dablow

  • 1. Jason Dablow Sr. Sales Engineer What is a Breach? … Exploited Weaknesses of Traditional Security 6/20/2015 Confidential | Copyright 2013 Trend Micro Inc.Copyright 2014 Trend Micro Inc.
  • 2. Advanced Malware Targeted Attacks Advanced Malware Targeted Attacks Employee Data Leaks Traditional Malware Vulnerability Exploits 220K new malware programs daily! 2
  • 3. Who’s committing Attacks & Why  90% perpetrated by outsiders  10% committed by insiders  Motivating factors:  73% Financial  22% Espionage  5% Ideology/Fun Copyright 2014 Trend Micro Inc. Source: http://www.verizonenterprise.com/DBIR/
  • 4. Victim The Boss Mercenary Attackers Data Fencing The Captain Garant Bullet Proof Hoster Crime Syndicate (Simplified)
  • 5. $4 Victim Blackhat SEO Attacker $10 Attacker Keywords (Botherder) $2 Compromised Sites (Hacker) $6 $10 Programmer $10 Cryptor $10 Virtest $5 Worm Exploit Kit Bot Reseller $1 $1 $1 Traffic Direction System $5 Garant $10 SQL Injection Kit $3 Carder $4 Money Mule Droppers $1 Card Creator $2 Bullet Proof Hoster $5 Crime Syndicate (Detailed)
  • 6. Attack Stages Confidential | Copyright 2015 Trend Micro Inc. 1. Intelligence Gathering Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack. 2. Point of Entry The initial compromise is typically malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. 3. Command & Control (C&C) Communication Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases. 4. Lateral Movement Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control. 5. Asset/Data Discovery Several techniques and tools are used to identify the noteworthy servers and the services that house the data of interest. 6. Data Exfiltration Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations.
  • 7. Stage 1 - Intelligence Gathering Acquire strategic information about the targets IT environment and organizational structure. “res://” protocol Confidential | Copyright 2015 Trend Micro Inc.
  • 8. Data at Risk • Corporate / Financial—board meeting records, legal proceedings, strategic plans, contracts, purchase agreements, pre-earnings announcements, executive salaries, M&A plans and pending patent filings. • Manufacturing—Intellectual Property and manufacturing methods • Retail—Financial records & transactions, customer profiles to generate revenue for identity theft • Internal Organization—employee records and health claims for identity and insurance fraud Confidential | Copyright 2015 Trend Micro Inc.
  • 9. Stage 2 - Point of Entry Gain entry into a target network using weaknesses found. Weaponized Attachment Malicious URLs Attack Weakness found in: • Infrastructure • Systems • Applications • People • 3rd Party Organizations Confidential | Copyright 2015 Trend Micro Inc.
  • 10. Infection Options Island Hopping Customers Trusted Partner Attackers Cloning websites of conferences victims will attend Craft email for registration and have a fake registration page (Repeatable) Watering Hole Attacks
  • 12. Arrival Vectors in APT - Email
  • 13. Attackers Try Everything Poison Ivy Multiple Ports HTTPS HTTP IMAP IMAP POP3 SMTP DNS POP3S HYPER TEXT HTTP_ALT Monitoring a few ports is not sufficient Apps & protocols Evilgrab Monitoring a few apps & protocols is not sufficient Morphing IXESHE It’s extremely difficult to track the attack Changes in C&C, IP addresses, signatures & behavior 13
  • 14. Evade detection with customized malware Attacker Malicious C&C websites Ahnlab's Update Servers wipe out files Destroy MBR Destroy MBR wipe out files Unix/Linux Server Farm Windows endpoints Victimized Business A total of 76 tailor-made malware were used, in which 9 were destructive, while the other 67 were used for penetration and monitoring. Confidential | Copyright 2015 Trend Micro Inc.
  • 15. Code for Sale Confidential | Copyright 2015 Trend Micro Inc. Ultra Hackers Tools for sale Price is 0.0797 BTC (bitcoin) = $25 Virus Builders 1. Nathan's Image Worm 2. Dr. VBS Virus Maker 3. p0ke's WormGen v2.0 4. Vbswg 2 Beta 5. Virus-O-Matic Virus Maker Scanners 1. DD7 Port Scanner 2. SuperScan 4.0 3. Trojan Hunter v1.5 4. ProPort v2.2 5. Bitching Threads v3.1 DoSers, DDoSers, Flooders and Nukers 1. rDoS 2. zDoS 3. Site Hog v1 4. Panther Mode 2 5. Final Fortune 2.4 Fake Programs 1. PayPal Money Hack 2. Windows 7 Serial Generator 3. COD MW2 Keygen 4. COD MW2 Key Generator 5. DDoSeR 3.6 Cracking Tools 1.VNC Crack 2.Access Driver 3.Attack Toolkit v4.1 & source code included 4.Ares 5.Brutus Analysis : · OllyDbg 1.10 & Plugins - Modified by SLV *NEW* · W32Dasm 8.93 - Patched *NEW* · PEiD 0.93 + Plugins *NEW* · RDG Packer Detector v0.5.6 Beta - English *NEW* Rebuilding : · ImpRec 1.6 - Fixed by MaRKuS_TH-DJM/SnD *NEW* · Revirgin 1.5 - Fixed *NEW* · LordPE De Luxe B *NEW* LIST OF SOFTWARE INCLUDED IN THIS PACKAGE: Host Booters 1. MeTuS Delphi 2.8 2. XR Host Booter 2.1 3. Metus 2.0 GB Edition 4. BioZombie v1.5 5. Host Booter and Spammer Stealers 1. Dark Screen Stealer V2 2. Dark IP Stealer 3. Lab Stealer 4. 1337 Steam Stealer 5. Multi Password Stealer v1.6 Remote Administration Tools/Trojans 1. Cerberus 1.03.4 BETA 2. Turkojan 4 GOLD 3. Beast 2.07 4. Shark v3.0.0 5. Archelaus Beta Binders: 1. Albertino Binder 2. BlackHole Binder 3. F.B.I. Binder 4. Predator 1.6 5. PureBiND3R by d3will HEX Editor : · Biew v5.6.2 · Hiew v7.10 *NEW* · WinHex v12.5 *NEW* Decompilers : · DeDe 3.50.04 · VB ?Decompiler? Lite v0.4 *NEW* · Flasm Unpackers : · ACProtect - ACStripper · ASPack - ASPackDie · ASProtect > Stripper 2.07 Final & Stripper 2.11 RC2 *NEW* · DBPE > UnDBPE Keygenning : *NEW* · TMG Ripper Studio 0.02 *NEW* Packers : · FSG 2.0 · MEW 11 1.2 SE · UPX 1.25 & GUI *NEW* · SLVc0deProtector 0.61 *NEW* · ARM Protector v0.3 *NEW* · WinUpack v0.31 Beta *NEW* Patchers : · dUP 2 *NEW* · CodeFusion 3.0 · Universal Patcher Pro v2.0 · Universal Patcher v1.7 *NEW* · Universal Loader Creator v1.2 *NEW* Crypters 1. Carb0n Crypter v1.8 2. Fly Crypter v2.2 3. JCrypter 4. Triloko Crypter 5. Halloween Crypter 6. Deh Crypter 7. Hatrex Crypter 8. Octrix Crypter 9. NewHacks Crypter 10. Refruncy Crypter 100’s of Items
  • 16. Today’s Reality – One & Done! 99 10% of malware infect < victims 80 1% of malware infect = victim ? Confidential | Copyright 2015 Trend Micro Inc.
  • 17. Stage 3 - Command & Control Communications Ensure continued communication between the compromised target and the attackers. Common Traits • Uses typical protocols (HTTP) • Uses legitimate sites as C&C • Uses internal systems as C&C • Uses 3rd party apps as C&C • May use compromised internal systems Advantages • Maintains persistence • Avoids detection Threat Actor C&C Server Confidential | Copyright 2015 Trend Micro Inc.
  • 18. Trend Micro C&C Research Confidential | Copyright 2015 Trend Micro Inc. 54% of C&C Lifespan < 1 Day
  • 19. Stage 4 - Lateral Movement Seek valuable hosts that house sensitive information. Pass the Hash Confidential | Copyright 2015 Trend Micro Inc.
  • 20. Confidential | Copyright 2015 Trend Micro Inc.
  • 21. Confidential | Copyright 2015 Trend Micro Inc.
  • 22. Confidential | Copyright 2015 Trend Micro Inc.
  • 23. Stage 5 - Data Discovery Noteworthy assets are identified within the infrastructure then isolated for future data exfiltration. Email servers are identified so attackers can read important email in order to discover valuable information. File lists in different directories are sent back so attackers can identify what are valuable.
  • 24. Data at Risk Confidential | Copyright 2015 Trend Micro Inc. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Credit Cards Birth & Phone records Customer PII User Credentials Credit Cards PII leads to fraud Movies, Ransoms, Terrorism
  • 25. Social Media Accounts Copyright 2014 Trend Micro Inc.
  • 26. Stage 6 - Exfiltration Transmit data to a location that the threat actors control. Common Traits • Built-in file transfer (RATs) • FTP, HTTP • Tor network/Encryption • Public File Sharing sites Confidential | Copyright 2015 Trend Micro Inc.
  • 27. Maintenance Stage (Anti-Forensics) Maintain persistence within network for future attacks Confidential | Copyright 2015 Trend Micro Inc.
  • 28. Confidential | Copyright 2015 Trend Micro Inc. Source: http://krebsonsecurity.com/2012/10/the- scrap-value-of-a-hacked-pc-revisited/
  • 29. Build an Security Ecosystem Copyright 2014 Trend Micro Inc. Timely Global Threat Intelligence Essential Technologies – Combat Current Threat Techniques Integrated Product Strategy – Automated Protection
  • 30. 150 Million+ Worldwide Sensors Web Crawler Trend Micro SolutionsTest Labs 3rd Party Feeds Honeypot CDN / xSP Researcher Intelligence Copyright 2014 Trend Micro Inc. Block malicious URL within 15 minutes once it goes online! Timely Global Threat Intelligence
  • 31. Data Science is Multidisciplinary http://eduardoarea.blogspot.tw/2012/11/el-camino-de-un-data-scientist.html
  • 32. Essential Technologies Copyright 2014 Trend Micro Inc. The challenges uncovered during the stages of a targeted attack demonstrate the need for sophisticated technologies and services to secure the enterprise.
  • 33. Essential Technologies: Community File Reputation • Determines the prevalence and maturity of PE files • Prevalence is a statistical concept referring to the number of times a file was detected by Trend Micro sensors at a given time • If a file has not triggered any detections, we will become suspicious of that file if we have only seen it once or a few times • Today over 80% of the malware is only seen once 2
  • 35. Essential Technologies: Advanced Threat Scan Engine (ATSE) How does ATSE determine a document is bad? ….d2hi.df..ga @$#5^%&..so 60788-9-80- =.//// ..)]}[....... Malicious payload Gotcha!! • Uses heuristic scanning and employs a rule-based system – Analyses the document to get malicious/uncommon characteristics • Payloads, malformed, obfuscation, Name tricks,…etc. – Uses both CVE rules & heuristic rules • Zero-day exploits are malware taking advantage of unpatched vulnerabilities but with similar exploitation techniques • Therefore looking for “characteristics” of an exploit 36
  • 36. Essential Technologies: Memory Inspection Analysis • Protect against most packer and variation solution which obfuscate the file but not in memory 37 Execute Unpack Log prefix with “RAV_”
  • 37. Confidential | Copyright 2013 Trend Micro Inc. Essential Technologies: Behavioral Trigger Analysis Cryptoware Protection
  • 38. Essential Technologies: URL Time Of Click • It is important to evaluate URLs not only when they are first received but also when they are accessed, in order to defend against modified URLs. 39 Internet Trend Datacenter Mail Server Mail Gateway Hosted Email Security InterScan Messaging Security Endpoint Risk! No Risk Block! Mobile Workers Web Gateway Inside Customer’s Network Perimeter Outside Customer’s Network Perimeter Risk! No Risk Block! Check URL Reputation when Clicked Check URL Reputation when Clicked Check URL Reputation In real time URL has NO reputation Rewrite URL to point to Trend Cloud
  • 39. Essential Technologies: Patching and Intrusion Prevention • Each stage of an attack uses exploits to reach its goal. • Typical patching cycle in an enterprise Risk: • Window of opportunity for hacker: 1 month, often 2 months • Potentially “high risk” periods of 1-2 months (public exploit, patch not yet available, or patch not yet installed) 40 Virtual Patching
  • 40. • In this day and age where new Workloads get instantiated at a high rate, Security Automation is a“must have” • Operations and Security teams can focus on their core responsibilities • Without touching the machine, any new VM gets the right protection • Inventory and ensure protection throughout your environment 41 Essential Technologies: Security Automation Deep Security
  • 41. Essential Technologies: Virtual Analyzer/Sandboxing • A virtual environment used to analyze potential malware samples • It allows for the observation of file as well as network behavior in order to identify malware via potentially malicious characteristics • Trend Solutions use custom sandboxes based on our customers environment – Targeted malware validates it is on the right environment before infecting the machine, whether it is targeted against one company, one geography or one sector. • Samples can be submitted by Trend products, via APIs or manually (depending on the implementation) 42
  • 42. Interconnected Product Strategy – Automated Protection Copyright 2014 Trend Micro Inc. The Interconnected Threat Response Cycle is the key to providing real-time response from just discovered threat information from your own environment
  • 43. Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 44 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 44. ITR Use Cases - Prevent System Lockdown • Hardens the system by not allowing any new applications from executing • Can be used in conjunction with other application control features to have a flexible, layered policy for each user • Example: – Lock down the system – Block all Browsers, P2P and Online Storage apps – Allow OS updates, IE, Office, Adobe and SafeSync 45 MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE Application Control
  • 45. ITR Use Cases - Prevent Data Discovery and Encryption 46 TMCM OSCE Server OSCE Client DLP Data Discovery SQLlite DB Data Discovery Policy WCU Data Discovery Widgets Data Discovery Log Query Data Discovery Reports Database OSCE proxy OfcCMAgent Scan Configuration Scan Report Scan Configuration Scan Report DLP SDK Interface Scan Policy & Command Scan Report Scan Engine Match Engine Policy Engine Scan Result Cache LogProcessor MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 46. Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 47 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 47. ITR Use Cases – Detect OfficeScan USB Sensor Deep Discovery Analyzer IWSVAScanMail for MS Exchange ScanMail for Domino IMSVA Deep Discover Inspector MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 48. ITR Use Cases - Detect C&C alerting via local intelligence OfficeScan InterScan Messaging Security Deep Security InterScan Web Security Deep Discovery Analyzer 1. C&C list shared with local SPN 2. SPN enabled products will obtain the latest C&C list SPN Enabled Trend product Local SPN MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE Custom Defense
  • 49. ITR Use Cases - Detect Suspicious Object sharing via local intelligence 50 Control Manager OfficeScan InterScan Messaging Security InterScan Web Security Deep Discovery Inspector ScanMailEndpoint Sensor 1. Suspicious object list 2. Suspicious objects list shared MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE IP URL Domain File hashes Open IOC information
  • 50. Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 51 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 51. Analyze Impact and Scope (Endpoints) 52 From To To Confidential | Copyright 2014 | © Trend Micro Inc. | Internal Usage Only. MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 52. Visualize the Attack Phases (Network) MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 53. Midsize & Enterprise Business The Interconnected Threat Response (ITR) Cycle 54 Analyze risk and nature of attack and attacker, and assess impact of threats retrospectively Update protection automatically, prioritize areas for remediation and adapt protection Detect advanced malware, behavior and communications invisible to standard defenses Assess potential vulnerabilities and proactively protect endpoints, servers and applications MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 54. ITR Use Cases - Respond Outbreak Prevention via Mutex Sharing 55 Deep Discovery Inspector/ Analyzer OfficeScan Endpoint Endpoint EndpointControl Manager MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 55. ITR Use Cases - Respond File Hash Based Blocking 56 Deep Discovery Inspector/ Analyzer Application Control / Officescan Endpoint Endpoint EndpointControl Manager MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 56. ITR Use Cases – Respond: Suspicious objects can feed into 3rd party products to extend protection: • Bluecoat • HP SMS/Tipping Point • Palo Alto Networks • IBM XGS • And Others… 57 MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 57. ITR Use Cases – Respond : Outbreak Prevention via NSX Security Tagging 58 • Mechanism: Automatic VM Quarantining – If Deep Security detects (uncleanable/unblockable) malware (and in 9.5sp1 also IPS rules) – Then Deep Security adds an NSX tag to the VM – VMWare NSX adds the VM to a Security Group based on the tag value (dynamic membership) – This NSX Security group has firewall settings that isolates the VM to a management network for remediation and to prevent further infections MONITOR & CONTROL PREVENT DETECT RESPOND ANALYZE
  • 61. Backup Slides Copyright 2014 Trend Micro Inc.
  • 62. Deep Discovery – Custom Defense Advanced Threat Protection Across the Attack Sequence Malicious Content Copyright 2014 Trend Micro Inc. Suspect Communication Attack Behavior 360 degree view 80 + Protocol across all ports Custom Sandboxing – Windows, Android, Mac Custom Defense – Gateway, Messaging, Endpoints Threat Intelligence across platforms – Windows, Mobile, Mac, Linux Security Echosystem SOC in a Box
  • 63. Complete User Protection Anti-Malware Encryption Application Control Device Management Data Loss Prevention Content Filtering Employees IT Admin Security Email & Messaging Web Access Device Hopping Collaboration Cloud Sync & Sharing Social Networking File/Folder & Removable Media 65
  • 64. 66 Cloud and Data Center Security Anti-Malware Integrity Monitoring EncryptionSSL Intrusion Prevention Application Scanning Copyright 2014 Trend Micro Inc. Data Center Ops Security Data Center Physical Virtual Private Cloud Public Cloud
  • 66. 68
  • 67. • Identified 65M unique cyber security incidents (more than 180K per day on average) Note: We blocked 80B threats targeting our customers. • Discovered 65M unique malware infections due to ALL activity (almost 180K per day on average) • Logged over 160 million command-and- control (CnC) communications (more than five every second on average) • Analyzed 39,504 unique cyber security incidents (more than 100 per day on average) • Discovered 17,995 unique malware infections due to APT activity (almost 50 per day on average) • Logged over 22 million command-and- control (CnC) communications (less than one every second on average) Source: https://www2.fireeye.com/advanced-threat-report-2013.htmlConfidential | Copyright 2014 Trend Micro Inc.
  • 68. Smart Protection Network – Web Requests/Day Source: http://www.symantec.com/security_response/publications/threatreport.jsp 6,000,000,000 1,700,000,000 0 10,000,000,000 Trend Micro Symantec Confidential | Copyright 2014 Trend Micro Inc.
  • 69. Smart Protection Network – Web Attacks Blocked/Day Source: http://www.symantec.com/security_response/publications/threatreport.jsp 13,700,000 568,000 0 10,000,000 20,000,000 Trend Micro Symantec Confidential | Copyright 2014 Trend Micro Inc.
  • 70. Why Trend Micro Over McAfee? 480 BILLION Queries/Month 6B Queries/Day 150M Nodes Confidential/Copyright 2014 Trend Micro Inc. 2.5B Queries/Day 120M Nodes
  • 71. Broader Coverage Confidential | Copyright 2015 Trend Micro Inc. Consumers Government AgenciesSMB Partners & OEMEnt/VLE Endpoints Servers Virtual Servers Messaging Network SaaSGateway
  • 72. 6 Billion URLs Processed Daily User Traffic / Sourcing CDN vender Rating Server for Known Threats Unknown & Prefilter Page Download Threat Analysis 6 billion/day 3 billion/day 300 million/day 50% filtered 90% filtered 50,000 malicious URL /day 99.95% filtered Trend Micro Products / Technology CDN Cache High Throughput Web Service Hadoop Cluster Web Crawling Machine Learning Data Mining Technology Process Operation Block malicious URL within 15 minutes once it goes online! Copyright 2014 Trend Micro Inc.
  • 73. Endpoint Security -- Consumer Products 2009 5.2 h 38.0 h 15.6 h 7.5 h 19.6 h 39.5 h 46.1 h 31.9 h 30.5 h 0 h 5 h 10 h 15 h 20 h 25 h 30 h 35 h 40 h 45 h 50 h Trend Micro Kaspersky Norton McAfee Norman F‐Secure AVG Panda ESET Average time to protect New socially engineered malware Average time to protect 2010 New socially engineered malware 2014
  • 74. 2014 Tests Co 99.60% 70.53% 95.52% 70.00% 80.00% 90.00% 100.00% Trend Micro Microsoft Vendor Average 0-Day Protection: 2014 99.83% 86.10% 96.60% 85.00% 90.00% 95.00% 100.00% Trend Micro Microsoft (Baseline) Vendor Average Real-World Protection 2014 Averages (Mar-Nov) 99.99% 96.99% 95.00% 96.00% 97.00% 98.00% 99.00% 100.00% Trend Micro Vendor Average Malicious Apps - Avg Nov'13 - Nov'14 98.31% 97.20% 98.06% 97.34% 96.64% 97.09% 97.40% 93.55% 93.67% 94.56% 94.63% 93.68% 95.00% 95.77% 90.00% 92.00% 94.00% 96.00% 98.00% 100.00% Q1'12 Q2'12 Q4'12 Q1'13 Q2'13 Q2'14 Q3'14 Opus One Anti-Spam Results Q1'12-Q3'14 Trend Micro Vendor Average
  • 76. 2015 Attacks Confidential | Copyright 2015 Trend Micro Inc.