如何有效保護企業核心價值

Security Reimagined
如何有效保護企業核心價值
OuTian 劉俊雄
台灣區技術經理
1
About FireEye
• 2004 年於美國矽谷成立
• 2013 年於NASDAQ上市，同年底併購著
名端點防護領導廠商Mandiant
• 進階惡意程式、零時差攻擊以及先進持續
威脅(APT)領域的世界領導廠商
• 在各業別皆有龐大的客戶群
– 頂尖的銀行、高科技產業、石油及天然氣、政府等等
– 所有的主要網際網路搜尋引擎、最流行的社群網站以及
拍賣網站等等
• 2013年IDC進階威脅防護市場佔有率報告：
FireEye No. 1
2
Mobile
Cloud
Social
Big Data
3
Over 95% Compromised
Nation State Attacks
Cyber Crime Exploding
4
Widespread & persistent state of compromise
Coordinated Persistent Threat Actors
Dynamic, Polymorphic Malware
NEW THREAT LANDSCAPE
Multi-Vector Attacks
Multi-Staged Attacks
5
FireEye Advanced Threat Report: 2013
6
APT Attacks: Asia Pacific 2013
1
South Korea
6 Philippines
2
Japan
7 India
3
Taiwan
8 Australia
4
Thailand
9 Pakistan
5
Hong Kong
10 Singapore
7
Targeted verticals: Asia 2013
1
2
3
4
Financial
Services
Government:
Federal
High-Tech
5
6
7
Services,
Consulting
and VAR
Education:
Higher Education
Telecom (Internet,
Phone and Cable)
8
9
10
Energy, Utilities and
Petroleum Refining
Entertainment,
Media and
Hospitality
Government: State
and Local
Chemical,
Manufacturing
and mining
8
Mandiant M-Trends 2014 Threat Report
9
10
The High Cost of Being Unprepared
THREAT UNDETECTED
REMEDIATION
Initial
Breach
of Companies Learned
They Were Breached from
an External Entity
229 Days
Median # of days attackers are present on
a victim network before detection.
3
Months
6
Months
9
Months
of Victims Had
Up-To-Date Anti-Virus
Signatures
Source: M-Trends Report
11
用長矛打現代戰爭的結果
由攻擊發生至資料竊取
數分 ~ 數日
由攻擊發生至發現
數日 ~ 數月
由發現攻擊至抑制
數日 ~ 數月
有效的防禦需要在數分鐘內發現威脅並阻擋，而不是等上數個月
2012 Verizon Data Breach Investigations Report: Time windows for financial and PCI breaches.
12
Multi-Staged Cyber Attack
Callback Server
Exploit Server
1. Exploitation of System
2. Malware Executable Download
3. Callbacks and Control Established
Firewall
File Share 2
IPS
4. Data Exfiltration
5. Lateral Spread
File Share 1
Exploit Detection is Critical All Subsequent
Stages can be Hidden or Obfuscated
13
Industry: High-Tech
(Per Week)
Web
Exploit
Malware
Download
Unique
Malware
18
100%
28%
FireEye PoV
Customers
Compromised
Had APT
Average
1.46
198.9
12.9
Unique
Callback
2708.9
Impacted
Hosts
2629.8
Max
Top APT
8.66
3011.14
86.92
Backdoor.APT.
Gh0stRAT (40%)
Backdoor.APT.
DarkComet (40%)
Top Crimeware
Business Impact
Remote Access Tools (RAT) that lead to loss
of intellectual property, trade secret, and
sensitive internal communication.
Business Impact
43022.5
Malware.Binary
(67%)
Never-seen-before malware. Signature
based protection defenseless.
41486.9
Exploit.Kit.Neutrino
(67%)
Infection with several types of malware that
steal credentials or restrict access to
computer and demands ransom.
14
The Objective: “Alert-to-Fix in 10 Minutes”
Time to Identify
Security Incidents
Time to Resolve
Security Incidents
Reduce or Prevent…
Theft of
Assets & IP
Cost of
Response
Disruption
to Business
Reputation
Risk
15
Solution ?
+
16
Continuous Threat Protection
Time to Detect
Time to Fix
REAL
TIME
Prevent
THEFT OF
ASSETS & IP
COST OF
RESPONSE
DISRUPTION TO
BUSINESS
REPUTATION RISK
17
SECURITY
Needs To Be
Virtual
Machine-Based
Model of Detection
Purpose-Built for Security
To Address
The New Threat
Landscape
Hardened Hypervisor
Scalable
Portable
FINDS KNOWN/ UNKNOWN
CYBER-ATTACKS IN REAL TIME ACROSS ALL VECTORS
18
FireEye Technology: State of the Art Detection
DETONATE
CORRELATE
Network
Exploit
Email
Malware
Download
Callback
Mobile
Lateral
Transfer
Files
Exfiltration
Within VMs
Across VMs
Cross-enterprise
19
FireEye Technology: Rapid Containment & Response
Endpoint
Threat
Prevention
Platform
Endpoint
Threat
Prevention
Platform
Endpoint
Threat
Prevention
Platform
Contain
A
Detect
A
A
A
A
A
Validate
A
A
A
A
A
A
A
A
A
Contain&Remediate
20
FireEye Product Portfolio
Dynamic Threat
Intelligence Cloud
Internet
Network Threat
Prevention
Platform
DMZ
DATA CENTER
Storage
IPS
Email Threat
Prevention
Platform
SECURITY
OPERATIONS
Content Threat
Prevention
ENTERPRISE LAN
Endpoint
Threat
Prevention
Malware
Threat
Analyzer
Corporate
Network
21
Dynamic Intelligence Sharing
>2 Million VMs Sharing Globally
Products, Correlated Threat Intelligence, and Services
Dynamic Threat
Intelligence Cloud
WEB
EMAIL
FILE
MOBILE
22
FireEye Platform:
Products & Services Portfolio
Products
Network (NX)
MVX-IPS (Roadmap)
Email (EX)
Content (FX)
Endpoint (HX)
Central Manager (CM)
Mobile (MTP)
Cloud Email (ETP)
Forensics (AX)
Threat Analytics Platform (TAP)
Support
Services
Managed Defense
Services Portfolio
Platinum
(24x7, Global)
Managed Defense
Platinum Priority Plus (DSE)
Continuous Protection
Gov’t. Support (Citizens)
Continuous Monitoring
Gov’t Classified
– Planned
(Clearances, Secured Facility)
Start in U.S. and expand
internationally)
Advanced Services
Mandiant Incident Response,
Vulnerability Assessment and
Penetration Testing
Strategic Services: Response
Readiness and Security
Program Assessment
Product Deployment and
Integration
23
FireEye Discovered 11 of 14 Zero Day’s in 2013
Dec 2012
CVE-2012-4792
CFR Watering Hole
Feb 2013
CVE-2013-0422
Facebook/Twitter Attack
Feb 2013
CVE-2013-0634
LadyBoyle
2013
May 2013
CVE-2013-1347
DOL Watering Hole
July 2013
CVE-2013-3163
NGOs Watering Hole
Q2
Q1
Feb 2013
CVE-2013-0640
CVE-2013-0641
Pwnie Award 2013
Jan 2013
CVE-2013-0422
CrimeWare
Nov 2013
CVE-2013-5065
PDF patched vul
June 2013
CVE-2013-1331
South Asia
Oct 2013
CVE-2013-3897
KO/JP Targeted
Q3
Sep 2013
CVE-2013-3893
Operation DeputyDog
Nov 2013
CVE-2013-3906
Multiple Campaigns
Q4
Nov 2013
CVE-2013-3918
CVE-2014-0266
NGOs Watering Hole
Feb 2013
CVE-2013-1493
JP Targeted
29
Question ?
－ FireEye 與文偉共同守護您的企業價值－
30

Download Report