Gigamon U - Eye Of The Fire, Network Malware Control System
-
Upload
grant-swanson -
Category
Economy & Finance
-
view
1.490 -
download
4
description
Transcript of Gigamon U - Eye Of The Fire, Network Malware Control System
![Page 1: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/1.jpg)
FireEye, Inc. Proprietary
FireEyeNetwork MalwareControl System
Chad HarringtonVP of Marketing
![Page 2: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/2.jpg)
FireEye, Inc. Proprietary 2
Overview
Crimeware’s rise to prominence
Traditional security barriers collapsing
FireEye Network Malware Control System
![Page 3: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/3.jpg)
FireEye, Inc. Proprietary 3
Understanding Crimeware
Targeted malware for profit
Funded by criminal orgs & online markets
Allows remote control by external parties
Cybercrime now ranks among theFBI’s top priorities behindterrorism & espionage.
Computer-based crimes caused $14.2billion in damages to businessesaround the globe in 2005
![Page 4: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/4.jpg)
FireEye, Inc. Proprietary 4
The Crimeware Economy
![Page 5: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/5.jpg)
FireEye, Inc. Proprietary 5
Impact of Crimeware Attacks
Bottom line losses Product/service theft Intellectual property stolen PC & bandwidth exploited
Liability & clean-up Customer notifications & lawsuits Data restoration & downtime
Brand erosion & loss of customers
20% of notifiedcustomers haveended businessrelationship dueto breach
![Page 6: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/6.jpg)
FireEye, Inc. Proprietary 6
How Does Targeted Malware Infiltrate?
Common vectors Mobile laptop Employee home machine 3rd party, guest PC Enterprise desktop
1
Customizedattack
![Page 7: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/7.jpg)
FireEye, Inc. Proprietary 7
How Does Targeted Malware Infiltrate?
2
Customizedattack
Command& control
Remote Control Established Begin probing network Identify high-value victims Install additional malware Steal data & information
![Page 8: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/8.jpg)
FireEye, Inc. Proprietary 8
How Does Targeted Malware Infiltrate?
Targeted infiltration
3
Customizedattack
Command& control
![Page 9: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/9.jpg)
FireEye, Inc. Proprietary 9
Keyloggers Password crackers Trojans Spam/Phishbots
How Does Targeted Malware Infiltrate?
4
Customizedattack
Command& control
![Page 10: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/10.jpg)
FireEye, Inc. Proprietary 10
Traditional Security Barriers Collapsing
Crimeware is designed to escape attention
Exploits bypass traditional security, such as Firewalls – use open ports Antivirus – be slightly new & different Anomaly detectors – remain calm & look normal
“Botnet worm infections can occur even when theimpacted organization has the very latest antivirussignatures and is automatically pushing out OS andapplication patches.” US-CERT whitepaper
![Page 11: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/11.jpg)
FireEye, Inc. Proprietary 11
Targeted Malware Simply Undetectable byTraditional Security Techniques
Targeted malware has 2 to 6 year window
Signature or PatchReleased
VulnerableSoftwareReleased
Window ofExploitability
VulnerabilityDiscovered/Disclosed
![Page 12: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/12.jpg)
FireEye, Inc. Proprietary 12
Stops botnet & malware infiltration others do not Ensures only compliant PCs gain network access Continuous network traffic analysis Automatic prevention & enforcement
FireFireEye Network Malware Control System
![Page 13: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/13.jpg)
FireEye, Inc. Proprietary 13
What is Network Malware Control?
Ensure Compliance
On-connect network access controls ensures onlycompliant machines gain network access
ContinuousAnalysis
Continuous analysis of network activities for botnettransmissions & infection attempts
AutomaticEnforcement
Automatically filter out malicious packets, botnettransmissions, and block infected machines
![Page 14: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/14.jpg)
FireEye, Inc. Proprietary 14
Ensure Compliant Network Access
Remote &Wireless users
LAN users
WAN/VPN
Internet
Wireless
Network access controls - Limit network access tomachines with updated AV signatures & OS patches
![Page 15: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/15.jpg)
FireEye, Inc. Proprietary 15
An infinite supply of virtual victim machinesanalyzes network traffic flows for targeted attacks
Mirrored networktraffic flows
Continuous Analysis using theFireEye Attack Confirmation Technology (FACT)
![Page 16: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/16.jpg)
FireEye, Inc. Proprietary 16
Automated Prevention & Enforcement
SwitchesClose off / restrict networkaccess to infected machinesto protect customer data andcompany resources
MobilitycontrollersMAC exclusion, VLAN re-assignment to block infectedmachines from network
Packet filteringProductive traffic cancontinue to flow, butmalicious traffic is blocked
Internet
![Page 17: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/17.jpg)
FireEye, Inc. Proprietary 17
Typical FireEye Deployments
BackboneBackbone
WANWAN
InternetInternet
Data CenterData Center
Eliminate Network BorneCrimeware from Wireless Users
Eliminate CrimewareFrom Infiltratingfrom Internet
Eliminate Network BorneCrimeware From RemoteBranch Offices and Stores
Protect Data Center WindowsServers from Crimeware
![Page 18: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/18.jpg)
FireEye, Inc. Proprietary 18
Active collaboration with law enforcement, industry,& security researchers to root out crimeware
Law enforcement & Military Research institutions Industry participants Enterprise customers Internet Service Providers
The FireEye Ecosystem
![Page 19: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/19.jpg)
FireEye, Inc. Proprietary 19
About FireEye, Inc.
Based in Menlo Park, CA Led by an experienced team from Sun, Cisco,
Aruba, Symantec, Check Point, & McAfeeOnline at www.fireeye.com
Dedicated to eradicating malwarefrom the world’s networks
![Page 20: Gigamon U - Eye Of The Fire, Network Malware Control System](https://reader033.fdocuments.in/reader033/viewer/2022052321/554bdc76b4c905ac708b5464/html5/thumbnails/20.jpg)
FireEye, Inc. Proprietary 20
www.fireeye.com