Post on 08-May-2015
description
FireEye, Inc. Proprietary
FireEyeNetwork MalwareControl System
Chad HarringtonVP of Marketing
FireEye, Inc. Proprietary 2
Overview
Crimeware’s rise to prominence
Traditional security barriers collapsing
FireEye Network Malware Control System
FireEye, Inc. Proprietary 3
Understanding Crimeware
Targeted malware for profit
Funded by criminal orgs & online markets
Allows remote control by external parties
Cybercrime now ranks among theFBI’s top priorities behindterrorism & espionage.
Computer-based crimes caused $14.2billion in damages to businessesaround the globe in 2005
FireEye, Inc. Proprietary 4
The Crimeware Economy
FireEye, Inc. Proprietary 5
Impact of Crimeware Attacks
Bottom line losses Product/service theft Intellectual property stolen PC & bandwidth exploited
Liability & clean-up Customer notifications & lawsuits Data restoration & downtime
Brand erosion & loss of customers
20% of notifiedcustomers haveended businessrelationship dueto breach
FireEye, Inc. Proprietary 6
How Does Targeted Malware Infiltrate?
Common vectors Mobile laptop Employee home machine 3rd party, guest PC Enterprise desktop
1
Customizedattack
FireEye, Inc. Proprietary 7
How Does Targeted Malware Infiltrate?
2
Customizedattack
Command& control
Remote Control Established Begin probing network Identify high-value victims Install additional malware Steal data & information
FireEye, Inc. Proprietary 8
How Does Targeted Malware Infiltrate?
Targeted infiltration
3
Customizedattack
Command& control
FireEye, Inc. Proprietary 9
Keyloggers Password crackers Trojans Spam/Phishbots
How Does Targeted Malware Infiltrate?
4
Customizedattack
Command& control
FireEye, Inc. Proprietary 10
Traditional Security Barriers Collapsing
Crimeware is designed to escape attention
Exploits bypass traditional security, such as Firewalls – use open ports Antivirus – be slightly new & different Anomaly detectors – remain calm & look normal
“Botnet worm infections can occur even when theimpacted organization has the very latest antivirussignatures and is automatically pushing out OS andapplication patches.” US-CERT whitepaper
FireEye, Inc. Proprietary 11
Targeted Malware Simply Undetectable byTraditional Security Techniques
Targeted malware has 2 to 6 year window
Signature or PatchReleased
VulnerableSoftwareReleased
Window ofExploitability
VulnerabilityDiscovered/Disclosed
FireEye, Inc. Proprietary 12
Stops botnet & malware infiltration others do not Ensures only compliant PCs gain network access Continuous network traffic analysis Automatic prevention & enforcement
FireFireEye Network Malware Control System
FireEye, Inc. Proprietary 13
What is Network Malware Control?
Ensure Compliance
On-connect network access controls ensures onlycompliant machines gain network access
ContinuousAnalysis
Continuous analysis of network activities for botnettransmissions & infection attempts
AutomaticEnforcement
Automatically filter out malicious packets, botnettransmissions, and block infected machines
FireEye, Inc. Proprietary 14
Ensure Compliant Network Access
Remote &Wireless users
LAN users
WAN/VPN
Internet
Wireless
Network access controls - Limit network access tomachines with updated AV signatures & OS patches
FireEye, Inc. Proprietary 15
An infinite supply of virtual victim machinesanalyzes network traffic flows for targeted attacks
Mirrored networktraffic flows
Continuous Analysis using theFireEye Attack Confirmation Technology (FACT)
FireEye, Inc. Proprietary 16
Automated Prevention & Enforcement
SwitchesClose off / restrict networkaccess to infected machinesto protect customer data andcompany resources
MobilitycontrollersMAC exclusion, VLAN re-assignment to block infectedmachines from network
Packet filteringProductive traffic cancontinue to flow, butmalicious traffic is blocked
Internet
FireEye, Inc. Proprietary 17
Typical FireEye Deployments
BackboneBackbone
WANWAN
InternetInternet
Data CenterData Center
Eliminate Network BorneCrimeware from Wireless Users
Eliminate CrimewareFrom Infiltratingfrom Internet
Eliminate Network BorneCrimeware From RemoteBranch Offices and Stores
Protect Data Center WindowsServers from Crimeware
FireEye, Inc. Proprietary 18
Active collaboration with law enforcement, industry,& security researchers to root out crimeware
Law enforcement & Military Research institutions Industry participants Enterprise customers Internet Service Providers
The FireEye Ecosystem
FireEye, Inc. Proprietary 19
About FireEye, Inc.
Based in Menlo Park, CA Led by an experienced team from Sun, Cisco,
Aruba, Symantec, Check Point, & McAfeeOnline at www.fireeye.com
Dedicated to eradicating malwarefrom the world’s networks
FireEye, Inc. Proprietary 20
www.fireeye.com