Post on 09-Feb-2017
1
Market Trends
2
Old & New Threats
Despite all the publicity about zero-day exploits, a big percentage of breaches (44 per cent) come from vulnerabilities which are two to four years old.[…] Most vulnerabilities stem from a relatively small number of common software programming errors.Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago, according to HP, which recorded an increase in the level of mobile malware detected.“Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP.
3
Android Known Vulnerabilities: Update?
http://www.cvedetails.com/cve/CVE-2015-1474/
4
Sandboxing
5
Why Talk about Advanced Threat Protection
“New Studies Reveal Companies are Attacked an Average of 17,000 Times a Year.”
“Companies like J.P. Morgan Plan to Double Spending on Cyber security…”
“Cybercrime Will Remain a Growth Industry for the Foreseeable Future.”
“The Reality of the Internet of Things is the Creation of More Vulnerabilities.”
“43% of firms in the United States have experienced a data breach in the past year.”
6
Companies should be concerned
Prevention techniques sometimes fail, so detection and response tools, processes, & teams must be added
FACT:
GOAL: Reduce time to Find/Detect incidentsReduce time to Investigate incidentsReduce time to Remediate incidents
229 days
Average time attackers were on a network before detection
67%
Victims were notified by an external entity
7
Kill Chain of an Advanced Attack
Spam MaliciousEmail
MaliciousWeb Site
Exploit
MalwareCommand &Control Center
Bots leverage legitimate IPs to pass filters. Social engineering fools recipient.
MaliciousLink
Bot Commands& Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Control/IP Reputation
Fast flux stays ahead of web ratings
Zero-days pass IPS
Compression passes static inspection
Encrypted communicationpasses controls
8
KnownGood
Known Bad
ProbablyGood
Very Suspicious
SomewhatSuspicious
Might beGood
CompletelyUnknown
Whitelists Reputation: File, IP, App, Email SignaturesDigitally signed files
BlacklistsSignatures
HeuristicsReputation:
File, IP, App, Email
Generic Signatures
CodeContinuum
SecurityTechnologies
Sandboxing
Malware? Goodware? Idon’tknowware? The Continuum
9
Enter Sandboxing
Spam MaliciousEmailMalicious
Link
MaliciousWeb Site
Exploit
Malware
Bot Commands& Stolen Data
Command &Control Center
Spam
MaliciousLink
Exploit
Malware
Bot Commands& Stolen Data
Sand
box
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Control/IP Reputation
10
FortiSandbox – 5 Steps to Better Performance
Call Back Detection
Full Virtual Sandbox
Code Emulation
Cloud File Query
AV Prefilter
• Quickly simulate intended activity – Fortinet patented CPRL• OS independent & immune to evasion – high catch rate
• Apply top-rated anti-malware engine
• Examine real-time, full lifecycle activity in the sandbox to get the threat to expose itself
• Check community intelligence & file reputation
• Identify the ultimate aim, call back & exfiltration• Mitigate w/ analytics & FortiGuard updates
11
VB100 Reactive: AV w/ all updates VB100 Proactive: AV w/o updates Fortinet anti-malware results
» 96% reactive » 86% proactive
Top Rated Anti-Malware
Independent third-party tested & validated!
12
Top-rated Breach Detection (NSS Labs Recommended)» 99% detection» Results delivered w/in 1 min most of
the time
Top Rated Sandbox
Independent third-party tested & validated!
13
New in FortiSandbox 2.0 Now includes full sandboxing w/ licenses for
Windows, MS Office, IE Now follows URLs to scan objects Now inspects Network File Share locations Now exports to 3rd Party scan toolsIntegrated with FortiGate Provides SSL inspection Fewer sandboxes needed
– 1 sandbox supports multiple FortiGates (Ingress/Egress points) FortiSandbox Cloud service integrated with FortiGate offers quarantine feature
New in FortiSandbox 2.0 - Detecting Even More Attacks
Network Traffic
Network Traffic FortiGate
FortiSandbox
FortiSandbox
14
Stop Malicious Emails: FortiSandbox, FortiGate, FortiMail
Reputation, behavior and other analysis performed by FortiMail. At risk messages held for additional FortiSandbox analysis.
Clean emails delivered to mail servers.Outgoing email also inspected
FortiSandbox prefilters, executes, analyzes and feeds back to FortiMail and FortiGuard.
Feedbackto FortiGuard
Feedbackto FortiMail
EmailTraffic
Internet
SandboxInspection
InspectedEmailsNetwork
Traffic
Full NGFW inspection performed on FortiGate. At risk objects sent to FortiSandbox
FortiMail for Email Inspection» Blocks known threats» Holds high risk messages for
Sandbox rating» Simplified deployment
1 sandbox supports multiple FortiMail
FortiSandbox for Payload Analysis» Detects unknown threats» Provides threat intelligence for mitigation» Ultimately results in updated FortiGuard Security
Services
15
The Details- New Advanced Threat Protection FrameworkIntegrated Solutions for Better Protection
Hand off :High risk items
Hand off :Ratings & results
Hand off :Security updates
FortiSandbox &everything that
is behavior based
FortiGate, FortiMail &
everything that can enforce a security policy
FortiGuard teams and automation
Known Threats• Reduce Attack Surface • Inspect & Block Known Threats
Unknown Threats• Identify Unknown Threats • Assess Behavior & Identify Trends
Response• Identify scope • Mitigate impact
16
Detect to Mitigate to PreventA continuous cycle of improvement
Updates to Preventative Security Updated IP sender
reputations New web site ratings
used for web filtering New IPS rules and
botnet detection to block command and control traffic
Updated anti-malware detection for this and similar attachments
Detection and analysis Sandbox object behavior
analysis & details Suspicious activity: privilege
modification, file creation, modification & deletion
Malicious activity: initiated traffic, encrypted traffic, DNS query
File names, URLs, IP addresses
Immediate Remediation Block email sender IP from delivering any other messages to employees. Prevent communication with this command & control Quarantine recipient devices Confirm compromise and remove malicious files
17
Contattaci gratuitamente…
In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certificazione, raggiungendo la qualifica di Partner Of Excellence.
Certified experts in Fortimail and email security
Certified experts in Fortiweb and web application firewall protection
Certified experts in FortiAp, FortiWifi and wireless security
ContactsTel. +39 049 8843198 DIGIT (5)contacts@lanewan.it
www.lanewan.it