1

Dissecting the Top Five Network Attack Methods:A Thief’s Perspective

2

““

Things have changed lately.I can make a lot of money doing this. This is my

job now.Thief’s Perspective

3

42%

36%

7% 9%6%

StealthyEvasive SSL

Network Abuse

Browser1 2 3 4

5

Top Network Attack Methods

The game has changedAdvanced targeted attacks are creating complexity

Understand who you are dealing withThey know you better than you know them

Strength through knowledgeThe more you know the stronger you grow

54,627,468

Network Attacksin Q1 2015

1

1. McAfee Labs Q1 2015 Threat Report

4

Browser Attacks1

Seems I can always get through the next new product that is

supposed to stop me. It’s often not about the technology but

the user. They’re just so easy to trick.

“

“Thief’s

Perspective

You See a Browser, I See a Door

The new DMZUsers are easier to trick than IT

Easy to hideMalicious content is rarely obvious

Flexible platformRobust scripting increases attack surface

5

Keep users safe from wrong turns

Web Content Filtering

Understand complete intent of inbound web content

Sandboxing

Find malicious scripts in incoming browser files

Deep File Analysis

Simulate browser activity in a safe environment

Emulation

Win Back the Browser1

6

Evasive Attacks2

Most of my targets don’t believe

evasions are a concern. Out of

sight, out of mind—just like my attacks. Their mistake is my

gain.

“

“

If There’s a Crack, We’ll Find it

Foundational gapsHoles exist in even the best laid security strategies

Trick any deviceDifferent methods used depending on the inspection device

Nothing to seeEvasions leave detection left in the dark

Thief’s Perspective

7

Find and blocks evasive patterns in network attack

traffic

Full Stack Normalization

Find evasive callbacks and exfiltration with network-endpoint

visibility

Endpoint Intelligence

Find files attempting to evade the sandbox

Static Code Analysis

Stay Safe from Evasions2

8

Stealthy Attacks3

I love breaching a company that spends tons of money

on gear but can’t get it working

together. I know I leave traces, but by the time the

admins connect all the dots I’m long gone.

“

“

I’m Getting to Know all About You

Doing their homeworkExtensive reconnaissance of your network

Customized for youCustom attacks designed around your defenses

Hide in the noiseFragmented visibility from information overload

Thief’s Perspective

9

Identify targeted and custom attacks

Sandboxing

Learn context and eliminate fragmented visibility

Security Connected

Empower all gateway devices with robust sandboxing access

Integration

Enable all devices to share and learn in real time

Threat Intelligence Exchange

Stop the Stealth3

10

SSL Attacks4

Why not hide in encrypted traffic? Most

companies don’t have the right

equipment to inspect it. Since they can’t see it,

I can even use easy attacks.

“

“

Lets Play a Game of Hide and Seek

Hiding in plain sightYou can’t block what you can’t see

Expensive visibilityMost organizations lack comprehensive SSL visibility

New SSL channelsIncreased cloud usage provides plenty of places to hide

Thief’s Perspective

11

Peel back SSL layers for visibility into inbound web

traffic

Integrated Inbound SSL Decryption

Maintain throughput and performance with hardware based

decryption

Throughput Performance

Minimize expense by bringing next generation inspection to SSL

Consolidated Inspection

Exposing the SSL Attacker4

12

Network Abuse Attacks4

For $6 in Bitcoin, I can rent time on a DDoS tool

and bring down most websites. Better yet, if I

send just the right type of packet to their web servers, I can crash

the site for free.

“

“

How Much is Your Internet Presence Worth?

Simple and effectiveAbuse of networks with DDoS gets the job done quick

Finding hay in a haystackDifficult to identify abusive traffic.

Target the applicationIncreased challenges stopping application level attacks

Thief’s Perspective

13

Completely understand abusive traffic hitting your site

On-Premise Packet Inspection

Expose the malicious application attack hiding in encrypted traffic

SSL Inspection

Isolate the small and disguised changes in traffic patterns

Volumetric Analysis

Protect yourself from DDoS4

14

It’s Time to Shift Your Perspective

Avoid “Shiny

New Toy”syndrome

Learn from the bad

guys

Embrace a platform that grows with

you

Drive for connected visibility

15