Spice world 2014 hacker smackdown
-
Upload
alienvault -
Category
Technology
-
view
301 -
download
0
Transcript of Spice world 2014 hacker smackdown
“There are two types of companies that use
computers. Victims of crime that know they are
victims of crime and victims of crime that don’t
have a clue yet.”
- James Routh (CISO
Depository Trust Clearing Corporation)
“In today’s modern world, technology alone is not enough to
combat the threats that now face organizations of all types and
sizes. With the integration of continuous threat intelligence
updates from OTX and AlienVault Labs, we can now provide
millions of Spiceworks users with insight into the threats that
could impact their business, and the guidance they need to take
preventative measures.”
- Russ Spitler
What is this SpiceWorks / AlienVault Integration?
Where does the threat data come from?
What should I do when I get an AlienVault alert in SpiceWorks?
Introduction to AlienVault USM.
Demo with Victor Obando, systems engineer.
Agenda
Alerts in Spiceworks:Dashboard & Device Details Page
“SpiceWorks has found a connection with a potentially suspiciousIP Address 77.240.191.89 on device tmg-mbh.“
False Positives… The Root Cause
IPs ChangeIPs may be assigned to a different server, owner
Threats Get RemediatedIn the case of compromised/slaved servers, system owners may
remediate threat
Threats Naturally ExpireCampaigns and targeted attacks end per orchestrator’s plans
The world’s largest crowd-sourced
threat repository
Provides access to real-time,
detailed information about threats
and incidents
Enables security professionals to
share threat data and benefit from
data shared by others
Powers the AlienVault Threat Alerts
in SpiceWorks
What is Open Threat Exchange (OTX)?
OTX + AlienVault LabsThreat Intelligence Powered by Open Collaboration
Updates every30 minutes200,000 – 350,000 IP addresses validated daily8,000 Collection Points140 Countries and growing
Threat Types Detected
Malware DomainDistributing malware or hosting exploit code
Malware IPInstrumental in malware, including malicious redirection
Command and ControlSending command and control instructions to malware or a botnet
Scanning HostObserved repeatedly scanning or probing remote systems
APTObserved to be actively involved in an APT campaign
Spamming HostActively propagating or instrumental in the distribution of spam
Malicious HostEngaged in malicious but uncharacterized activity
Data Expiry & Privacy
122.225.118.219 # Scanning Host
CN,Hangzhou,30.2936000824,120.161399841
122.225.118.66 # Scanning Host
CN,Hangzhou,30.2936000824,120.161399841
188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0
211.87.176.197 # Scanning Host CN,,35.0,105.0
95.163.107.201 # Spamming RU,,60.0,100.0
188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0
72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,-
111.890602112
174.120.172.125 # Malware IP US,Houston,29.7523002625,-
95.3669967651
210.148.165.67 # Malware IP JP,,36.0,138.0
75.75.253.84 # Spamming US,Henderson,36.0312004089,-115.073898315
What OTX CollectsExternal IPs connecting to system
Traffic Patterns (Timestamps)
What OTX Does NOT CollectSystem data
System information
Internal IP traffic
Any personally identifiable
information
Contributed Data
Expires after 30 Days
Scanning
Expires after 30 Days without
additional evidence
Contributed Data
Expires after 30 Days
Scanning
Expires after 30 Days without
additional evidence
August 7thAugust 28th
September 4th
August 20th
Aug 7, 2014
September 2nd
September 10th
August 15th
August 27th
Recent Breach Disclosures
More and more organizations are finding
themselves in the crosshairs of various bad
actors for a variety of reasons.
The number of organizations experiencing
high profile breaches is unprecedented.
The “security arms race” cannot continue
indefinitely as the economics of securing your
organization is stacked so heavily in favor of
those launching attacks that incremental
security investments are seen as impractical.
Threat Landscape: Our New Reality
84% of organizations breached
had evidence of the
breach in their log files…
Source: 2012 Verizon Data Breach Investigations Report
Asset Discovery• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software
Inventory
Vulnerability Assessment• Network Vulnerability Testing
• Remediation Verification
Threat Detection• Network IDS
• Host IDS
• Wireless IDS
• File Integrity Monitoring
Behavioral Monitoring• Log Collection
• Netflow Analysis
• Service Availability Monitoring
Security Intelligence• SIEM Event Correlation
• Incident Response
Unified, Coordinated Security Monitoring in a single console
Simple Security Event Management and Reporting
Cutting edge, crowd-sourced threat intelligence from
AlienVault Labs and Open Threat Exchange™ (OTX)
SIEM, Network IDS, Host IDS, Wireless IDS, File Integrity
Monitoring, Vulnerability Assessment and more.
Full suite of compliance reporting
Fast Deployment – Be up and running in 1 hour
Designed and Priced for the Midmarket – Starts at $3600!
Why AlienVault for Your Environment
AlienVault Labs Threat Intelligence:Coordinated Analysis, Actionable Guidance
Weekly updates that cover all your coordinated rule sets:
• Network-based IDS signatures
• Host-based IDS signatures
• Asset discovery and inventory database updates
• Vulnerability database updates
• Event correlation rules
• Report modules and templates
• Incident response templates / “how to” guidance for each alarm
• Plug-ins to accommodate new data sources
Fueled by the collective power of AlienVault’s Open Threat Exchange (OTX)
Award-Winning Solution Used by 10,000+ for Threat Detection,
Incident Response and Compliance Management
More Questions?
Email [email protected]
Thank You! Any Questions?
Test Drive AlienVault USM
Download a Free 30-Day
Trialhttp://www.alienvault.com/free-trial
Try Our Product Sandboxhttp://www.alienvault.com/live-demo-site