Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od...
Transcript of Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od...
![Page 1: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/1.jpg)
Trend Micro Custom DefenseRešenje za zaštitu od targetiranih i naprednih pretnji
Dejan Spasić,IT Security Department Executive Manager
![Page 2: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/2.jpg)
222MDS Informatički inženjering
Ključne poruke
• Otkrivanje nepoznatih i perzistentnih malicioznih softvera, podrška za 100+ protokola
• Vidljivost u delovima mreže koji nisu pod kontrolom tradicionalnih sigurnosnih sistema Firewall, IPS, Web i Mail zaštita
• Ukazuje na problematične aktivnosti i radne stanice
• Jednostavna instalacija
![Page 3: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/3.jpg)
333MDS Informatički inženjering
Trendovi
• Prosečno vreme otkrivanja napada 205 dana
• 69% incidenata otkriveno od strane eksternih partnera
Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES
![Page 4: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/4.jpg)
444MDS Informatički inženjering
Statistika
![Page 5: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/5.jpg)
555MDS Informatički inženjering
Modifikacija malwera
Poison Ivy
Use Multiple Ports
EvilGrab MW
Use Multiple Protocols
IXESHE MW
Evolve/Morph over Time
91% of targeted attacks begin with a spear-phishing email
Attack Weakest Point: Humans
![Page 6: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/6.jpg)
666MDS Informatički inženjering
Faze napada
Širenje na ostale resurse po mreži
Prikupljanje podataka o organizaciji i pojedincima
Targetirana priprema i isporuka malvera
Zaposleni
Uspostava komunikacijje ka Command & Control serveru
Napadač
Preuzimanje podataka, mesecima neprimećeno
$$$$
Reconnaissance Weaponization Delivery Exploatation C2 Lateral Movement
Exfiltration
![Page 7: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/7.jpg)
777MDS Informatički inženjering
Na kojim hostovima je problem?
![Page 8: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/8.jpg)
888MDS Informatički inženjering
100+ Protocols& Applications
All Network Ports
AttackEvolution
KnownThreatInsight
Unknown Threats& Exploits
Software &
Devices
TrendMicro Deep Discovery• Analizira Internet i interni mrežni saobraćaj
• Podrška za Web, Mail i preko 100 protokola i aplikacija
• Algoritmi za otkrivanje aktivnosti u svim fazama:– Advanced malware & exploits
– Command & control communication
– Attacker activity and lateral movement
• Sandbox analiza nepoznatih fajlova
• Veza ka Trend Micro Smart Protection Nework, korelacija lokalnih i globalnih informacija o pretnjama
![Page 9: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/9.jpg)
999MDS Informatički inženjering
TrendMicro Deep Discovery
• Zero-day & known malware• Emails containing embedded
document exploits• Drive-by downloads
• C&C communication for all malware: bots, downloaders, data stealing, worms, blended…
• Backdoor activity by attacker
• Attacker activity: scan, brute force, tool download , …
• Data exfiltration • Malware activity: propagation,
downloading, spamming, …
Attack Detection• Decode & decompress embedded files• Custom sandbox simulation • Browser exploit kit detection• Malware scan (Signature & Heuristic)
• Destination analysis (URL, IP, domain, email, IRC channel, …) via dynamic blacklisting, white listing
• Smart Protection Network reputation of all requested and embedded URLs
• Communication fingerprinting rules
• Rule-based heuristic analysis• Extended event correlation and anomaly
detection techniques• Behavior fingerprinting rules
Detection Methods
![Page 10: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/10.jpg)
101010MDS Informatički inženjering
Sandbox analiza
Local Blacklist:
• New C&C addresses• Malware hash id• Additional (planned)New IOC intelligence
from analysis
Updates Trend Micro and 3rd party security products to prevent further attack.
Trend Products
SIEM
Deep Discovery Sandboxing
Control Manager
![Page 11: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/11.jpg)
111111MDS Informatički inženjering
Deep Discovery Inspector i Analyzer
• Additional custom sandbox images• Extended sandboxing capacity• Sandboxing for Inspector virtual appliances• Central reporting & analysis of malware• Sharable resource with Trend/other products
Deep Discovery AnalyzerDeep Discovery
Inspector
Scalable CustomSandboxingFiles
Docsexe
Suspicious Objects
![Page 12: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/12.jpg)
121212MDS Informatički inženjering
Uređaji, licence
Deep Discovery Inspector - Licenciranje po protoku – 250 Mb do 4 GB. Virtuelni uređaj do 1 Gb
510/1100 Appliance, 5 x 1 Gps portova za mrežnih saobraćaj, 1 RU
4100 Appliance, 5 x 1 Gps i 4 x 10 GBps portova za mrežnih saobraćaj, 2 RU
Deep Discovery AnalyzerAnalyzer Appliance, 3 x 1 Gps portova za sandbox, 2 RU
![Page 13: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/13.jpg)
131313MDS Informatički inženjering
Integracija sa drugim sistemima
• Integracija sa SIEM sistemima: HP, IBM, Splunk
• Deljenje informacija sa ostalim Trend Micro proizvodima
• Deljenje informacija i integracija sa ostalim Secruty proizvodima
![Page 14: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/14.jpg)
141414MDS Informatički inženjering
Splunk integracija
Splunk Enterprise - pretraga, analiza, vizualizacija bilo kojih mašinski generisanih podataka:
Security, Compliance and FraudInfrastructure and Operations ManagementApplication DeliveryInternet of Things
Splunk Enterprise Security - SIEM
TrendMicro DeepSecurity i DeepDiscovery za Splunk
Cisco Security Suite i Cisco Networks App za Splunk
Splunk Add-on for F5 BIG-IP
![Page 15: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/15.jpg)
151515MDS Informatički inženjering
NSS Labs
![Page 16: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/16.jpg)
161616MDS Informatički inženjering
PoC – Proof of Concept
• Tipično trajanje PoC-a 2 nedelje
• Faze:– Osnovno inicijajno podešavanje
– Implementacija
– Na kraju prve nedelje, pregled rezultata, eventualno dodatna konfiguracija
– Na kraju druge nedelje pregled rezultata i generisanje izveštaja
![Page 17: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/17.jpg)
171717MDS Informatički inženjering
Ključne poruke
• Otkrivanje nepoznatih i perzistentnih malicioznih softvera‚ podrška za 100+ protokola
• Vidljivost u delovima mreže koji nisu pod kontrolom tradicionalnih sigurnosnih sistema Firewall, IPS, Web i Mail zaštita
• Ukazuje na problematične aktivnosti i radne stanice
• Jednostavna instalacija
![Page 18: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/18.jpg)
Hvala na pažnji !!!
Trend Micro Custom DefenseRešenje za zaštitu od targetiranih i naprednih pretnji
![Page 19: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/19.jpg)
191919MDS Informatički inženjering
MDS – TrendMicro Gold Partner
• Konsolidacija security servisa i formiranje odeljenja
• MDS – TrendMicro Gold Partner
• Reference i promet u protekloj godini
• Program događaja
![Page 20: Trend Micro Custom Defense - mds.rs...Trend Micro Custom Defense Rešenje za zaštitu od targetiranih i naprednih pretnji ... Izvor: M-Trends® 2015: A VIEW FROM THE FRONT LINES. MDS](https://reader030.fdocuments.mx/reader030/viewer/2022040412/5f03c2807e708231d40aa1db/html5/thumbnails/20.jpg)
202020MDS Informatički inženjering
Pozicija u mreži