Defense For Evolving Cyber Attacks - HKCERT
1y ago
21 Views
1 Downloads
5.07 MB
44 Pages
Report/dmca
Download PDF

Transcription

Defense for Evolving Cyber AttacksGarrick NgHead of Systems EngineeringCisco Hong KongNov 2016

Why Cisco for Security?Over the last three years we’ve invested more than US 3.8 billion in security. We are transforming to create theindustry’s broadest security solution portfolio via continued security technology innovation Committed to becoming the #1 security trusted advisor and partner to customers and partners2007200920112012XML FirewallCloud SecurityAdvancedMalwareProtection(AMP)UTMMessaging andWeb Security Appliance2013SecurityAnalyticsThreat-Centric Security(NGIPS and isCloud-DeliveredSecuritySecurityConsultingNetwork BehaviorAnalysis(NaaS)

The Cybercrime EconomySSNCreditCard Data 0.25- 60Social Security 1DDoSDDOSas a Service 7/hourMedicalRecord 50Bank Account Info 1000depending on accounttype and balanceMobile Malware 150GlobalCybercrimeMarket: 450B- 1TExploits 1000- 300KSpam 50/500K emailsMalwareDevelopment 2500(commercial malware)Facebook Account 1 for an account with15 friends

Security Everywhere: Multi-Layer Integrated Defense

Security Everywhere: Multi-Layer Integrated Defense

Security Everywhere: Multi-Layer Integrated DefenseContinuous Protection?Insider Threat?Visibility & SD SegmentationBehavior Analysis

Security Everywhere: Multi-Layer Integrated DefenseContinuous Protection?Insider Threat?Visibility & SD SegmentationBehavior Analysis

Security Everywhere: Multi-Layer Integrated DefenseContinuous Protection?Insider Threat?Visibility & SD SegmentationBehavior Analysis

Threat Centric model to cover the Entire Attack ockDefendAFTERScopeContainRemediateDNS Layer Protection & CASBFirewallVPNNGIPSCognitive Threat Analytics (CTA)NGFWUTMEmail & Web SecurityNetwork Behavior AnalysisSecure Access Identity ServicesAdvanced Malware Protection (AMP) & Threat Grid (Sandbox)Visibility, Context, Segmentation & Threat Intelligence

Time to Detection TTDWhen you missed detection,- Time between the first observation of an unknown file and detection of a threatIndustry 100DAYSCiscoVS13HOURSCisco Minimizes the Time to Detect Breaches

Case Study 1: Ransomware- DNS Layer Domain level protection- Predictive Security

Ransomware CryptoLockerTeslaCrypt 3.0Cryptowall 4.0CTB-LockerKeRanger Locky, ZeptoSamSamCerberPetya, SantanaJigsaw CryptXXX 3.0BartCryptoHitman

Typical Ransomware InfectionInfectionVector(Emailattachment,Clicks a link,Malvertising)C2 Comms &Asymmetric KeyExchangeEncryptionof FilesRequestof Ransom

How Cisco Protects CustomersOpenDNS blocksthe requestOpenDNS blocksthe requestNGFW blocksthe connectionNGFW blocksthe connectionWeb Security w/AMPblocks the fileStealthwatch detectsthe activityOpenDNSNext-Gen FirewallAMP for Endpointblocks the fileOpenDNS blocks therequest to EncryptionKey InfrastructureAMP for Endpointquarantine theransomwareAMPStealthwatch

DNS: a Security perspectiveA blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic91.3%68%of malware uses DNSof organizationsdon’t monitor itSource: Cisco Annual Security Report, 2016

INTERNETMALWAREBOTNETS/C2PHISHINGFIRST LAYERFIREPOWERWSA ( QSimple!Alerts Reduced 2-10xProtects ON & OFFnetworkASAThreat prevention,not just detectionMERAKIAMPAMPBranchAMPAMPBranch

OpenDNS Umbrella @ Rio OlympicsUmbrella deployed for entire Olympics 2 days beforeopening ceremony, in 2hrsTotal of 7 networks configured in Rio and Sao Paulo22M requests per dayUmbrella stopped 23,000 threats stopped each day

Reactive

Predictive90B request/day, 65M active user, 160 Countries

https://youtu.be/TE9qsYBu8MM

https://youtu.be/acwD OA3QZ4

Start a Free Trial - OpenDNS Umbrella Worldwide Coverage, Fast, Simpleto deploy with 100% uptime — nohardware to install or software tomaintainFree to use up to 14 daysThreat protection like no other blocks malware, botnets andphishingPredictive Intelligence - automatesthreat protection to detect attacksbefore they are launched Personal use: Free

Cisco 2016 Annual Security ReportCisco 2016 Midyear Cybersecurity ty/annual security report.htmlhttp://blogs.cisco.com/author/talos

w.talosintel.com/files/publications and presentations/papers/CryptoWall4 WhitePaper.042016.pdf

Case Study 2: Dyn DDoS Attack

BBC, CNN, CNBC, Twitter, Netflix,Paypal, Amazon, NY Times, PlayStation,xBox, Wall Street Journal, 1.2T DDos By IoT Botnet Mirai Lose: 110 Million

DDoS Attacks OverviewISP 1SATURATIONISP 2ISP nISPGood TrafficAttack TrafficTargetApplications &Services

Dyn DDoS attack by Mirai BotnetISP 1SATURATIONISP 2ISP nISPGood TrafficAttack TrafficTargetApplications &Services

What Exactly 198199.59.149.198Twitter Data CenterISP / RecursiveDNS Service199.59.149.198Authoritative DNSServer for twitter.comDyn DNS Service

What Exactly Happened?www.twitter.comwww.twitter.comNO RESOLUTIONISP / RecursiveDNS ServiceAuthoritative DNSServer for twitter.comDyn DNS ServiceTIMEOUTDDoSATTACK199.59.149.198Mirari Botnet(100K Bots)Twitter Data Center

Why Cisco Umbrella Customers Were .198Cisco Umbrella(OpenDNS)Authoritative DNSServer for twitter.comDyn DNS ServiceTIMEOUT(Smart Cache)DDoSATTACK199.59.149.198Mirari Botnet(100K Bots)Twitter Data Center

Best Practice Multi-layer defense to cover Attack Continuum (Before-During-After) DNS, Email/Web gateway, NGFW/NGIPS/AMP, Endpoint AV/AMP protection Back up frequently (and keep away) !!! Patch your operating systems and other software (eg. Flash) ASAP! Keep your Anti-Virus/Anti-malware updated Educate users on emails with links and attachments Be careful of email attachment Disable macros in office documents and Script in browser Don’t stay logged in as administrator End of Support hardware and software?

Shania Ting - Security Sales Manager: hoting@cisco.comTommy Mak - Security Consultant : tomak@cisco.comGarrick Ng - Head of SE: garng@cisco.com

TA L O S I N T E L B R E A K D O W N250 Full Time ThreatIntel ResearchersTHREAT INTELINTEL SHARING1.5 MILLION600 BILLIONDaily MalwareSamplesDaily EmailMessagesMILLIONSAspisInternet-WideScanningOf TelemetryAgentsCrete16 BILLIONDaily Web Requests4Global DataCentersTelemetryHoneypotsISACsAEGISOver 100Vulnerability Discovery(Internal)Open SourceCommunities3rd Party Programs(MAPP)Threat IntelligencePartners1100Threat Traps

Why Cisco Umbrella Customers Were Unaffected Cisco Umbrella (OpenDNS) Dyn DNS Service www.twitter.com 199.59.149.198 Authoritative DNS Server for twitter.com DDoS ATTACK TIMEOUT 199.59.149.198 Mirari Botnet (100K Bots) (Smart Cache) Twitter Data Center

Related Books

Ett verktyg för hotellwebbplatser för att påverka kundrelationer med .

Ett verktyg för hotellwebbplatser för att påverka kundrelationer med .

Cyber Crimes and Laws - Himalaya Publishing House

Cyber Crimes and Laws - Himalaya Publishing House

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense

Institutionen för systemteknik - DiVA portal

Institutionen för systemteknik - DiVA portal

InstallationshandbokIInstallationshandboknstallationshandbok

onshandbok

Premiär för Swedish E-Commerce Academy: Ny rapport visar att hälften av .

Premiär för Swedish E-Commerce Academy: Ny rapport visar att hälften av .

Tillämpningsanvisningar avseende OPF-KL 18 för förtroendevalda

Tillämpningsanvisningar avseende OPF-KL 18 för förtroendevalda

SAP Productivity Pak för Axfood

SAP Productivity Pak för Axfood

Miljökrav Och Bedömningar För Byggkeramik

Miljökrav Och Bedömningar För Byggkeramik

Mitigating DDoS Attacks with F5 Technology F5 Technical Brief

Mitigating DDoS Attacks with F5 Technology F5 Technical Brief

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Workshop Organizers: Center for Intelligent and . - UC Santa Barbara

Workshop Organizers: Center for Intelligent and . - UC Santa Barbara

PopularTags

Recent Views