Historia y evolucion de las ideas de la Escuela de Palo AltoDescripción completa
Descripción completa
Palo Alto Networks vs FortinetFull description
Historioa y aportacionesDescripción completa
Descripción completa
Descripción: Find out how Palo Alto Networks' Next-Generation Firewalls compare to the Cisco ASA range.
Descripción: Comparison between Palo Alto Networks and Checkpoint
Descripción: Firewall Palo Alto
Manual de palomonte
Descripción completa
Descrição: Palo alto guide
Descrição: Palo alto
Descripción: Now you can pass your certification test from the first try! Get the latest and completely updated braindumps for PCNSE7 available at http://www.fravo.com/free-PCNSE7-download.html
Principales puntos de la doble coacciónDescripción completa
Descripción: Palo alto
5/18/2015
CYBERSECURITY CYBERSECURIT Y & AUT AUTOFOCUS OFOCUS Scott Simkin Sr. Threat Intelligence Manager, Palo Alto Networks
THE ADVANCED ADVERSARY
Majority of adversaries are just doing their job: – Bosses, families, bills to pay. – Want to get in, accomplish their task, and get out (un-detected (un -detected). ). – Goal isn’t making your life li fe hard.
=
1
5/18/2015
UNDERSTANDING THE ATTACK KILL CHAIN METHODOLOGY
What you typically see:
A linear set of steps that adversaries follow to achieve their goals – moving from one step to the other The reality is far different. There is no “step -by-step” for the pragmatic adversary
Consumerization of IT Decreasing Visibility and Control Rate of Change/Complexity
Reliance on Multiple Layers of Service Providers
2
5/18/2015
RECONNAISSANCE Identify a specific target within an organization: Join | Login
SLIDESOURCE
Find more webinars and videos
Search
Presenting a Webinar?
HOME > All SLIDESOURCE > Enterprise Security
Enterprise Security Protecting Critical Assets
Channel Profile Protect your company Our amazing new product provides unprecedented protection from 100% of all threats. You will never need to buy anything else.
Date | Rating | Views
Channel RSS Feed (12,000 Subscribers)
Leading a new era in cybersecurity by protecting thousands of enterprise, government
Content from corporate websites Third-party sites to identify key targets Common search techniques
CIO News Leading a new era in cybersecurity by protecting thousands of enterprise,
Sandboxing is enough Leading a new era in cybersecurity by protecting thousands of enterprise,
Find the topics that interest you
Standalone IPS Leading a new era in cybersecurity by protecting thousands of enterprise,
RECONNAISSANCE Simple Google Search
List of Attendees at a “National Defense Industrial Association”
3
5/18/2015
RECONNAISSANCE Identify the tools used to protect an organization
EXPLOITATION
Exploiting the user
1
Why use malware when you have legitimate credentials? Users are typically the path of least resistance.
4
5/18/2015
EXPLOITATION
Exploit
Exploiting the software
2
Why use a 0-day when 2012-0158/2010-3333 still open? Old vulnerabilities may not be patched.
COMMON TOOLS
Remote Shell Direct access to the OS as logged in user
Active purchase • Easilymarketplace for tools. attacks: •• Conversations Remote access on tools. each aspect • of Malware. the kill-chain. •• Discuss Exploits.tactics “A tool for creating Botnets on Android $4,000” • with Etc.[…] other attackers.
THE UNDERGROUND ECONOMY
“Peer -to-peer Botnet […] $15,000”
7
5/18/2015
BREACHES CONTINUE TO HAPPEN
Time to breach
Time to detection
8
5/18/2015
MORE DEVICES & DATA ISN’T THE ANSWER
THE TYPICAL SECURITY OPERATION Overwhelming set of tools and dashboards
Small Security Operations
9
5/18/2015
CURRENT GENERIC INDICATORS
Malware
Source IP
Target IP
Malware.Binary
Severity
10.223.126.89
84.200.77.204
de06a0f345d15fd771ebfa2b48e91d25
URL / Md5sum
Malware.Binary
10.221.44.12
123.102.17.98
f8b4971afd6f05f42c5c1e68908d9902
Malware.Binary
10.223.112.87
212.23.66.34
d937e6b52959f3da7e01760eb9135621
Malware.Binary
10.223.126.23
233.91.43.198
89722a247706fcf559ffddf15bb7f292
Limited value without context
DEFINING CONTEXT
Malicious actors
Campaigns
Motivation & goals
Infrastructure & tools used
Related indicators
10
5/18/2015
AUTOMATICALLY SURFACE IMPORTANT EVENTS 1%
Highly targeted, unique attacks SHELL CREW
Ransomware
FakeAV
Generic.dropper
Downloader.generic Virus.Win32 Malware.generic
Malware.binary 99%
Malware.generic Spybot FakeAV
Trojan.downloader Virus.Win32
Generic.dropper
Generic.backdoor
Commodity attacks
AUTOFOCUS Threat intelligence service identifies the important attacks through additional information and context. Centralizes threat data and applies both unique statistical and human intelligence analysis. Web portal that gives users access to this data and allows the ability to search and tag this data easily.
11
5/18/2015
AUTOFOCUS ARCHITECTURE
Security operations
WildFire
3rd party feeds
WildFire
24,000
2.5M
15K
Devices worldwide using WildFire
Samples analyzed per day
Unique malware found per day
360M
240M
30B
Sessions
Samples
Artifacts
(as of February 2015)
12
5/18/2015
KEY USE-CASES Unique or targeted events
Context around indicators of compromise
Context around incidents on your network
223.144.191.23 premier.espfootball.com Espionage group XYZ Click fraud
Related indicators
bank-card90.no-ip.com Banking trojan
mutex: mediaCenter domain:wincc-ctrl.com
Seen mostly in
paloalt0networks.com
Energy sector Espionage
DEMO
13
5/18/2015
COMMUNITY ACCESS • The Community Access program provides free limited-time free access to current Palo Alto Networks customers: – Full access to the new AutoFocus service. – Gain prioritized, actionable intelligence into the attacks you must respond to. – Full context on attacks, including adversaries and campaigns. – Contribute to the future of the service and the threat intelligence of all AutoFocus users.
www.paloaltonetworks.com/autofou s
PREVENTING ATTACKS EVERYWHERE
Cloud
Prevent attacks, both known and unknown
Protect all users and applications, in the cloud or virtualized
