enfrentando os desafios das ameaças combinadas
DESCRIPTION
Slides usados no web seminário "Enfrentando os Desafios das Ameaças Combinadas" ministrado por Ricardo Valente da Mcafee para a série de web seminários oferecidos pela ISH Tecnologia. Para conhecer mais da ISH visite http://www.ish.com.br ou siga a ISH http://twitter.com/ishtecnologiaTRANSCRIPT
![Page 1: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/1.jpg)
Enfrentando os desafios das ameaças combinadasRicardo Valente
Sr System’s Engineer
![Page 2: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/2.jpg)
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
CRMSaaS
Spammers
TargetedAttacks Bots
![Page 3: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/3.jpg)
Today’s Environment
Internettwitter
facebookWeb 2.0
ERP
SalesforceSaaS
Spammers
TargetedAttacks Bots
Fragmented technology management
Multi-product solutions(NAC, Data Protection)
Compliance requirements
Increased operational cost
Data and productivity risk
Reduced business agility
Complexity Impact
![Page 4: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/4.jpg)
McAfee Network Security Portfolio
• Comprehensive threat/vulnerability protection
• Enabled by Global Threat Intelligence
• User-aware policy controls
• Flexible policy definition
• Compliance monitoring
• Common Management framework
• Optimized workflow
• Role-based administration
Protection Policy Management Platform
• High performance• Scalability• Enterprise-class
reliability• Flexible delivery
(appliance, blades, virtual)
Network
![Page 5: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/5.jpg)
Total Protection Suites for the Network
Internet Gateways
NetworkDefense
IntrusionPrevention NAC
UTM
FirewallUser
Behavior
DLPEmailWeb
![Page 6: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/6.jpg)
Global Threat Intelligence Technology Capabilities
• Protocol definition/behavior/ reputation
• Network attack definitions
• Phishing/Malware
• Protocol definition/behavior/ reputation
• Network attack definitions
• IP reputation• Anti-Malware
• Protocol definition/behavior/reputation
• Vulnerability assessment
• Anti-malware
IntrusionPrevention NAC
UTM
FirewallUser
Behavior
DLPEmailWeb
• IP/URL reputation• Spam profiles• Anti-malware
• IP/URL reputation• Content based
malware• Exploits
• IP/URL reputation• Spam profiles• Network attack
profiles• Anti-malware
![Page 7: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/7.jpg)
Global Threat IntelligenceZero Day Response Environment
Internet
BOTSGotyou.com
Firewall - IPSEm
ail Gateway
Web Gateway
1. New phishing email on webmail
2. User clicks
3. Malware detected even without a signature
![Page 8: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/8.jpg)
Global Threat IntelligenceZero Day Response Environment
InternetGlobal ThreatIntelligence
BOTSGotyou.com
Firewall - IPSEm
ail Gateway
Web Gateway
4. Samples Fingerprinted
5. Attributes analyzed in real time
6. Reputations and Signatures Updated
![Page 9: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/9.jpg)
Analysts Agree: McAfee LeadsA
bili
ty t
o E
xecu
te
Web IPS
Web
E-mailDLP
Gartner Forrester
Niche Players Visionaries
Challengers Leaders
Completeness of Vision
Strategy
Cu
rre
nt
Offe
rin
g
LeadersStrong Performers
Firewall
![Page 10: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/10.jpg)
April 10, 2023
McAfee Network Security10
McAfee Email Gateway
McAfee Web Gateway
Artemis
User receives email with a short message and a URL, from an IP address with no reputation for SPAM
1
User clicks on link and goes to a fake Reuters' video feed web page with malicious content.”
2
The content coming back is malware, and is blocked at the gateway
3The URL, IP, and the payload - all captured from “an event” is sent Avert Labs
4
Real-time feeds update Firewalls and email and web gateways. Artemis protects the endpoint in real-time
5
Internet
Internet
TrustedSource
TrustedSource
IPSFirewall UTM TrustedSource
Bomb Attacks Require Coordinated ProtectionResearch Capacity Matters
![Page 11: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/11.jpg)
McAfee Web Gateway
Web
• Next Generation Web 2.0 security proxy• Enables Safe Secure Web access• High Performance: robust, enterprise class
proxy cache• Enables Productive use of Web 2.0 applications
• Protects against Web 2.0 blended and targeted malware attacks
• Flexible policy and scalable reporting to enable compliance
• Flexible and agile deployment to fit any infrastructure
Customer Benefits
![Page 12: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/12.jpg)
McAfee Email Gateway
• Inbound Protection against spam, email-borne threats and malware
• Outbound Protection – Complete DLP and Advanced Compliance included; integrated encryption
• Administrative Empowerment – Flexible policy creation and robust reporting
• Reduce costs associated with spam and email-borne malware
• Stop data leakage via email• Comply with regulations requiring email security
Customer Benefits
![Page 13: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/13.jpg)
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email13
Hacking Exposed: Web and Email Security
• Bookseller site walkthrough• FileInsight examples of deobfuscation• McAfee® TrustedSource™ technology • Anonymous proxies
![Page 14: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/14.jpg)
Confidential McAfee Internal Use Only
Hacme Books
Cross Site Request Forging
April 10, 2023Title of Presentation14
![Page 15: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/15.jpg)
Confidential McAfee Internal Use Only
Demo
• Visit and logon to a typical online book-seller site.• Browse selection.• Check that shopping cart is empty.• Visit the author's web site for a particular selection.• Return to book-seller site and check shopping cart.• Notice that a title has been added without authorization.
• Repeat same process using McAfee Web Gateway.• Notice that shopping cart does not get populated by the author's site.
• Why?• Author's site has crafted IFRAME that exploits the book-seller site.• McAfee Web Gateway strips out offending IFRAME and prevents
exploit to book-seller site.
April 10, 2023Title of Presentation15
![Page 16: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/16.jpg)
Confidential McAfee Internal Use Only
Logon to Online Book Site
![Page 17: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/17.jpg)
Confidential McAfee Internal Use Only
Browse Book Selection
![Page 18: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/18.jpg)
Confidential McAfee Internal Use Only
Shopping Cart Empty
![Page 19: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/19.jpg)
Confidential McAfee Internal Use Only
Visit Author's Web Site
![Page 20: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/20.jpg)
Confidential McAfee Internal Use Only
Unauthorized Addition to Shopping Cart
![Page 21: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/21.jpg)
Confidential McAfee Internal Use Only
Repeat with McAfee Web Gateway
![Page 22: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/22.jpg)
Confidential McAfee Internal Use Only
Browse Book Selections Again
![Page 23: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/23.jpg)
Confidential McAfee Internal Use Only
Check Shopping Cart
![Page 24: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/24.jpg)
Confidential McAfee Internal Use Only
Visit Author's Web Site Again
![Page 25: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/25.jpg)
Confidential McAfee Internal Use Only
Return and Check Shopping CartCart Remains Empty
![Page 26: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/26.jpg)
Confidential McAfee Internal Use Only
What Does McAfee Web Gateway Do?
April 10, 2023Title of Presentation26
![Page 27: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/27.jpg)
Confidential McAfee Internal Use Only
Original Author's Site with IFRAME
![Page 28: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/28.jpg)
Confidential McAfee Internal Use Only
Site through MWG with IFRAME Removed
![Page 29: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/29.jpg)
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email29
additional malware example
April 10, 202329
![Page 30: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/30.jpg)
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email30 April 10, 202330
![Page 31: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/31.jpg)
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email31 April 10, 202331
![Page 32: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/32.jpg)
Confidential McAfee Internal Use OnlyApril 10, 2023Hacking Exposed - Web and Email32 April 10, 202332
![Page 33: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/33.jpg)
Confidential McAfee Internal Use Only
TrustedSource
April 10, 2023Title of Presentation33
![Page 34: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/34.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
Inte
rnet A
ccess
![Page 35: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/35.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
SQL InjectionAttack
Custom
er
Data
Compromised SitePotential Stolen
Data
11
22
Inte
rnet A
ccess
![Page 36: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/36.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
User OpensEmail & Goes to Compromised Server
SPAMAttack
MalwareDownloaded
11
22
33
Inte
rnet A
ccess
![Page 37: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/37.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malware
Zom
bie
Botnet C
&C
Organize
d Cyb
er
Crooks
Zombie P
roxie
s
Botnet
Legacy
Secu
rity
Solutions
User OpensEmail & Goes to Compromised Server
SPAMAttack
New ZombiesCreated
11
22
44
33
MalwareDownloaded
Inte
rnet A
ccess
![Page 38: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/38.jpg)
Confidential McAfee Internal Use Only
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
208.XXX.XXX.164
Inte
rnet A
ccess
![Page 39: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/39.jpg)
Confidential McAfee Internal Use Only
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
![Page 40: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/40.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
SPAMAttack
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
![Page 41: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/41.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
SPAMAttack
22
User accesses
GMail
11
89.XXX.XXX.84
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
![Page 42: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/42.jpg)
Confidential McAfee Internal Use Only
Spam Sent to Web Mail Account
![Page 43: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/43.jpg)
Confidential McAfee Internal Use Only
Obfuscated JavaScript
April 10, 2023Title of Presentation43
![Page 44: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/44.jpg)
Confidential McAfee Internal Use Only
MalwareDownloadBLOCKED
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
Malware IP& Message Data
sent to TS
22
11
89.XXX.XXX.84
Inte
rnet A
ccess
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
![Page 45: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/45.jpg)
Confidential McAfee Internal Use Only
Web A
pps
Web
apps.y
ourc
o.com
Custom
er
Data
Inte
rnal
Network
Malwar
e Zom
bie
SQL InjectionAttack
Botnet C
&C
Organ
ized C
yber
Crook
s
Zombie P
roxie
sBot
net
NewZombie
Inte
rnet A
ccess
Connections Rejected Based on Reputation
McAfee Email Gateway(formerly IronMail)
McAfee Web Gateway(formerly Webwasher)
McAfee Firewall Enterprise(Sidewinder)
![Page 46: Enfrentando os Desafios das Ameaças Combinadas](https://reader038.vdocuments.us/reader038/viewer/2022110115/54bcb2f74a795918308b45e5/html5/thumbnails/46.jpg)