glihacker sonoin smart working da sempre€¦ · § advanced forensics and hunting tools used by...

©2019 FireEye

Heros Deidda

Gli hacker sono in Smart Working da sempre

©2019 FireEye©2019 FireEye

Our History

2

2004SignaturelessDetection 2014

2004

IncidentResponse

2016

2006AttackerIntelligence

EXPERT HUMAN CAPITAL AND INTELLIGENCE AS

COMPETITIVE ADVANTAGES

©2019 FireEye

Our real-time knowledge of the threat landscape ensures that FireEye solutions are built to directly address today’s threat actors and the techniques they employ.


The FireEye Ecosystem

4


Endpoint Security:Overview

5

Provides comprehensive endpoint defense, protecting from threats, detecting attacks, and empowering response.

§ Unified endpoint protection and endpoint detection and response

§ Protection against known threats with signatures

§ Protection against advanced threats with MalwareGuard

§ Protection against exploits and scripts with ExploitGuard

§ Detection of anomalous behavior with real-time IOC engine

§ Advanced forensics and hunting tools used by Mandiant

§ Deployable on premise, virtual, and cloud§ Covering Windows, MacOS, and Linux


FireEye Endpoint Security at a Glance

6

§ Ultimate endpoint security: unified EDR + EPP

§ Protects against known threats with malware protection

§ Protects against unknown threats with MalwareGuard

§ Protects against malware and exploits with ExploitGuard

§ Detects anomalous behavior with real-time IOC engine

§ Provides advanced forensics and hunting tools

§ Deployable on premise, virtual, and cloud


How We Do It

Protect RespondDetect

§ Malware Protection

§ MalwareGuard

§ ProcessGuard

§ ExploitGuard

§ Indicators of Compromise

§ Enterprise Search

§ Investigative Data Acquisition

§ Auto Containment

§ On or off network response

§ Respond at scale


FireEye Endpoint Security in Action

InitialCompromise

MP Malware Protection

Automatic Block & Quarantine

Advanced Detection

Containment

EstablishFoothold

EscalatePrivileges

InternalReconnaissance

MaintainPresence

MoveLaterally

CompleteMission

ExploitGuardEG Real Time IoCRT

MalwareGuardMG

MP MGRT MP RT

RT

EGMG

RT

RTRT

InitialReconnaissance

©2019 FireEye©2019 FireEye9

TechnologyDetects and blocks unknown malicious threats.

Defends against phishing sites with Advanced URLinspection and re-write.

IntelligenceIdentifies impersonation techniques with Smart DNS.

Prioritizes critical threats using event context fromfrontline investigations.

AnalyticsConnects threats and attacks acrosssecurity environment.

Uses email specific threat intelligence to stop hard to detect threats.

Email Security:Overview


Secure Email Gateway

10SMART DNS COMBINATION

MVX FAUDE

ATTACHMENTS URLs

IMPERSONATION MULTI-STAGE

Stops threats with first-hand knowledge of attacks and attackers

Identifies and blocks

New Phishing Sites

(credential theft)

Impersonation

(CEO fraud, sender spoofing)

Unknown Malware

(attachments, zero day)

Advanced URL Defense

Smart DNS*

(deep relationship

analysis)

MVX Engine

(attachment& URL

detonation)

40M+ Mailboxes

Thre

ats

Ca

pabi

litie

s

Intelligence

(frontline investigatio)


Impersonation Detection

11

Techniques Used to Stop Evolving Inline Attacks

Newly Existing Domains

Looks-Like & Sounds-Like Domains

Reply-to Address & Message Header Analysis

Friendly Display Name & Username Matching

CEO Fraud Algorithms


Auto Remediate for Office 365 Actions

12

Auto RemediateEmail becomes weaponized post-delivery (retroactively). Policy action quarantines, moves or deletes malicious message from inbox

MoveMoves malicious email from the inbox to any administrator-defined folder

QuarantineRemoves malicious email from the inbox and places it in quarantine within Cloud Edition for review

DeletePermanently deletes malicious email from the inbox


FireEye Network Security Business Value

Reduce Breach Impact by empowering expert decisions with frontline intelligence

Improve Security Efficiencies by eliminating noise and providing the alerts that matter

1

2

3

Prevent Malicious Attacks by catching threats that other solutions miss


The Benefits of FireEye Network SecurityDetect the

UndetectableGain Additive Protection via

FireEye’s Global Footprint Make Investments

More Efficient

ATTACKER INSIGHTDeep insight of attacker tactics, techniques and procedures

DYNAMIC THREAT INTELAutomated protection gained from threats detected worldwide

BREACH EXPERTISEApplied intelligence gained from the frontline

SMARTVISIONDetect suspicious lateral network traffic

INTELLIGENCE DRIVENInfused intelligence with advanced technologies

MULTI-OS SUPPORTStopping threats that target Macs and PCs

HIGH FIDELITY ALERTSLow false positives to target alerts that matter

ORCHESTRATIONPivot to Helix Platform to automate tasks

FLEXIBILITYMultiple deployment options (inline, out of band) and form factors


Greater Functionality

More than just a “sandbox"§ IPS

§ Riskware

§ SSL Intercept

§ Call back detection

§ Metadata generation

§ Smart Vision for Lateral Movement

§ Smart Grid and Cloud MVX

FireEye NetworkSecurity


Industry Leading AnalysisIndustry-leading Malware Analysis – Adding a multitude of heuristics, deep code and content analysis, including:

– Code Analysis, which includes: Function analysis and Similarity analysis;

– Statistical Analysis, which includes: N-gram analysis and Entropy analysis;

– Embedded URL analysis capability;

– Emulation Analysis, which includes Object emulation; and

– Global cloud-based analysis of known and unknown objects.

De-obfuscateDecompile

DecompressExtract Payload

Emulation

Code Analysis

Statistical AnalysisMVX

MVX


Business Value

Detect advanced threatsby correlating data from multiple tools

Gain visibility by centralizing security data and infrastructure

Minimize the impact of an incident by accelerating response with orchestration and automation

1

2

3


TechnologyNext-Gen SIEM to surface unseen threats

Cloud Visibility to detect threats outside your network

Behavior Analytics to spot malicious activities

FireEye Helix

ProcessesAutomation of time consuming steps

Guided investigation and hunting capabilities to accelerate response

Compliance Reporting

ExpertiseExpertise on Demand to leverage on Mandiant Analysts

Risk Prioritization

Integrated threat intelligence for contextual awareness


§ Real-time threat intelligence

§ Codified expertise from FireEye

§ Sub-Second search

§ Single log source

§ Guided investigations

§ Compliance reporting

SIEM

FireEye and Third Party

Data Sources

Intelligence Rules Analytics Event index

Evidence Collector

Intelligence Endpoints FirewallsOperating Systems


Security Orchestration

Other events remain in the

SIEM for reference

Hash/MD5 Analysis

Domain Analysis

URL Analysis

IP Analysis

Email Address Analysis

FireEye Validation

Analyst Decision

Point

Higher Priority Incidents pulled

out and automatically

escalated

Endpoint containment

§ 150+ pre-defined integration plug-ins

§ 400+ supported devices, actions and playbooks

§ Expertise codified by Mandiant

§ Built-in playbook builder

§ Role-based actions


Cloud Intelligence

VPN AccountMonitoring

Geo-InfeasibilityDetection

Credential Misuse

MisconfigurationDetection

Cloud ThreatAnalytics

Corporate Network

FireEye Network Security

FireEye Helix

Cloud Security

§ Guard against credential abuse

§ Single pane visibility across your enterprise

§ Prevent accidental misconfigurations that lead to attacker compromise


Intel Matches canleverage on FireEyethreat Intel to provideyou Contextualinformation and improveyour Incident MGMTprioritization

Helix Contextual Intelligence


Remote Access Security Assessment (RASA) –Service DescriptionService Overview

Our Approach

Values

Differentiators

Mandiant’s RASA helps clients Identify existing weaknesses and security risks around their remote users infrastructure

This Service is designed to give organizations a view of their remote access-based infrastructure, collaboration tools, security controls, and policies. Organizations can leverage this assessment to validate the security posture of their remote access solutions and collaboration platforms, while also ensuring that security best practices are followed when securing access and data across these platforms.

§ Identify missing processes § Identify missing security controls§ Identify security gaps and opportunities

to improve security operations

§ Identifies security architecture and configuration weaknesses

§ Facilitate future enhancements§ Strategic Phase: Gather information around infrastructure, practices and policies and comparing these against Mandiant best practice

§ Proactive Phase: Active and Passive reconnaissance methods against internet facing remote access systems

§ Report on the strategic element alongside the outcomes of the proactive element to provide a series of actionable recommendations.

glihacker sonoin smart working da sempre€¦ · § advanced forensics and hunting tools used by...

Documents