protecting your network - cisco · protecting your network industry-leading threat intelligence....
TRANSCRIPT
![Page 1: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/1.jpg)
P R O T E C T I N G Y O U R N E T W O R K
Industry-leading threat intelligence. The largest threat detection network in the world.
Vitor Ventura - @_vventuraThreat Researcher
![Page 2: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/2.jpg)
Agenda
![Page 3: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/3.jpg)
Agenda
• The threat landscape• How TALOS address the threats• How local targeting attacks go behind
borders• Closing thoughts
![Page 4: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/4.jpg)
Threat landscape
![Page 5: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/5.jpg)
THREAT LANDSCAPE
Wargames
![Page 6: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/6.jpg)
THREAT LANDSCAPE
Jurassic Park
The Godfather
![Page 7: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/7.jpg)
THREAT LANDSCAPE
19.4%• Network Accessible• Low Complexity• No Authorization
Low Hanging Fruit on Decline
![Page 8: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/8.jpg)
What does this mean?
The Matrix
![Page 9: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/9.jpg)
250+Full Time Threat Intel Researchers
MILLIONSOf Telemetry Agents
4Global Data Centers
1100+Threat Traps
100+Threat Intelligence Partners
THREAT INTEL
1.5 MILLIONDaily Malware Samples
600 BILLIONDaily Email Messages
16 BILLIONDaily Web Requests
Honeypots
Open Source Communities
Vulnerability Discovery (Internal)
Product Telemetry
Internet-Wide Scanning
20 BILLION
Threats Blocked
INTEL SHARING
Talos Intel Background
Customer Data Sharing Programs
Provider Coordination Program
Open Source Intel Sharing
3rd Party Programs (MAPP)
Industry Sharing Partnerships (ISACs)
500+Participants
![Page 10: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/10.jpg)
THREATS DON’T GO AWAY,HOW DO WE ADDRESS IT?
![Page 11: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/11.jpg)
MULTI-TIERED DEFENSE
Cloud to Core Coverage
• WEB: Reputation, URL Filtering, AVC• END POINT: AMP, ClamAV• CLOUD: FireAMP & ClamAV detection content• EMAIL: Reputation, AntiSpam, Outbreak Filters
• NETWORK: Snort Subscription Rule Set, VDB –FireSIGHT Updates & Content, SEU/SRU Product Detection & Prevention Content
• Global Threat Intelligence Updates
![Page 12: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/12.jpg)
Industry Leading Expertise
![Page 13: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/13.jpg)
Ireland
Switzerland
Portugal
UK
SerbiaCroatia
Poland
Ukraine
France
Germany
Spain
Italy
European countries with a Talosrepresentative
![Page 14: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/14.jpg)
Forcing the Bad Guys to Innovate• Spreading security news,
updates, and other information to the public
ThreatSource Newslettercs.co/TalosUpdate
Social Media PostsFacebook: TalosGroupatCisco
Twitter: @talossecurity
White papers, articles, & other information talosintelligence.com
Talos Blogblog.talosintelligence.com
Instructional Videoscs.co/talostube
![Page 15: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/15.jpg)
Local attacks with global impacts
![Page 16: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/16.jpg)
Broadcast target ing
Robin Hood men in tights
Mass email campaigns would
target as many individuals as
possible
§ The effect on organizations would be mainly:
§ shared drive encryption
§ Business operations disruption due to workstation encryption
![Page 17: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/17.jpg)
Broadcast target ing
§ Some of these campaigns
were limited due to:
§ Language
§ Geography
§ Big impact on
organizations would
require a lot of effort
and a bit of luck
![Page 18: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/18.jpg)
What changed?
![Page 19: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/19.jpg)
§ The introduction of non-exploit
based worm-like behavior
§ The internal networks becomes
the initial attack vector
§ The companies threat model
needs to expand
Local target ing becomes global
![Page 20: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/20.jpg)
TALOS : Closing thoughts
![Page 21: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/21.jpg)
Closing thoughts
![Page 22: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/22.jpg)
• Be ready, have a plan, prepare you organization to react and recover
• Isolate vendors as much as possible, specially if they require high privileges.
• Segregate your networks, be ready to perform emergency segment isolation
• Deploy EDR like solutions, traditional AV aren’t enough anymore
• Ensure that you have a proper patch management program
Mitigations
![Page 24: PROTECTING YOUR NETWORK - Cisco · PROTECTING YOUR NETWORK Industry-leading threat intelligence. The largest threat detection network in the world. ... Cloud to Core Coverage •](https://reader030.vdocuments.us/reader030/viewer/2022041018/5ecb6d1445d11833c7156a14/html5/thumbnails/24.jpg)
talosintel.comblogs.cisco.com/talos
@talossecurity
Vitor Ventura - @_vventuraThreat Researcher