Académique Documents
Professionnel Documents
Culture Documents
Advanced
Persistent
Threats
2
Global Threat Landscape: Threats Rising!
The Cloud’s Becoming Suspect…
Snowden Effect Influences Encryption
Information Security Trends
Security’s a boardroom
Mobile attacks increase conversation
These don’t
affect me, right?
Advanced Threats Timeline
Nation-states / Political Criminals / Private
China-based C&C Four 0day 0day Word flaw Targeted Lebanon 152M records
Spear Phishing PLC Rootkit Iran, Sudan, Syrian USB LNK Flaw 0day Coldfusion
Political Targets Broke Centrifuges Cyber Espionage APT Bank Trojan Stolen source
Delivery
Compromise/Exploit
Infection/Installation
Objectives/Exfiltration
Reconnaissance
Delivery
Compromise/Exploit
Infection/Installation
Objectives/Exfiltration
APT Techniques Trickle Down
Signature
Opportunistic
available
THRESHOLD OF DETECTION
Attacks
Time
Hosts Compromised
“Advanced”
Signature
Phishing
Time
Source: Jeffrey J Guy; Director, Product Management; Bit9/Carbon Black
APT Blocker — How Does it Work (1)
The «legacy» infection process 12 – The
Onceattacker builds package
the malware generic as been
malware
recognizedto attack large no. of victims base
Target:
a signature is created and bytecode is
damages
compared to as much
against assignatures
those possible hosts
stored into AV DB
Malware is distributed using:
- phishing, spear phishing, …
- drive-by download on crowded,
generic, communities and web services
drive-by download
drive-by download
for A’s victims
attacker
sandbox cloud array
That’s why APT Blocker fills that security gap!
Info&Sales: italy@watchguard.com