Nightingale Floors: Mitigating Cyber Attacks in 2015 Tom Kellermann, CISM Chief Cybersecurity Officer, Trend Micro Inc.
Trend Micro Keynote: Nightingale Floors: Mitigating Cyber Attacks in 2015
Aug 08, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Nightingale Floors: Mitigating Cyber Attacks in 2015
Tom Kellermann, CISMChief Cybersecurity Officer, Trend Micro Inc.
History Repeats Itself
Copyright 2015 Trend Micro Inc.
Advanced Malware Targeted Attacks
Advanced Malware
Targeted Attacks
Employee Data Leaks
Traditional Malware
Vulnerability Exploits
300K new malware programs daily!
Arms Bazaar of Attack Code
Thriving Underground Market
Malware offered for $249 with a service level agreement (SLA) and replacement warranty if the creation is detected by any antivirus within 9 months
Copyright 2014 Trend Micro Inc.
Malware checking
Botnet Framework
Bulletproof hosting
Exploit Kit
DDOS Attack for 24 hours
Dropper file and crypt
Modules
$30
$125
monthly onetime
$50
$40
$0$52
$38 $120
$0 $20
$205$70
$80$8
Total:$238 $600
Menu for Full Service Hacking
Stratagems of Elite Hackers
Stages-of-Attack.pptx
Destroy the ForensicsCopyright 2015 Trend Micro Inc.
Noteworthy Attack Vectors
Watering Hole Attacks: 28% in the USA
Source: Trend Micro Q3’14 Treat Roundup Report
Island Hopping and Secondary Infections
The Evolution of Mobile Attacks
Proximity Attacks Realized
Geopolitics as Harbingers for Attack
Operation Pawn Storm
Copyright 2015 Trend Micro Inc.
What are the Impacts of Targeted Attacks?
Strategic Costs Career Risks
Offense Must Inform Defense: Spin the Chess Board
Trends of Attack 2015
• IOS will become the bull's-eye of malware.
• Zero Day’s for Web applications explode.
• Cloud App Attacks.
• Secondary infections are leveraged to facilitate long-term campaigns against the fortune 100.
• Ransomware
• The use of destructive payloads as part of counter incident response.
04/15/2023
Advanced Persistent Response
Advanced Malware
Detection
Attacker Activity Detection
Threat Impact Assessment
Contextual Threat Analysis
Detect malware, C&C, and attacker activity invisible to standard defenses
Analyze the risk, context, timeline and full extent of the attack
Respond with automatic security updates & the insight to shut down the attack
Custom Defense is the Foundation
Custom Defense
Advanced MalwareDetection
ContextualThreat Analysis
AutomatedSecurity Updates
Command & ControlDetection
AttackerActivity Detection
Threat Impact Assessment
Risk Management 1. Conduct Pen test of all third parties.2. Use Two-factor authentication.3. Utilize a host based intrusion prevention system.4. Deploy file integrity monitoring.5. Implement virtual shielding for zero day exploits.6. Deploy both an MDM and Mobile Application Reputation
software.7. Sandbox your cloud apps.8. Implement whitelisting.9. Manage the crypto keys for your cloud data.10. Web Application Security (OWASP).11. Deploy context aware Threat Intelligence.12. Utilize a Breach Detection System.
Securing your journey to the cloud
Related Documents
