Security_2

Transcript Security_2

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

Advanced Persistent Threat Assessment Services

AT&T Security Solutions

APT Attacks on the Rise

Google

Stolen search source code (Operation Aurora – APT)

Citi

Major data breach Stuxnet disables Iranian nuclear power plant (APT)

Visa PayPal MasterCard

Anonymous attacks (DDOS)

RSA Lockhead Martin

Stolen records (APT)

SONY Oak

Major Breach

Ridge National Laboratory

APT event Major Breaches (DDOS/APT)

2/10 3/10 4/10 5/10 6/10 7/10 8/10 9/10 10/10 11/10 12/10 1/11 2/11 3/11 4/11 5/11 6/11 7/11 8/11 Russian APT (Lurid/APT) Egypt Breach LulzSec Posting PBS WikiLeaks revenge (DDOS) 2

Advanced Persistent Threat -Definition

• • • •

Advanced

Taking advantage of latest techniques Leverages Open Source Intelligence and Social Networks Usually involves knowledge of specific operating system or application compromises Code Reversing and Fuzzing techniques can help locate unique weaknesses in specific targeted systems • • •

Persistent

Intent dedication –resilience even after system reboot Almost always has a (C&C) Command and Control capability Patient / Latent ability … can go to sleep for months •

Threat

Signatures / Vectors © 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

APT Attack and Exploitation Lifecycle

Step 1

Reconnaissance

Step 2

Initial Intrusion into the Network

Step 3

Establish a Backdoor into the Network

Step 4

Obtain User Credentials

Step 5

Install Various Utilities

Step 6

Privilege Escalation / Lateral Movement / Data Exfiltration

Step 7

Maintain Persistence

Key Targets and Threats

Asset Security Controls Business Operations Financial information Intellectual Property Business Strategy Brand Employee Information Customer Information What's at risk?

Compromising integrity of security controls leads to unending challenges. Knowledge of security controls could reveal vulnerabilities that facilitate ongoing criminal activity.

Gain insider and administrative access to monitor or change operations environment. Compromised control of production or test networks and elements could cripple operations (loss of operating integrity).

Use not-yet-disclosed financial information.

Use, sell, release intellectual property.

Loss of competitive advantage.

Loss of market share due to damaged brand reputation (e.g., Avoid your.com, they have leaky security).

Impersonate authorized users, effect information disclosure.

Conduct focused phishing efforts, Identity theft.

Obtain customer information for sale or other use.

Lose market share if customers perceive we are bad at security.

Loss of customer because they are put out of business by APT.

Advanced Persistent Threat

What you should know • •

Valid, high impact risk

Targets your core valuables, your security Persistent, stealthy, controlled, exfiltration • •

Needs focused, ongoing action

Step Up Your Game Take actions that Prevent, Detect and Respond • •

Reduce the attack surface and inevitable response time

Focus on your key targets Incremental, actionable approaches (existing, new)

Features and Potential Benefits

• • •

The review covers three main areas of interest:

Operational Readiness Review Network Architecture Assessment Social Engineering Review • • •

This assessment helps you:

Assess how prepared your organization is to detect and respond to a targeted or advanced threat Identify vulnerabilities in your security which could be used by a sophisticated actor to gain access Heighten the capabilities of your team to respond to a targeted cyber attack

How can you prepare?

Get visibility into threats beyond the edge of your network

Get visibility and analysis into what’s happening inside your network

Monitor and address Advanced Persistent Threats in real-time 24/7/365

APT Preparedness Assessment

• • •

Evaluates your organization’s ability to detect, resist and respond to a targeted or advanced threat. Helps organizations understand their exposure to targeted threats, including Advanced Persistent Threats (APT), and take action to reduce their risk of compromise. Assessment Components

– Target Definition – Operational Readiness Review – Network Architecture Review – Social Engineering Assessment

APT Preparedness Assessment Steps

• • • Identify and classify business assets and data stores • Conduct vulnerability assessment across critical infrastructure Quantify risk with highest value assets and highest vulnerabilities atop the list Review security measures protecting critical business assets • • • Identify key individuals most likely to be the target of social engineering attacks (due to high levels of access) Implement aggressive access control by restricting network access of key individuals to ‘business need to know’ Employee training Prioritize high-risk individuals and work groups • • Identify incident response team (including legal and business owners) • Communication plan, including law enforcement if necessary Schedule/conduct incident response dry run

Elevator Pitch

1 Assess your current state and assets What would motivate an adversary to target your organization 2 Identify risk from Advanced Threats Correlate your current state to the risk from Advanced Persistent Threat (APT) actors

Questions on your Business Client’s mind

How do I protect my organization and its assets?

What organized elements may be targeting our organization? How can we detect Advanced Persistent Threats when they strike?

How do we determine if our organization has already been compromised?

How vigilant are our employees to the types of methods APT actors may use?