Threats & Trends
Download
Report
Transcript Threats & Trends
McAfee Security Connected –
Next Generation Security
Barna Tamás CISSP, Security+
Security Systems Engineer/Eastern Europe
April 24, 2020
McAfee Confidential—Internal Use Only
Threats & Trends
Security Connected
Next Generation Security
McAfee Confidential—Internal Use Only
Threats & Trends
3
April 24, 2020
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Stealth Landscape
Unique Rootkit Malware
250,000
Rootkit
Family
Binaries
%
%rootkit%
2,119,705
100.00%
Koutodoor
452,042
21.33%
TDSS
389,216
18.36%
Farfli
167,895
7.92%
*MBR*
162,605
7.67%
Caxnet
106,860
5.04%
Prosti
80,887
3.82%
DNS
Changer
74,010
3.49%
Cutwail
32,560
1.54%
LDPinch
18,590
0.88%
200,000
150,000
100,000
7
April 24, 2020
Q112
Q411
Q311
Q211
Q111
Q410
Q310
Q210
Q110
Q409
Q309
Q209
Q109
Q408
Q308
Q208
Q108
Q407
Q307
Q207
0
Q107
50,000
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats & Trends
McAfee Confidential—Internal Use Only
Threats Continue to Move Down the Stack
Traditional attacks—and
defenses—focused
primarily on the
application layer
Applications/RDBMS
Attack and disable
security products and
hence all protection
AV
HIPS
Infect OS with APT’s
resulting in threats hidden
from security products
Operating System
Compromise
virtual machine and
hence all guest
machines within
Virtual Machine
I/O
“Ultimate APT’s”
compromise
devices below OS,
either before or
after shipment
Memory
Disk
BIOS
Network
Display
Rogue peripherals &
firmware bypassing all
other security measures
Malware/rootkits target
Storage Devices gain
Unauthorized control
CPU
McAfee Confidential—Internal Use Only
Intel + McAfee Strategy
Security = Third Pillar of Computing
BETTER SECURITY SOLUTIOINS AND PRODUCTS
Power Efficient
Performance
Next
Generation
Endpoint
Security
13
Secure
Embedded
Devices
Internet
Connectivity
Secure Mobile
Devices
April 24, 2020
Security
Cloud Security
Platform
Active Silicon
Features
McAfee Confidential—Internal Use Only
What It Takes to Make An Organization
SAFE
WHAT WE MUST KNOW…
Who Am I Dealing With
What Is the Purpose
What Data Is Accessed
Evaluate Risk
Datacenter
Continuous Monitoring
Learning and Intelligence
McAfee Confidential—Internal Use Only
Technology Architecture for Security
How Connected Is Your Security?
DLP
Agent
Host IPS
Agent
Antivirus
Agent
Encryption
NAC
Systems
Management
Agent
Audit
Agent
EVERY
SOLUTION HAS
AN AGENT
EVERY
AGENT HAS
A CONSOLE
EVERY
CONSOLE
REQUIRES
A SERVER
EVERY
SERVER REQUIRES
AN OS/DB
EVERY OS/DB REQUIRES
PEOPLE, MAINTENANCE,
PATCHING
WHERE DOES
IT END?
McAfee Confidential—Internal Use Only
15
Technology Architecture for Security
How Connected Is Your Security?
McAfee ePO Server
(AV, DLP, NAC,
Encryption,
PA, Site Advisor)
SINGLE
AGENT
SINGLE
CONSOLE
McAfee Confidential—Internal Use Only
16
Automation – GTI
Threat Intelligence Feeds
Endpoints
Appliances
Servers
Firewalls
Other feeds
and analysis
Email Reputation
Engine
File Reputation
Engine
Web Reputation
Engine
Network Reputation
Engine
Vulnerability Information
Browser
Firewall
Email
Web
AV
HIPS
AWL
Mobile
McAfee Confidential—Internal Use Only
McAfee Solution Platform
NETWORK SECURITY
ENDPOINT SECURITY
Next Generation Firewall
Intrusion Prevention
Access Control
Network User Behavior Analysis
Malware Protection
Device Encryption
Application Whitelisting
Desktop Firewall
Device Control
Email Protection & Anti-Spam
Network Access Control
CLOUD SECURITY
Email Security
Web Security
Data Loss Prevention
Encryption
McAfee
Security
Management
Server & Database Protection
On Chip (Silicon-Based) Security
Smartphone and Tablet Protection
Virtual Machine and VDI Protection
Embedded Device Protection
SECURITY MANAGEMENT
ePolicy Orchestrator (ePO)
Policy Auditing & Management
Vulnerability Management
Risk Management
Compliance
SIA COMMUNITY
Security Innovation Alliance
McAfee Connected
Global Strategic Alliance Partners
McAfee Confidential—Internal Use Only
McAfee’s Extensible Platform for Security Risk Management
Industry Leadership to Drive Better Protection, Greater Compliance, and Lower TCO
SIA Associate Partner
SIA Technology Partner
(McAfee Compatible)
McAfee Confidential—Internal Use Only