Mc afee conectando las piezas
-
Upload
software-guru -
Category
Technology
-
view
399 -
download
1
description
Transcript of Mc afee conectando las piezas
![Page 1: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/1.jpg)
Conectando las piezas para mitigar el riesgo
Jorge Herrerías, CISSP Sales System Engineer
![Page 2: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/2.jpg)
Malware Continues to Grow…
2
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
Q1 2010
Q2 2010
Q3 2010
Q4 2010
Q1 2011
Q2 2011
Q3 2011
Q4 2011
Q1 2012
Q2 2012
Q3 2012
Q4 2012
Q1 2013
14,000,000
Source: McAfee Labs ,2013
New Malware Samples New malware
samples grew 22%
from Q4’12 to Q1‘13
2012 new malware
sample discoveries
increased 50%
over 2011.
Malware continues to grow, and getting more sophisticated…
128M Total Malware Samples in the McAfee Labs Database
![Page 3: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/3.jpg)
The number of new, unique samples this quarter is greater than 320,000, more than twice as many as in the first quarter of 2013.
During the past two quarters, McAfee Labs has catalogued more ransomware samples than in all previous periods combined.
Ransomware
3
New Ransomware Samples
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013
![Page 4: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/4.jpg)
Total Malware Samples
4
The McAfee “zoo” now contains more than 140 million unique malware samples.
Total Malware Samples
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
120,000,000
140,000,000
160,000,000
Jul-12 Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13
![Page 5: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/5.jpg)
Suspicious Internet (MX)
5
As of December 31, 2012, nearly
1,100 suspicious Internet addresses
hosted in Mexico were analyzed by
McAfee. There were only 800 in late
2011. 62 percent of the current ones
are assigned with a maximum risk.
Nearly 51 percent of these URLs
hide malware. About 26 percent of
them are used in phishing
campaigns and 13 percent in spam
campaigns.
![Page 6: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/6.jpg)
Comprehensive Malware Protection
First Layer of Defense:
Global Visibility and
Situational Awareness
![Page 7: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/7.jpg)
Network
Anti Malware
Comprehensive Malware Protection
Second Layer of Defense:
McAfee Advanced Threat Defense
![Page 8: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/8.jpg)
Comprehensive Malware Protection
IPS Web
IPS
IPS
Third Layer of Defense:
Network Threat Protection
![Page 9: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/9.jpg)
Comprehensive Malware Protection
Fourth Layer of Defense:
Comprehensive Endpoint
Threat Defense
![Page 10: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/10.jpg)
Comprehensive Malware Protection
Fifth layer of defense:
Real Time Endpoint Awareness
![Page 11: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/11.jpg)
Comprehensive Malware Protection
Sixth Layer of Defense:
Heal Endpoints
![Page 12: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/12.jpg)
Comprehensive Malware Protection
GTI Seventh Layer of Defense:
Global Threat Intelligence
![Page 13: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/13.jpg)
Multi-Layering Defense | Interconnected
Network
Anti Malware
SIEM
Intrusion Prevention
System
Unified Administration
Web Protection
MOVE AV Application Control
Deep Defender
Email Protection
Security for Microsoft
Exchange
Device Control
Site Advisor
Host IPS
VirusScan
Firewall Enterprise
Data Center Security
Database Security
Mobilty
Device Control
![Page 14: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/14.jpg)
Escena 1
![Page 15: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/15.jpg)
Escena 2
![Page 16: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/16.jpg)
Escena 3
![Page 17: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/17.jpg)
Escena 4
![Page 18: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/18.jpg)
Escena 5
![Page 19: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/19.jpg)
Escena 6
![Page 20: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/20.jpg)
Escena 7
Result: https://www.virustotal.com/en/file/59c878b9daa887167c1857edf1d121dddfa0fb30031058e0d87f46890e7456ad/analysis/
![Page 21: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/21.jpg)
McAfee Comprehensive Malware Protection Solution Overview
FIND
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (ValidEdge)
McAfee Global Threat Intelligence
McAfee Endpoint Agent*
McAfee Web Gateway
McAfee Email Gateway
McAfee Network IPS
McAfee ePO
FREEZE
NSP
Gateways
GTI/LTI
FIX
Automated Host Cleaning (ePO)
Malware Fingerprint
Query (Real Time ePO)
McAfee Advanced Threat Defense
![Page 22: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/22.jpg)
Discovering ZeroDay and Targeted Attacks Live Walkthrough
McAfee Global Threat Intelligence
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (MATD)
Advanced Threat
Defense
JAR Analysis
.exe Analysis
PDF Analysis
3rd Party Threat Data
MFE FINDS VIA CLOUD
Network Threat
Response
LIVE E-MAIL RECEIVED 08-27-2013
URL REDIRECT TO
MALWARE SITE
YOU FIND ON-PREM
![Page 23: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/23.jpg)
Discovering ZeroDay and Targeted Attacks Live Walkthrough
McAfee Global Threat Intelligence
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (MATD)
Advanced Threat
Defense
JAR Analysis
.exe Analysis
PDF Analysis
3rd Party Threat Data
MFE FINDS VIA CLOUD
Network Threat
Response
YOU FIND ON-PREM REPUTATION CHECK OF THE URL PASSES
PAYLOAD APPEARS TO BE A .SCR INSIDE A .ZIP
![Page 24: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/24.jpg)
Discovering ZeroDay and Targeted Attacks Live Walkthrough
McAfee Global Threat Intelligence
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (MATD)
Advanced Threat
Defense
JAR Analysis
.exe Analysis
PDF Analysis
3rd Party Threat Data
MFE FINDS VIA CLOUD
Network Threat
Response
YOU FIND ON-PREM DUE TO ZERO DAY, FEW A/V SIGNATURE CATCHES
![Page 25: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/25.jpg)
MATD OR NTR EXECUTION DEMONSTRATES:
Discovering ZeroDay and Targeted Attacks Live Walkthrough
McAfee Global Threat Intelligence
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (MATD)
Advanced Threat
Defense
JAR Analysis
.exe Analysis
PDF Analysis
3rd Party Threat Data
MFE FINDS VIA CLOUD
Network Threat
Response
YOU FIND ON-PREM
![Page 26: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/26.jpg)
WHAT’S LEARNED THROUGH EXECUTION:
Discovering ZeroDay and Targeted Attacks Live Walkthrough
McAfee Global Threat Intelligence
Efficient AV Signatures
GTI Reputation
Emulation Engine
Target-Specific Sandboxing (MATD)
Advanced Threat
Defense
JAR Analysis
.exe Analysis
PDF Analysis
3rd Party Threat Data
MFE FINDS VIA CLOUD
Network Threat
Response
YOU FIND ON-PREM
![Page 27: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/27.jpg)
Escena 8 (Malware)
![Page 28: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/28.jpg)
October 18, 2013 29
Usar los controles adecuados…
![Page 29: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/29.jpg)
Defending Against Targeted Attacks Requires Lean-Forward Technologies and Processes
![Page 30: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/30.jpg)
Medium Risk High Risk
Global Threat Intelligence and SIEM
McAfee Labs IP Reputation Updates
GOOD SUSPECT BAD
IP REPUTATION CHECK
Botnet/
DDos
Mail/
Spam
Sending
Web Access Malware
Hosting
Network
Probing
Network
Probing
Presence of
Malware
DNS Hosting
Activity
Intrusion
Attacks
EVENT
AUTOMATIC IDENTIFICATION
AUTOMATIC RISK ANALYSIS VIA ADVANCED CORRELATION
ENGINE
![Page 31: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/31.jpg)
Manejo de Eventos…
![Page 32: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/32.jpg)
Priorizar los eventos de seguridad
![Page 33: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/33.jpg)
De arriba hacia abajo…
![Page 34: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/34.jpg)
Si bueno, con quién hablo?
![Page 35: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/35.jpg)
D
User on WinXPHost01
downloads “Windows update”
from fake site. Executes it,
nothing sinister appears.
![Page 36: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/36.jpg)
October 18, 2013 37
Meanwhile, we start to see a
number of potentially malicious
events related to this host on
McAfee ESM.
![Page 37: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/37.jpg)
October 18, 2013 38
Step 1: This external host looks
suspicious. Let's blacklist him.
![Page 38: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/38.jpg)
October 18, 2013 39
![Page 39: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/39.jpg)
October 18, 2013 40
![Page 40: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/40.jpg)
October 18, 2013 41
![Page 41: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/41.jpg)
October 18, 2013 42
![Page 42: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/42.jpg)
October 18, 2013 43
Quarantine successfully
implemented through the McAfee
NSM. Link to C&C host blocked.
![Page 43: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/43.jpg)
Step 2: This internal endpoint appears to have
been compromised. From McAfee ESM we can
lock it down and scan it immediately through
ePO.
![Page 44: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/44.jpg)
![Page 45: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/45.jpg)
Looking at the endpoint, we see
that the firewall started off
disabled.
![Page 46: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/46.jpg)
ePO enables the firewall with a
restrictive policy.
The Trojan is contained on the
endpoint.
![Page 47: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/47.jpg)
Simultaneously, ePO launches
an aggressive scan.
![Page 48: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/48.jpg)
Additional malware on the infected
host discovered and cleaned.
![Page 49: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/49.jpg)
October 18, 2013 50
• ESM Screeenshot to show remediation was successful in SIEM.
Confirmation back in the SIEM.
Remediation complete.
![Page 50: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/50.jpg)
Comprehensive
malware protection,
,
is an orchestrated approach
to protect against malware.
![Page 51: Mc afee conectando las piezas](https://reader034.fdocuments.co/reader034/viewer/2022042607/554a18a5b4c9055c598b5219/html5/thumbnails/51.jpg)
October 18, 2013 52
Referencias de reportes de consumo