Upload
lamduong
View
219
Download
0
Embed Size (px)
Citation preview
Best Practice Update for Data Securityp y
Bob Hansmann - Sr. PMM, Websense Security LabsO t b 2012October 2012
© 2012 Websense, Inc. Proprietary and Confidential 1
Seven Advanced Threat Stages
Lure Redirect ExploitKit
DropperFile
CallHome
DataTheft
Recon
© 2012 Websense, Inc. Proprietary and Confidential
Seven Advanced Threat Stages
AWARENESS• Web & Email• Facebook,
Blogs, TweetsSpear phishing• Spear-phishing
• Trusted entry• Targeted
LureReconTargeted
• Dynamic• Timed
© 2012 Websense, Inc. Proprietary and Confidential
Seven Advanced Threat Stages
REAL-TIME ANALYSIS• Browser code &
active scriptsLi k l i• Link analysis
• Exploit analysis• Composite
Redirect ExploitKit
• Composite scoring/ratings
• Predictive
© 2012 Websense, Inc. Proprietary and Confidential
Seven Advanced Threat Stages
INLINE DEFENSES• App analysis• Malicious PDFs
M lti l AV• Multiple AVs• File compress.• Dynamic DNS
DropperFile
CallHome
• Dynamic DNS• Botnet & CnC
comms
© 2012 Websense, Inc. Proprietary and Confidential
Seven Advanced Threat Stages
CONTAINMENT• Data theft
defenses• Embedded DLP
Data capture• Data capture• Geo-location• Forensic details
DataTheft
Forensic details & reporting
• Alerts/severity
© 2012 Websense, Inc. Proprietary and Confidential
Ad d Th t T h iAdvanced Threat Techniques
Evading Detection
© 2012 Websense, Inc. Proprietary and Confidential 8
Password File Data Theft
• Password files• Active Directory/SAM databasey• Expand reach/control within target• First priority once insidep y
Web
© 2012 Websense, Inc. Proprietary and Confidential 9
Web
Non-Document Data Theft
• Image files• Confidential information • Smart phone pictures• Blind spot for defensesp
Web
© 2012 Websense, Inc. Proprietary and Confidential 10
Web
Slow Data Leaks
• Remain below the radar• Low record count per request/incidentp q• Steal data in small chunks• Persistence and patiencep
O d t O d t
Web
One datarecord
One datarecord
© 2012 Websense, Inc. Proprietary and Confidential 11
Web
Custom Encrypted Uploads
• Proprietary encryption• Cloak comms & data theft• Crimeware toolkit enabled• Blind spot for defensesp
Web
© 2012 Websense, Inc. Proprietary and Confidential 12
Web
Email Security Evasion
• Spear-phishing technique• Embedded web link in email lure• Time malware infection after delivery• Email security sees a clean linky
Sunday Monday
TargetWeb Site
OK
Target SiteInfected 4am
© 2012 Websense, Inc. Proprietary and Confidential 13
WebEmailSecurity
OK Web
Recent Example – 6 July 2012
• Financial notification• Appears as payroll relatedpp p y• Debit to bank account• Online transaction reportp
© 2012 Websense, Inc. Proprietary and Confidential 14
C t R i tCustomer Requirements
Top Security Requests
© 2012 Websense, Inc. Proprietary and Confidential 15
Protection & Containment
One datarecord
CriminalEncryptedUploads
PasswordFile Data
Theft
ImageOCR/TextAnalysis
Drip (Stateful)
DLP
Cloud Sandboxing
for Emailp y
Monday
Target SiteInfected 4am
Real-time web security
analysisRedirect
Monday
Wrapper
© 2012 Websense, Inc. Proprietary and Confidential 16
WebWrapper
Multi-channel Threat Monitoring
I d S iI d S iIntegrated SecurityIntegrated Security
© 2012 Websense, Inc. Proprietary and Confidential 19