© 2013 at&t intellectual property. all rights reserved. at&t, the at&t logo and all...
TRANSCRIPT
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Advanced Persistent Threat Assessment Services
AT&T Security Solutions
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
2
APT Attacks on the Rise
2/10 3/10 4/10 5/10 6/10 7/10 8/10 9/10 10/10 11/10 12/10 1/11 2/11 3/11 4/11 5/11 6/11 7/11 8/11
Stolen search source code (Operation
Aurora – APT)
Stuxnet disables Iranian nuclear power plant
(APT) Major data breach
Anonymous attacks (DDOS)
Stolen records (APT)
APT event
Major Breach
Major Breaches (DDOS/APT)
LulzSec Posting
Egypt Breach
WikiLeaks revenge (DDOS)
Russian APT (Lurid/APT)
Google Citi
Visa
PayPal
MasterCard
RSA Lockhead Martin
SONY
Oak RidgeNational
Laboratory
PBS
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
3
Advanced Persistent Threat -Definition
Advanced• Taking advantage of latest techniques • Leverages Open Source Intelligence and Social Networks• Usually involves knowledge of specific operating system or application compromises• Code Reversing and Fuzzing techniques can help locate unique weaknesses in
specific targeted systems
Persistent• Intent dedication –resilience even after system reboot• Almost always has a (C&C) Command and Control capability• Patient / Latent ability … can go to sleep for months
Threat• Signatures / Vectors
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Reconnaissance
Initial Intrusion into the Network
Establish a Backdoor into the Network
Obtain User Credentials
Install Various Utilities
Privilege Escalation / Lateral Movement / Data Exfiltration
Maintain Persistence
APT Attack and Exploitation Lifecycle
4
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
5
Key Targets and Threats
Asset What's at risk?
Security ControlsCompromising integrity of security controls leads to unending challenges. Knowledge of security controls could reveal vulnerabilities that facilitate ongoing criminal activity.
Business Operations Gain insider and administrative access to monitor or change operations environment. Compromised control of production or test networks and elements could cripple operations (loss of operating integrity).
Financial information Use not-yet-disclosed financial information.
Intellectual Property Use, sell, release intellectual property.
Business Strategy Loss of competitive advantage.
Brand Loss of market share due to damaged brand reputation (e.g., Avoid your.com, they have leaky security).
Employee Information Impersonate authorized users, effect information disclosure.Conduct focused phishing efforts, Identity theft.
Customer InformationObtain customer information for sale or other use.Lose market share if customers perceive we are bad at security.Loss of customer because they are put out of business by APT.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
6
Valid, high impact risk• Targets your core valuables, your security• Persistent, stealthy, controlled, exfiltration
Needs focused, ongoing action• Step Up Your Game• Take actions that Prevent, Detect and Respond
Reduce the attack surface and inevitable response time• Focus on your key targets• Incremental, actionable approaches (existing, new)
Advanced Persistent Threat What you should know
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Features and Potential Benefits
The review covers three main areas of interest: • Operational Readiness Review• Network Architecture Assessment • Social Engineering Review
This assessment helps you:• Assess how prepared your organization is to detect and respond to a
targeted or advanced threat• Identify vulnerabilities in your security which could be used by a
sophisticated actor to gain access• Heighten the capabilities of your team to respond to a targeted cyber attack
7
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
How can you prepare?
Monitor and address Advanced Persistent Threats in real-time
24/7/365
Get visibility into threats beyond the
edge of your network
Get visibility and analysis into what’s happening inside
your network
1 2 3
8
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
9
APT Preparedness Assessment
• Evaluates your organization’s ability to detect, resist and respond to a targeted or advanced threat.
• Helps organizations understand their exposure to targeted threats, including Advanced Persistent Threats (APT), and take action to reduce their risk of compromise.
• Assessment Components– Target Definition– Operational Readiness Review– Network Architecture Review– Social Engineering Assessment
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
10
• Identify and classify business assets and data stores
• Conduct vulnerability assessment across critical infrastructure
• Quantify risk with highest value assets and highest vulnerabilities atop the list
• Review security measures protecting critical business assets
APT Preparedness Assessment Steps
• Identify incident response team (including legal and business owners)
• Communication plan, including law enforcement if necessary
• Schedule/conduct incident response dry run
• Identify key individuals most likely to be the target of social engineering attacks (due to high levels of access)
• Implement aggressive access control by restricting network access of key individuals to ‘business need to know’
• Employee training- Prioritize high-risk individuals and work groups
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
11
Elevator Pitch
Correlate your current state to the risk from Advanced Persistent Threat (APT) actors
Questions on your Business Client’s mindHow do I protect my organization and its assets?What organized elements may be targeting our organization? How can we detect Advanced Persistent Threats when they strike?How do we determine if our organization has already been compromised?How vigilant are our employees to the types of methods APT actors may use?
What would motivate an adversary to target your organization
Assess your current state and
assets1
Identify risk from Advanced
Threats2