© 2013 at&t intellectual property. all rights reserved. at&t, the at&t logo and all...

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

Advanced Persistent Threat Assessment Services

AT&T Security Solutions


2

APT Attacks on the Rise

2/10 3/10 4/10 5/10 6/10 7/10 8/10 9/10 10/10 11/10 12/10 1/11 2/11 3/11 4/11 5/11 6/11 7/11 8/11

Stolen search source code (Operation

Aurora – APT)

Stuxnet disables Iranian nuclear power plant

(APT) Major data breach

Anonymous attacks (DDOS)

Stolen records (APT)

APT event

Major Breach

Major Breaches (DDOS/APT)

LulzSec Posting

Egypt Breach

WikiLeaks revenge (DDOS)

Russian APT (Lurid/APT)

Google Citi

Visa

PayPal

MasterCard

RSA Lockhead Martin

SONY

Oak RidgeNational

Laboratory

PBS


3

Advanced Persistent Threat -Definition

Advanced• Taking advantage of latest techniques • Leverages Open Source Intelligence and Social Networks• Usually involves knowledge of specific operating system or application compromises• Code Reversing and Fuzzing techniques can help locate unique weaknesses in

specific targeted systems

Persistent• Intent dedication –resilience even after system reboot• Almost always has a (C&C) Command and Control capability• Patient / Latent ability … can go to sleep for months

Threat• Signatures / Vectors


Reconnaissance

Initial Intrusion into the Network

Establish a Backdoor into the Network

Obtain User Credentials

Install Various Utilities

Privilege Escalation / Lateral Movement / Data Exfiltration

Maintain Persistence

APT Attack and Exploitation Lifecycle

4

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7


5

Key Targets and Threats

Asset What's at risk?

Security ControlsCompromising integrity of security controls leads to unending challenges. Knowledge of security controls could reveal vulnerabilities that facilitate ongoing criminal activity.

Business Operations Gain insider and administrative access to monitor or change operations environment. Compromised control of production or test networks and elements could cripple operations (loss of operating integrity).

Financial information Use not-yet-disclosed financial information.

Intellectual Property Use, sell, release intellectual property.

Business Strategy Loss of competitive advantage.

Brand Loss of market share due to damaged brand reputation (e.g., Avoid your.com, they have leaky security).

Employee Information Impersonate authorized users, effect information disclosure.Conduct focused phishing efforts, Identity theft.

Customer InformationObtain customer information for sale or other use.Lose market share if customers perceive we are bad at security.Loss of customer because they are put out of business by APT.


6

Valid, high impact risk• Targets your core valuables, your security• Persistent, stealthy, controlled, exfiltration

Needs focused, ongoing action• Step Up Your Game• Take actions that Prevent, Detect and Respond

Reduce the attack surface and inevitable response time• Focus on your key targets• Incremental, actionable approaches (existing, new)

Advanced Persistent Threat What you should know


Features and Potential Benefits

The review covers three main areas of interest: • Operational Readiness Review• Network Architecture Assessment • Social Engineering Review

This assessment helps you:• Assess how prepared your organization is to detect and respond to a

targeted or advanced threat• Identify vulnerabilities in your security which could be used by a

sophisticated actor to gain access• Heighten the capabilities of your team to respond to a targeted cyber attack

7


How can you prepare?

Monitor and address Advanced Persistent Threats in real-time

24/7/365

Get visibility into threats beyond the

edge of your network

Get visibility and analysis into what’s happening inside

your network

1 2 3

8


9

APT Preparedness Assessment

• Evaluates your organization’s ability to detect, resist and respond to a targeted or advanced threat.

• Helps organizations understand their exposure to targeted threats, including Advanced Persistent Threats (APT), and take action to reduce their risk of compromise.

• Assessment Components– Target Definition– Operational Readiness Review– Network Architecture Review– Social Engineering Assessment


10

• Identify and classify business assets and data stores

• Conduct vulnerability assessment across critical infrastructure

• Quantify risk with highest value assets and highest vulnerabilities atop the list

• Review security measures protecting critical business assets

APT Preparedness Assessment Steps

• Identify incident response team (including legal and business owners)

• Communication plan, including law enforcement if necessary

• Schedule/conduct incident response dry run

• Identify key individuals most likely to be the target of social engineering attacks (due to high levels of access)

• Implement aggressive access control by restricting network access of key individuals to ‘business need to know’

• Employee training- Prioritize high-risk individuals and work groups


11

Elevator Pitch

Correlate your current state to the risk from Advanced Persistent Threat (APT) actors

Questions on your Business Client’s mindHow do I protect my organization and its assets?What organized elements may be targeting our organization? How can we detect Advanced Persistent Threats when they strike?How do we determine if our organization has already been compromised?How vigilant are our employees to the types of methods APT actors may use?

What would motivate an adversary to target your organization

Assess your current state and

assets1

Identify risk from Advanced

Threats2


12

© 2013 at&t intellectual property. all rights reserved. at&t, the at&t logo and all...

Documents

att marks

att logo

respective owners

apt attacks

ongoing action step

persistence apt attack

security persistent

fuzzing techniques