cloud sandboxing against advanced persistent attacks · 2017-07-24 · cloud sandboxing against...
TRANSCRIPT
Cloud Sandboxing Against
Advanced Persistent Attacks
Ric Leung
Director of Product Management
Huawei Technologies Co., Ltd.
CANTO 2017
2
Sandboxed Defense
of APTs
Ineffective Traditional
Defenses
Traditional Defenses Are Ineffective Against Advanced Unknown Threats
Intensifying APT Attacks
Frequent Data Leaks
Considerable Financial
Losses
3
Sandbox
Cloud Sandboxing Enables Easy Defense Against Advanced Attacks
Independent from Hardware
and Personnel Requirements
Cost-effective
Detection
Comprehensive
Cloud Security
Efficient
Deployment
Rapid
4
Integrated Cloud Sandboxing Defense System
Cloud Sandbox Imitates an OS
Web Security
Sandbox
PE Security
Sandbox
PDF Security
Sandbox
Cloud Reputation Databases
Web Reputation File ReputationIP Reputation
Cloud Signature Databases
URL DatabaseIPS Signature
Database
Application
Signature Database
Antivirus Signature
Database
Experts Provide
In-Depth Analysis
② Inspect
Administrator
Generate Reports and
Security Posture Awareness④ Review
Query Portal
Cloud Sandbox Detection:
Service
Subscription
Model
NGFW③ Defend
① ReportSuspicious
Files
5
Cloud
Security
Competence
Center
Emulate an actual environment to detect abnormalities
• Detects unknown malicious files, abnormal Command and Control
(C&C)
• Horizontal scalability
• Cloud Sandbox Portal
Cloud Sandbox
Identify reputation values of inspected items
• File reputation
• IP reputation
• Web reputation
Cloud Reputation
Determine information about threats and attacks
• Domain queries
• File queries
• Reputation queries
Cloud Intelligence
Evaluate high-risk items for experts to analyze
• 24/7 professional support
• Important information provided for expert
manual analysis
Cloud Experts
Assess network security situation
• Visual display of network-wide known and
unknown threats
• Visual display of network-wide attacks
• Network-wide security posture awareness
Cloud Security Posture
Cloud Sandbox Security Capabilities Are Continually Updated
6
Rapid
Deployment
Network-wide
Detection
Threat
Visualization
Ecosystem
Partnerships
Advantages of Cloud Sandbox
7
Sandbox Devices Cloud Sandbox
• Specific device protection
• Online device
deployment
• Expert administrators
• Configuration and
maintenance
• Upgrades and expansion
• Uses existing network
security devices
• Service subscription
• Zero configuration
• Expert analysis available
anytime
Rapid Deployment: One-click Advanced Threat Defense Subscription
8
ServersNetwork security devicesTerminals
Associated Devices
Blocking Isolation Signature update
Associated Policies
Notification
Auto-Synchronization Policy Delivery
Network-wide Threat Posture
• Overall security ratings
• City threat levels
• Rankings of assets by risk
• Rankings of countries by attack origin
frequency
• Rankings of events by handling priority
Agile Controller
Threat Visualization: Real-time Security Posture Display and Threat Prediction
9
Identifiable File
Types
Simulated OSs
Simulated
Browsers
Simulated Office
Versions
Identifiable
Protocols
Simulated Adobe
Reader Versions
HTTP SMTP POP3 IMAP FTP HTTPS
EXE Office PDF JS WPS RAR
XP Win 7 Win10
IE Firefox Chrome
2003 2007 2010 2013 2016 WPS
R8 R9 RX RXI
40+ types
• Cloud sandboxes can detect many file types and
simulate many OSs.
• Ensures sandbox detection is accurate and
comprehensive
Network-wide Detection: Leaves Unknown Threats with Nowhere to Hide
10
Minute-level global
synchronization of cloud threat
information as it is perceived
Cloud sandbox
detection rate
Intelligence Sharing: Defends Against the Latest APT Attacks
11
Cloud LocationsCurrently: China and Germany
Planned: Ireland, Japan, North America, and Australia
Evolution of Huawei’s Cloud Sandbox Deployment Around the Globe
Cloud Sandbox Portal: sec.huawei.com
North America
Australia
China JapanGermany
Ireland
Copyright©2017 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without
limitation, statements regarding future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could cause actual
results and developments to differ materially from those expressed or implied in the
predictive statements. Therefore, such information is provided for reference purposes
only and constitutes neither an offer nor an acceptance. Huawei may change the
information at any time without notice.
Thank You.
All logos and images displayed in this document are the sole property of their respective copyright holders. No endorsement, partnership, or affiliation is suggested or implied.