TechTalk December 2015
Issue 1
TECHNOLOGY ON TOUCH
Cloud Computing
2
Technology Magazine
FOREWORD RENATO UHL, CEO REAL SECURITY D.O.O.
Dear customers, partners and IT professionals,
that hides within authorized software in a computer’s operating system, which allows hackers undetected operation while stealing information, monitoring user actions, modifying programs, or changing security settings to enable remote control. The lists of techniques are even much longer and, believe us, those financial institutions, governments, companies and private users in our region are no exception.
Welcome to our 7th issue of REAL SECURITY INFO MAGAZINE. The biggest asset of every company is knowledge and information. We got a lot of funny looks 13 years ago, when we started talking about cyber criminals and data protection. At the time we only saw problems with computer viruses, which gave a lot of headache to companies and private users. Everybody was looking for a good AV protection or, in some cases, basic firewall. But those times are definitely gone! Believe me, right know when you are reading this article, someone is stealing or compromising your company data. You do not believe me, well after more than 20 Advanced Persistent Threat tests we did in last period, we found out that 97% percent of all tested companies were already infected with malicious code, in some cases with malicious scripts dedicated specifically for those companies and their networks. And these are the facts and reality of today’s threat landscape. Every organization is a potential victim. All organizations have something of value that is worth something to others. If you openly demonstrate weaknesses in your approach to cyber security by failing to do the basics, you will experience some form of cyber attack. Every organization connected to the Internet should assume they will be a victim sooner or later. Malicious hackers today compromise enterprises and private users remotely each day, every hour. Cybercriminals launch sophisticated new attacks, their main goal is gaining access to credit
Mainly businesses, focused on sustaining profitable operations, lack the deep skills needed to protect critical information and infrastructure from sophisticated attacks. Often a business cannot recognize when it is under attack, or it does not have the skills to identify and locate malware infections. This is not the intention of the hackers. card numbers, account usernames and passwords, personal identities, proprietary information and other valuable data. Lately IT security industry is talking about Advanced persistent threats. They are an increasingly common form of complex and directed attacks that use insidious techniques for gaining access to privileged systems and maintaining that access until all of the attackers’ objectives have been met. New hybrid threats combine several forms of malware into one very malicious payload. A single blended virus infection may include key loggers to get to passwords, then steal sensitive financial information, email, and corporate secrets, or turn a system into a spam zombie in a botnet. Polymorphic malware is designed to update after each use and, by changing its online fingerprint, it will escape detection by commercial anti-virus defenses that use signatures to identify and block malware. Rootkits - invisible malware
A proper defense against malicious information attacks starts by educating businesses and users on the nature of malware threats. That is why we are publishing REAL security info magazine for decision-makers to help effectively plan malware defenses by providing critical information on how cybercriminals operate. P.S. For those who know us for many years it will appear strange that this issue is written in English language, but with our expanded operations in Adriatic region with more than 7 different languages we are obliged to share this issue and all the others in English language, so every one can enjoy it. Hope You will find useful info inside and hope to see You in person at our 11th annual security conference RISK 2016, which will take place in beautiful congress center Thermana in Laško in the centrum of beer production in Slovenia.
Technology Magazine
3
4
Technology Magazine
Technology Magazine
5
EDITORIAL MR. ROBERT LUBEJ
R&D DIRECTOR REAL SECURITY D.O.O.
An editorial, or whatnot
All beginnings are in a past. Take a look back at editorials in IT security magazines from one, two, three, five, eight, maybe even ten years ago. Maybe this same publication, but from five or six years ago. 6
Technology Magazine
Welcome to this realm! So, this paper or a tablet held in your hands and words on it scanned by your eyes, it is a collection of modern IT security writings. Not all of them, not a majority of them, not even only the most important of them, because in each of this cases it would be about a gazzilion pages. But, being in a business for a decade and a half, we’ve got a pretty good insight of what’s important, how to cover all of your perimeter. So here we tried to select for you some of the currently most important issues. You can use this publication as an oversight to see if there’s anything you are missing. And also as a simple learning tool before delving deeper in one or two of the specific issues. The articles were mostly written by the professionals we represent, not by us. But there also has to be an intro, or overview, an editorial or something, so let’s start. All beginnings are in a past. Take a look back at editorials in IT security magazines from one, two, three, five, eight, maybe even ten years ago. Maybe this same publication, but from five or six years ago. Do you see how much they have changed? No, you don’t, because, well, they haven’t changed that much, if at all. Oh, some specifics are different, things came, some stayed and some went away. In 2010 reading off a tablet was still a novelty to some degree, nowadays everyone and their grandmother does it. Antiviruses as a standalone security solution are a relic of past mentioned just as a joke. Firewalls are like fences around our houses, they have to be there just because it’s a norm, but in reality they don’t stop the ones who are really trying to get in. Commercial vendors promised us hell and heaven, corporate pages bombarded us weekly with announcements of revolutionary security innovations which in the end did not really revolutionize anything. And so
on, and so on. Following PR articles you thought to yourself – “man, everything is moving on with lightning speed, it will be fantastic”! But in truth, IT security has not changed that much. Well, techniques or algorithms and appliances, yes, so maybe we need to say – changed it hasn’t changed the playfield that much. And neither did we, or your average source of information, a fictional “IT Security Daily”, they are still the scaremongers or the warmongers they used to be. Like your standard ofthe-shelf religion, they, or we, whomever you designate as an origin, are foretelling the end of the world, ordering you what to do and what not to do, if you don’t want to end up in hell, praise the security or face eternal suffering! Scaring you with millions of bad things. The dangers, they say, are everywhere, don’t you dare and step more than one meter off the designated track, there be monsters. And in the end they tell you, if you will be good and your security flawless and you will work hard and be stressed out at least eight hours a day, better times will come. Probably a few months after your retirement, but hey, it will be great. So maybe that’s why we are or should, here, try to approach the problem differently. This is what IS different. Of course, it has not happened over night, it took years. What is different, I think, well I probably read somewhere else, is we should not scare you, but we should say: don’t be afraid, IT security has failed our expectations, but it is OK, because the problem is not IT security, the problem lies within our expectations. Because the state of modern security is such, that we should accept an attack has already breached a perimeter. Sooner or later it will happen. And it’s not a problem, because, firstly, there are traditional solutions – yes,
True, we represent it as a solution for commercial development teams, but it starts with individuals developing for mobiles. That should be covered too, because otherwise, if your people are using BYOD in your network, and all kinds of apps on them, and business apps have an application security certificate but others don’t, then you are just at the same threat level as before antivirus or firewall or something similar – that are good at stopping most common attacks, but not all. You should use them, but not bother with them very much. And then think of what’s most important for you, for your business, in your environment, an environment which will probably be breached. And use one or more of the modern technics described in this publication to counter those threats; probably more. Be it that you must protect privileged accounts, your application development process, maybe you do forensics, or just collect and store gigabytes of security information daily. It’s all there. This is what is different from half or full a decade ago – find your focus, protect what’s important to you, but don’t panic. So, how to get there? Unfortunately we can’t tell you, we can just give you the pointers, the technologies and the vendors, some are presented here, others on our web pages. Start for yourself, maybe by thinking globally of changes in the last decade. For instance - one thing new, well, not new, but finally in the limelights of worldwide security theatre, is cyber warfare. Yes, it has been mentioned before and probably even happened, but now, in an age called AES or “After Edward Snowden” we hear about it weekly or even daily. If you are part of or working for governmental organizations, then that’s your concern, hiding the data, strengthening the perimeter. If not cyber warfare, then maybe closely related cyber espionage affects you, and you still need to protect your business secrets. One kind of solution, that might become a must for most of you inside your perimeter, is Advanced Threat Protection. It uses sandboxing to simulate what objects like documents and code, that enter a network, really,
really do once inside. And therefore it is an essential help by lowering the risks, blocking and mitigating advanced threats that breached your network. So, think about about protecting your data even as an individual. Another thing, related mostly to us as individuals, but tightly connected to classical IT security on one side and cyber warfare / espionage / state surveillance, is of course privacy. Just as I was writing this I read about EU Court rejecting the “Safe harbor” provision, meaning it might now actually become illegal for U.S. companies to store personal data of E.U. citizens in U.S. territory, which has been a norm since 2000. If privacy is your concern, concentrate on PKI, digital identity management, DLP or privileged accounts. Are you hiring contractors who work on your systems using privileged accounts? Maybe there has come been some damage, maybe lots of time you are performing investigations on some incidents? Then the digital forensics is what you should examine first. Otherwise, if you have a large IT environment with rows and rows of sensors giving out tons of outputs, that is too much data to investigate with forensic tools. You must gather lots of event data and analyze it using big data technics – turn to the SIEM solutions. Web and email are a norm for businesses, but still, if you think you have not secured these systems enough, forget about everything else for now and look into content security and gateway security. From here we get to mobile devices – namely smartphones of all makers, OSs and formats, and also tablets. Mostly they are tightly connected to networks and clouds through millions of apps, but we do not know how this apps
communicate. The disintegration of Safe Harbor Provision might have a big effect on smartphones, lots of your personal data is usually sent to some cloud, at least pictures, etc., and we’ve seen it with Apple, no matter what they say, they will probably never be able to provide 100% security. And with the provision gone, they might have a big problem operating as before. The problem with mobiles is, they are essential to us, but the apps for them are written by almost everybody, and we use lots them. For all mobile devices it goes that the security for them is not really regulated. While Apple’s official app store is more tightly regulated, nobody really requires of app developers a certificate that the app code was scanned by some application security tools. And then you are actually trusting the device, with which you probably cannot function through a day, to an unknown developer, not knowing what it could do to your most important secrets or if it has significant flaws. Application security is extremely important. True, we represent it as a solution for commercial development teams, but it starts with individuals developing for mobiles. That should be covered too, because otherwise, if your people are using BYOD in your network, and all kinds of apps on them, and business apps have an application security certificate but others don’t, then you are just at the same threat level as before, unsecure. And so on, and on, and on, we can visit all the aspects of IT security covered here, or maybe not. So, please try to identify the IT security fields on the following pages, those that are important to you. But try to relax and not to think about everything at once. Stay safe out there, but enjoy it, don’t let us scare you, otherwise life is not worth it!
Technology Magazine
7
ACADEMIC OPINION
Jarno Limnéll
Professor of Cyber Security in Aalto University in Finland and Vice president in Insta Group Ltd.
at the technical level and an operational standpoints cannot be overlooked. Because the strategic level does not have a full understanding of necessary practical tasks and cyber challenges, that affect the company’s daily operations at the technical level, the strategy process should be realized through collaboration and dialog that encompasses the entire company. Communication among all of the organization’s actors and reference groups is central in complexity management and response to problems. This enables harnessing of all expertise in problem-solving, and concerns are handled comprehensively.
AN ACADEMIC VIEW ON Cyber Strategy? Many companies have considered how planning and implementing a cyber-strategy can best be achieved. Often the issue is approached from the wrong end: technology. Building a company’s security begins at a strategic level, producing a relatively abstract vision that is molded at the operational level into proscribed operating instructions: a security and enablement plan. Technical realization of the strategy is carried out at the technical capability level. Cyber strategy therefore “flows” into the organization, and a cybersecurity approach is then taken into consideration in all areas of business operations. This does not mean, however, that cyber strategy is solely dictated from the top down. Although development of the cyber security plan is not driven by technology, but rather by the company’s business process and effort to maintain it and make it more efficient, know-how
8
Technology Magazine
When cyber security is viewed as a strategic-level issue, the company’s management commits to the security process and responsibility is placed at the correct level. It also enables centralized cyber security management. The goal is effective production of security, decreasing human errors and ensuring quality production. From the standpoint of the company, pivotal decisions must be made at the strategic level, so senior management and the management group must recognize the central role of cyber security in business operations. Focal questions to consider are: •
How do realized or possible cyber-attacks affect both, the company’s operating methods, and the entire industrial field or business operations environment?
•
How do they affect decisions about business operations?
•
How should business operations be organized so that positive opportunities in the cyber world can be exploited in a secure manner?
The balance is to be found between opportunities offered by the digitalization and risks that it entails. Risks related to exploiting opportunities become an area of concern for the company; the more opportunities it tries to utilize, the more risks related to the cyber world must be considered. Which
of the digital domain’s opportunities are taken into consideration and how they are perceived is company-specific. Opportunities appear different in companies of different sizes, fields, business concepts and operating environments. Alongside objective assessments and calculations, subjective interpretation and feelings direct recognition of opportunities. The same effect of subjectivity also pertains to threats and risks in the cyber world, even though there are different risk-mapping models to support strategic thinking. As we know, there is no such thing as perfect cyber security; failures and system malfunctions are unavoidable. Still, cyber security measures can prevent interruption or cessation of business operations during disruptions and enable rapid recovery from setbacks. There are no right or wrong solutions to cyber security problems, only better or worse ones. Solutions, tailored for specific problems, always lead to new types of problems and challenges. An agile and balanced cyber strategy helps to predict difficulties that may occur. It offers an existing framework, that can be used to begin solving problems, and that clearly defines each actor’s responsibilities and cooperation models and also creates structures for collaboration. Cyber strategy provides direction in wrestling with constantly changing situations. Mapping out opportunities in the cyber world begins from the current state of the company and its operating environment. Management should have a clear understanding of what opportunities opened up by digitalization the company already utilizes, which have succeeded and where there is room for improvement. Management should also decide what new opportunities the company will try to adopt in the short-
term. Mapping out the situation and assessing which options can realistically be implement is time-consuming. Utilization of all potential opportunities is not desirable. Instead, the company should examine which ones are bestsuited to its own operating principle and core expertize, meet the needs of customers and make sense financially. The current operating environment affects assessment of whether opportunities can realistically be implemented, but it should not overly limit the vision. The operating environment can be changed, which may mean redesigning and reorganizing business operations. In order to direct strategic tasks, company management should in fact have a longer-term vision of the direction it wants business operations to take in a world that is more and more digitalized and intertwined. In strategy work the company’s strengths and opportunities, brought to light in the mapping phase, are balanced with the cyber world’s threats and risks. The cyber threat model is broad-ranging and constantly changing shape, so the company cannot defend against all possible threats. Some of the threats in the cyber world, like cyber warfare or terrorism, affect business operations only indirectly. Companies prepare for them primarily by focusing on the most probable threats, for example various types of cybercrime. The breadth of the threat model requires cooperation and collaboration among various actors in the cyber ecosystem, in which “tending to one’s own land” plays an important role. Company management should know how to choose the primary threats they will prepare for and defend against from, amongst an infinite number of cyber threats. Once again, choices
are made based on the company’s and its operating environment’s current situation. The company must prioritize the assets it will protect, and the most severe threats against them. The most obvious or visible threat is not necessarily the most serious from the standpoint of the company’s operations. Alongside a cyber-threat matrix there must be an assessment of how forcefully each threat targets the company, how probable it is that the threat will be realized, and how much damage it would cause. In addition to an overall risk evaluation, risks are mapped out for each opportunity in the cyber world that can realistically be exploited. Decisions are made based on the risk map about which opportunities will be pursued and which will be passed over, how and when they will be undertaken, and what types of cyber security solutions will be required. The end result of strategic planning is a balanced cyber strategy that enables the company to successfully assess opportunities in the world of bits. At the same time it directs the company’s cyber security work, defines its goals and creates the structures that will be used to manage the continuing cyber security process. Centralized cyber security management always requires up-todate situational awareness. Situational awareness starts through the company’s reference groups. It can be maintained if cyber strategy has clearly defined structures and processes for gathering information about the company itself and its environment, interpreting the acquired data and adapting it into practical operating methods. Jarno Limnéll Professor of Cyber Security in Aalto University in Finland and Vice president in Insta Group Ltd.
Technology Magazine
9
10 Technology Magazine
CLOUD COMPUTING
A LESSON IN UBIQUITY
“The average number of new SCADA/ICS devices found every day is typically between 2000 and 8000. So far we have collected over 1,000,000 unique IP addresses that appear to belong to either SCADA and control systems devices or related software products1”.
We are all users of the cloud. At least according Citrix Cloud survey in which “the majority of Americans (54%) claim to never use the cloud, however 95% of those who think they’re not using the cloud, actually are.” What this particular survey demonstrated was the ubiquitous use of cloud computing within our daily lives is almost complete, from storing photographs, playing online games, to accessing email. Indeed the use of cloud is absolutely necessary to support the multitude of connected devices we are buying and allocating IP addresses to. Where once the home consisted of a single desktop, and a dial-up modem to connect to the internet; I know many people with over 30 devices in the home (and one with almost 80). These connected devices these go beyond the traditional IT devices such as laptops, tablets, smartphones, etc. This is illustrated by the results of Project SHINE (SHodan INtelligence Extraction) that clearly demonstrates the types of devices and their functions are clearly evolving, and fall well outside of the traditional IT devices. Designed to understand the SCADA (Supervisory Control and Data Acquisition), and ICS (Industrial Control System) that are
accessible from the Internet, it was reported as of September 2013 that “The average number of new SCADA/ICS devices found every day is typically between 2000 and 8000. So far we have collected over 1,000,000 unique IP addresses that appear to belong to either SCADA and control systems devices or related software products1”. When we consider the types of devices that are being discovered, these include: -
medical devices,
-
traffic management systems,
-
automotive control,
-
traffic light control (includes redlight and speeding cameras),
-
HVAC/environment control,
-
power regulators/UPSs,
-
security/access control (includes CCTV and webcams),
-
serial port servers (many of which include Allen-Bradley DF1 capable protocols), and
-
data radios (point-to-point 2.4/5.8/7.8 GHz direct-connected radios).
Technology Magazine
11
The benefits cloud can have to businesses is well documented. There is however an emerging trend with cloud computing being offered for critical operations. Such offerings were documented by Trend Micro in their Whitepaper entitled “SCADA in the Cloud; A security conundrum2?”, that included two architectures, one that includes the ability to support SCADA applications deployed on premise to push data to the cloud for analytics, and further access. An alternate architecture allows SCADA applications hosted entirely within the cloud. Of course each scenario has its own advantages and security risks. In the first scenario, there is the risk of data being compromised (Confidentiality) within the cloud. These risks can either be for the data stored, or the data in transit (whilst being transferred between the application and cloud). The command and control element remains on premise, so the existing risks associated with securing a SCADA/ICS environment remains. In the latter example however, there are additional risks that include data interception, but the implications are more significant than the first example. Whilst of course confidentiality is a concern, there is also the risk of data
being intercepted, modified and replayed. This of course introduces integrity risks, and the prospect of devices accepting unauthorized commands.
“typical new in-house SCADA system for a small water treatment facility can have an upfront capital cost of about $11,500 for software, computer, telemetry, programming and setup. Compared to the initial approximate $1,600 cost of getting started with a cloudbased SCADA system, users can achieve about 90 percent reduction in costs3”.
Whilst such risks will likely raise significant concerns, the cost savings can be remarkable; for example a “typical new in-house SCADA system for a small water treatment facility can have an upfront capital cost of about $11,500 for software, computer, telemetry, programming and setup. Compared to the initial approximate $1,600 cost of getting started with a cloudbased SCADA system, users can achieve about 90 percent reduction in costs3”. This example is just the tip of the iceberg, with many automation companies expanding their portfolio for critical infrastructure customers to leverage cloud computing. Such savings have begun to catch the attention of Critical infrastructure providers, and whilst the migration to full management from the cloud is not yet ubiquitous the market has begun to provide such offerings. This represents new challenges in the security of cloud computing, a technology that has been criticized as not providing enough transparency.
Developing transparency is critical and in order to do that we need a bigger platform – for more information we can start here: www.amazon.co.uk/CSA-Guide-Cloud-Computing-Implementing/ dp/0124201253/ref=sr_1_1?s=books&ie=UTF8&qid=1444594063&sr=1-1&keywords=samani Raj Samani (Twitter@Raj_Samani) Eric Byrers. Tofino. “Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting”. September 2013 [cited December 2013]. Available from: www.tofinosecurity.com/blog/ project-shine-1000000-internet-connected-scada-and-ics-systems-and-counting 1
Kyle Wilhoit. Trend Micro. “SCADA in the Cloud; A security conundrum?” published 2013 [cited December 2013]. Available from: www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/ white-papers/wp-scada-in-the-cloud.pdf 2
Waterworld. “Cloud-Based SCADA Offers Alternatives to Traditional Systems”. [cited December 2013]. Available from: www.waterworld.com/articles/print/volume-28/issue-10/editorial-features/cloud-basedscada-alternatives-traditional-systems.html 3
12 Technology Magazine
Technology Magazine
13
14 Technology Magazine
with
David G. DeWalt
CEO from FIREEYE, who has been named one of the 25 most influential executives in high technology.
D
ave DeWalt’s expertise in the areas of cyber security and technology promise a timely and enlightening address. David G. DeWalt is chief executive officer and chairman of the board of FireEye Inc. He joined FireEye, a leading cyber security company, as board chairman in June 2012 and was appointed chief executive officer in November 2012. FireEye today has more than 2,500 employees worldwide and over 3,100 customers across more than 67 countries, including over 200 of the Fortune 500. As a result of this unprecedented success, FireEye has become a focal point for the media, industry analyst and investor communities that follow the world of cyber security.
In 2009, DeWalt was named one of the 25 most influential executives in high technology by the readers of the industry publication CRN. He has spoken at the World Economic Forum on the issue of cyber security and keynoted at several technology industry conferences, he was appointed by President Barack Obama to the National Security Telecommunications Advisory Council (NSTAC) in 2011. We asked Mr. DeWalt to give us an interview on CYBER security landscape today and tell us a little more about FireEye approach to tackle today’s threats. Mr. DeWalt, why are organizations not winning the fight against attackers? “Over the past two decades, our Mandiant services team has had the privilege of responding to hundreds of computer security breaches. We have spent over a million hours on the front lines combatting the most advanced computer intruders, assisting organizations in responding to the attacks. These experiences have provided us the opportunity to become intimate with the challenges organizations face when
Technology Magazine
15
confronting cybersecurity threats. They also provided the best vantage point for us to observe the current state of the threats attacking organizations. Our most telling conclusion is that today’s cyber-attacks circumvent even the most secure organizations. These highly security-conscious organizations implement programs with numerous products, plenty of personnel, and thorough policies that address known weaknesses. Yet, they still tend to suffer security incidents as frequently as organizations whose security programs are not as robust.“ Why is this the case? “Simply put: attackers have been adapting to enterprise defenses and exploiting weaknesses we’ve never heard of far faster than we can adapt or react to their activities … until now. There is no such thing as perfect security – but we can take tremendous strides to advance the speed and effectiveness of our security programs.”
Mandiant developed the capability to rapidly and effectively contain these threats. Together, both organizations combine years of rigor and discipline obtaining the threat intelligence required to detect and respond to incidents. These areas of focus represent the totality of the security problem the world faces today. We need to be able to prevent and detect the attacks we understand well enough to counter with technology. We need to analyze the environment to address the attacks that penetrate an organization’s perimeter and bypass preventive measures. And then ultimately, when we understand an attack well enough, contain it to get back to normal business operations. To succeed in today’s cyber-threat environment this cycle must shrink – from alert to fix in months, to alert to fix in minutes – in order to eliminate the consequences of a security breach.
• a fluid process to adapt to emerging threats. As attacks change, defensive measures must evolve. We have learned the nextgeneration security architecture needs to be adaptive, nimble and have real longterm relevance. And we need to approach this with state-of-the-art products, highly skilled security experts and real-time threat intelligence. We call this Adaptive Defense.” Can You tell us a little more about FireEye Adaptive Defense? “FireEye Adaptive Defense fully embraces the combination of FireEye and Mandiant, two companies that approached security from both sides of the security spectrum— detect and respond, respectively. By focusing on detection, FireEye created real-time, signature-less based methods to have situational awareness when attacks occur. By focusing on response,
16 Technology Magazine
ATI adds additional context to the threat intelligence and analysis and alerts you with this information. It includes any known information about the threat actors and malware used. In addition, likely motives and other indicators of compromise are included so you can search for the attackers in your environment. ATI+ adds comprehensive dossiers, trends, news, and analysis on advanced cyber threat groups as well as profiles of targeted industries and information about the types of data threat groups are targeting. It also includes community threat sharing, which allows organizations to share threat intelligence with trusted partners to develop personalized community cyber defenses. Customers at this level can also benefit from our 24/7/365 critical alert and detection efficacy monitoring.”
combination of FireEye and
• the threat intelligence required to leverage the visibility, and
Advanced Threat Intelligence (ATI)
“FireEye Adaptive Defense
“The most effective security programs will incorporate strategies to reduce their target surface and shorten the ‘alert to fix’ cycle to diminish the impact of any security breaches that do occur. Effective, security conscious organizations will implement:
• network, endpoint, and event visibility,
DTI provides basic cyber threat intelligence and enables FireEye technologies to gather and share global threat intelligence. It helps you detect and block advanced cyber-attacks by anonymously exchanging data on web, email, and file-based threats across the FireEye global cloud network.
Advanced Threat Intelligence Plus (ATI+)
fully embraces the
• advanced detection capabilities (signature-less detection, realtime detection),
Dynamic Threat Intelligence (DTI)
That’s the compelling need FireEye
Can You tell our readers what are the most effective security approaches today?
• strong preventive measures to minimize your attack surface area,
Intelligence (DTI) to Advanced Threat Intelligence Plus (ATI+).
Mandiant, two companies that approached security from both sides of the security spectrum—detect and respond, respectively. Adaptive Defense addresses with today’s announcements.” What is FireEye Threat Intelligence and how does it work? “As attackers use more advanced tactics and seek to maintain persistence in an organization, security teams struggle to understand which cyber threats pose the greatest risk. New threats appear daily and create a strain on cyber security teams who must quickly determine whether a threat is real and respond accordingly. FireEye Threat Intelligence draws on our proprietary global, machine-based threat intelligence and incident response analysis. It enables cyber security teams to effectively identify, block, analyze and respond to advanced cyber-attacks by giving them the context required to identify threat actors and the indicators of compromise. FireEye offers multiple levels of threat intelligence to align with your needs and capabilities from our core Dynamic Threat
Do You offer cloud solutions or SAAS? “Technology alone will not defeat a determined attacker. You also need expertise and intelligence. With every new layer of cyber security you put in place, the attackers respond by evolving their own tools and techniques. To combat this constantly changing threat you, too, need a new approach - FireEye as a Service. This is not your usual Managed Security Service and it’s not your typical Managed Security Services Provider (MSSP) arrangement. With FireEye as a Service, our threat analysts are an extension of your cyber security team. The analysts provide: • Insight and intelligence from the front lines of incident responses • Proactive hunting for indicators of compromise (IOCs) in your environment • Around the clock monitoring for indications that a cyber-attack has bypassed your technology defenses Having swift detection, analysis, and response means attackers never gain a foothold and your business assets stay safe.”