SlideShare a Scribd company logo

FireEye Use Cases — FireEye Solution Deployment Experience

Valery Yelanin
Valery Yelanin

My presentation on ITBIZ/BAKOTECH event @UK Ambassador Residence win cooperation with Jason Steer, Director for Strategy, FireEye EMEA.

1 of 24
Download to read offline
1 FireEye Use Cases FireEye Solution Deployment Experience Valery Elanin, ITBiz ReimaginedSecurity
2 FIREEYE PLATFORM OVERVIEW REAL WORLD TESTS — REAL WORLD RESULTS CASE STUDY
3 Virtual Machine-Based Model of Detection Purpose-Built for Security Hardened Hypervisor Scalable Portable SECURITY Needs To Be To Address The New Threat Landscape FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REALTIMEACROSSALLVECTORS
4 FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE
5 FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention Dynamic Threat Intelligence Network Threat Prevention Content Threat Prevention Mobile Threat Prevention Endpoint Threat Prevention Email Threat Prevention
6 Why Trust FireEye? 11 of 13 Zero Days from 2013 discovered by FireEye First to detect malware Over 80% of the times (compared to traditional AV engines) 55 Industry-leading Customer Net Promoter Score
7 Real World Tests, Real World Results Data Collection Methodologies Dynamic Threat Intelligence Email Threat Prevention Network Threat Prevention 1,614 NX and EX PoV Appliances with 2-way Sharing License from October 2013 to March 2014 348Customer Survey of Deployment Topology at time of PoV
8 Real World Tests, Real World Results By the Number What Was Discovered During FireEye PoV 1216* PoV Customers 20+ Industries 97% Customers Compromised 27% Had APT 63 Countries * 1217 PoV executed (one customer conducted two PoV)
9 43% 29% 20% N. America EMEA APAC JAPAN LATAM ROW FireEye POV Customers By Region Number of PoV Customers % PoV N. AMERICA 528 43% EMEA 351 29% APAC 242 20% JAPAN 54 4% LATAM 38 3% ROW 3 <1%
10 FireEye PoV Customers By Industry 16% Government 6% Energy 18% Financial 5% Retail 7% High-Tech 7% Chemical & Manufacturing 7% Consulting Others (12+) 30% Others 4% Healthcare
11 Traditional Defense Fails to Stop Today’s Threats Exploit Malware Download Command and Control of PoV customers were compromised (attacks went through customers’ defense)97% of PoV customers had CnC communication75%
12 Today’s Malware is Highly Targeted of all the unique malware detected was seen ONCE 75% 208,184 Malware Download 124,289 Unique Malware 93,755 Malware Seen ONCE
13 Traditional Security Solution in POV Cisco Check Point PAN Juniper Fortinet Others 212 Firewall Blue Coat WebSense Cisco McAfee Fortinet Others 119 Proxy 138 McAfee Cisco HP SourceFire Check Point Others IDS/IPS McAfee SymantecTrend Microsoft Kaspersky Others 75 Network AV McAfee Symantec Trend Microsoft Sophos Others 169 Desktop AV
14 AV Ineffective for Today’s Threat 124,289 Unique Malware MD5s During PoVs 63,035 MD5s Known To Top 6 AV Vendors in PoV 25% Malware Undetected By Any of Top 6 AVs 62% Malware Undetected By At Least 4 of the Top 6 AVs
15 File-based Sandbox Also Insufficient for Today’s Threat PoV Customers Reported Having File-based Sandbox 18 PoV Customers Had Compromised Endpoints withActive Callback 15 They Were Protected By 32% 32% 11% 11% 5% 5% 5%
16 Ignorant of environment Fixed behavior, no data Theft capacity Nuisance infection , loss of productivity Cost of cleaning up device and restoring Noisy, sends spam, or DDOS, consumes System wide resources, is able to send and Receive instructions Leads to disruption and potential For embarrassment as source of illegal activity Risk Exposure Steals personal data, Identity theft, banking information, credit cards, social security numbers, resilient communication System, modular system incremental payloads Reputation risk, targets sensitive and controlled data, disclosure has potential for reduced morale/confidence from victims, grievances and regulatory controls may lead to possible legal action. Remotely controlled asset, highly functional , is able to hide, is aware of it’s environment Sells access and steals data to make money Financial Risk Steals corporate credentials For network access , email, etc. Will Leak or Sell confidential information, Provides exposure To all other threat levels Highly targeted, preferred tool of Nation State Actors. stealthy campaigns Major Business Risk. Espionage . Steals competitive Advantage Intellectual property Trade secrets R&D Commercial and Political data 1 2 3 4 5 Low High APT 1 Trojan 17 Backdoor 1 Bot 5 Virus 1 Infostealer 2 Worm 1
17 National PoV Results 5 + PoV Customers 500+ users 3 Industries 100% Customers Compromised Zero-day (1) Infostealler (300+) Trojans (1000+) 40% Had APT
18 Example: Council on Foreign Relations (CFR) Attack Lateral spread infecting more machines About CFR: • Independent, nonpartisan organization, think tank, and publisher • Influential among US policy makers • Members include preeminent personalities and corporations
19 FireEye Platform: Workflow 1 FireEye Network Platforms Monitor Flows for Events Signature-less virtual execution technology Monitors for Targeted and Zero-day attacks Multi-vector threat defense Real-time threat protection MVX 2 FireEye Network Platforms Alert FireEye HX On Event + OS Change Report
20 FireEye Platform: Workflow 3 FireEye HX Validates Endpoints For Compromise Agent Anywhere™ Automatically Investigates Endpoints No Matter Where They Are Reach Endpoints Anywhere Understand What Happened Without Forensics Detect Events in the Past Airplane Hotel Corporate Headquarters Home Office Coffee Shop
21 FireEye Platform: Workflow 4 Contain & Isolate Compromised Devices Deny attackers access to systems with a single mouse click while still allowing remote investigation. Airplane Hotel Corporate Headquarters Home Office Coffee Shop
22 Large and Growing Base of Customers Small Medium Enterprise Government Infrastructure High Tech Healthcare Financial Services, Insurance Retail Small Medium Enterprise
23 Key Takeaways: FireEye by the Numbers Malware events detected in customer networks in 2013 Callbacks to 184 countries detected in 2013 APT campaigns detailed in the APT Encyclopedia Purpose built VMs and EndpointAgents Deployed At Points of Attack IncidentsAddressed by FireEye Security Experts Customers across various verticals actively contributing to threat intelligence 54M 45M 248 4M 1000s 1500+
24 ReimaginedSecurity ReimaginedSecurity Thank You

More Related Content

FireEye Use Cases — FireEye Solution Deployment Experience

  • 1. 1 FireEye Use Cases FireEye Solution Deployment Experience Valery Elanin, ITBiz ReimaginedSecurity
  • 2. 2 FIREEYE PLATFORM OVERVIEW REAL WORLD TESTS — REAL WORLD RESULTS CASE STUDY
  • 3. 3 Virtual Machine-Based Model of Detection Purpose-Built for Security Hardened Hypervisor Scalable Portable SECURITY Needs To Be To Address The New Threat Landscape FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REALTIMEACROSSALLVECTORS
  • 4. 4 FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE
  • 5. 5 FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention Dynamic Threat Intelligence Network Threat Prevention Content Threat Prevention Mobile Threat Prevention Endpoint Threat Prevention Email Threat Prevention
  • 6. 6 Why Trust FireEye? 11 of 13 Zero Days from 2013 discovered by FireEye First to detect malware Over 80% of the times (compared to traditional AV engines) 55 Industry-leading Customer Net Promoter Score
  • 7. 7 Real World Tests, Real World Results Data Collection Methodologies Dynamic Threat Intelligence Email Threat Prevention Network Threat Prevention 1,614 NX and EX PoV Appliances with 2-way Sharing License from October 2013 to March 2014 348Customer Survey of Deployment Topology at time of PoV
  • 8. 8 Real World Tests, Real World Results By the Number What Was Discovered During FireEye PoV 1216* PoV Customers 20+ Industries 97% Customers Compromised 27% Had APT 63 Countries * 1217 PoV executed (one customer conducted two PoV)
  • 9. 9 43% 29% 20% N. America EMEA APAC JAPAN LATAM ROW FireEye POV Customers By Region Number of PoV Customers % PoV N. AMERICA 528 43% EMEA 351 29% APAC 242 20% JAPAN 54 4% LATAM 38 3% ROW 3 <1%
  • 10. 10 FireEye PoV Customers By Industry 16% Government 6% Energy 18% Financial 5% Retail 7% High-Tech 7% Chemical & Manufacturing 7% Consulting Others (12+) 30% Others 4% Healthcare
  • 11. 11 Traditional Defense Fails to Stop Today’s Threats Exploit Malware Download Command and Control of PoV customers were compromised (attacks went through customers’ defense)97% of PoV customers had CnC communication75%
  • 12. 12 Today’s Malware is Highly Targeted of all the unique malware detected was seen ONCE 75% 208,184 Malware Download 124,289 Unique Malware 93,755 Malware Seen ONCE
  • 13. 13 Traditional Security Solution in POV Cisco Check Point PAN Juniper Fortinet Others 212 Firewall Blue Coat WebSense Cisco McAfee Fortinet Others 119 Proxy 138 McAfee Cisco HP SourceFire Check Point Others IDS/IPS McAfee SymantecTrend Microsoft Kaspersky Others 75 Network AV McAfee Symantec Trend Microsoft Sophos Others 169 Desktop AV
  • 14. 14 AV Ineffective for Today’s Threat 124,289 Unique Malware MD5s During PoVs 63,035 MD5s Known To Top 6 AV Vendors in PoV 25% Malware Undetected By Any of Top 6 AVs 62% Malware Undetected By At Least 4 of the Top 6 AVs
  • 15. 15 File-based Sandbox Also Insufficient for Today’s Threat PoV Customers Reported Having File-based Sandbox 18 PoV Customers Had Compromised Endpoints withActive Callback 15 They Were Protected By 32% 32% 11% 11% 5% 5% 5%
  • 16. 16 Ignorant of environment Fixed behavior, no data Theft capacity Nuisance infection , loss of productivity Cost of cleaning up device and restoring Noisy, sends spam, or DDOS, consumes System wide resources, is able to send and Receive instructions Leads to disruption and potential For embarrassment as source of illegal activity Risk Exposure Steals personal data, Identity theft, banking information, credit cards, social security numbers, resilient communication System, modular system incremental payloads Reputation risk, targets sensitive and controlled data, disclosure has potential for reduced morale/confidence from victims, grievances and regulatory controls may lead to possible legal action. Remotely controlled asset, highly functional , is able to hide, is aware of it’s environment Sells access and steals data to make money Financial Risk Steals corporate credentials For network access , email, etc. Will Leak or Sell confidential information, Provides exposure To all other threat levels Highly targeted, preferred tool of Nation State Actors. stealthy campaigns Major Business Risk. Espionage . Steals competitive Advantage Intellectual property Trade secrets R&D Commercial and Political data 1 2 3 4 5 Low High APT 1 Trojan 17 Backdoor 1 Bot 5 Virus 1 Infostealer 2 Worm 1
  • 17. 17 National PoV Results 5 + PoV Customers 500+ users 3 Industries 100% Customers Compromised Zero-day (1) Infostealler (300+) Trojans (1000+) 40% Had APT
  • 18. 18 Example: Council on Foreign Relations (CFR) Attack Lateral spread infecting more machines About CFR: • Independent, nonpartisan organization, think tank, and publisher • Influential among US policy makers • Members include preeminent personalities and corporations
  • 19. 19 FireEye Platform: Workflow 1 FireEye Network Platforms Monitor Flows for Events Signature-less virtual execution technology Monitors for Targeted and Zero-day attacks Multi-vector threat defense Real-time threat protection MVX 2 FireEye Network Platforms Alert FireEye HX On Event + OS Change Report
  • 20. 20 FireEye Platform: Workflow 3 FireEye HX Validates Endpoints For Compromise Agent Anywhere™ Automatically Investigates Endpoints No Matter Where They Are Reach Endpoints Anywhere Understand What Happened Without Forensics Detect Events in the Past Airplane Hotel Corporate Headquarters Home Office Coffee Shop
  • 21. 21 FireEye Platform: Workflow 4 Contain & Isolate Compromised Devices Deny attackers access to systems with a single mouse click while still allowing remote investigation. Airplane Hotel Corporate Headquarters Home Office Coffee Shop
  • 22. 22 Large and Growing Base of Customers Small Medium Enterprise Government Infrastructure High Tech Healthcare Financial Services, Insurance Retail Small Medium Enterprise
  • 23. 23 Key Takeaways: FireEye by the Numbers Malware events detected in customer networks in 2013 Callbacks to 184 countries detected in 2013 APT campaigns detailed in the APT Encyclopedia Purpose built VMs and EndpointAgents Deployed At Points of Attack IncidentsAddressed by FireEye Security Experts Customers across various verticals actively contributing to threat intelligence 54M 45M 248 4M 1000s 1500+