Sponsor: Fireeye

Les cyberpirates contournent les défenses informatiques traditionnelles presque à leur guise, compromettant des systèmes partout dans le monde et dans pratiquement tous les secteurs d'activité. Cette étude fait suite à notre rapport La ligne Maginot de la cybersécurité : Un audit grandeur nature du modèle de défense en profondeur, publié en mai 2014, et analyse les nouvelles données récoltées dans les mois qui ont suivi. De fait, les dispositifs de défense actuels sont autant de lignes Maginot : des dispositifs impressionnants qui se révèlent au bout du compte inefficaces.

Plongez-vous dans l'univers bien réel des cybermenaces. « M-Trends 2015 : Les nouvelles du front » vous livre une analyse issue de centaines d'interventions sur incidents réalisées par Mandiant auprès d'entreprises de plus de 30 secteurs d'activité. Analyses, décryptages, statistiques et études de cas : ce rapport revient sur l'évolution des outils et tactiques mis en œuvre par les auteurs de menaces APT au cours de l'année écoulée. Il présente en outre les diverses mesures et solutions que les entreprises peuvent adopter pour détecter, contrer et neutraliser plus efficacement les attaques avancées.

You understand the intricacies of today’s threat landscape, and the difficulties your organization faces when attempting to prevent, investigate and remediate targeted attacks, but how do you explain that difficulty, and subsequent cost, to senior leadership? Often the best tactic is to speak to them in a language that they understand: money.

This paper provides step-by-step instruction on how to craft an effective business case for a proactive, advanced threat solution and describes how to:

• Properly communicate the challenges you face
• Assess the business impact
• Shift the discussion from technically-focused to dollars and cents.

Users cannot keep up. They cannot tell which alerts are important. Urgent warnings get lost in the noise. When valid warnings do appear, security teams don’t know what to do with them.

For truly effective protection, security leaders must focus on the ability to detect true threats, quality of alerts rather than the quantity. This paper explores the factors behind the deluge of alerts, why they hurt rather than help protect your assets, and how you can better manage them.

Download the report to read more.

FireEye as a Service helps companies defend against growing threats in an age where top security talent is in short supply. It enhances your existing security infrastructure by engaging FireEye security experts to monitor your network and endpoints around the clock, using FireEye technologies and specialized techniques to hunt for signs of compromise that have gone unnoticed. These experts provide detailed reports of what they find and recommend how you should respond.

Read this Whitepaper to learn more.

In a recent analysis of mobile apps, FireEye discovered vast vulnerabilities in thousands of the most popular downloads. This in-depth report reveals that Android malware is growing more pervasive, and iOS devices are also increasingly at risk.

Download this report to learn more.

Security leaders are now expected to be experts in the latest technologies, security controls, global regulations, privacy issues, contracting terms, and communications. Few, if any, security programs can live up to these expectations; your road map should explain plans to delegate functions, influence partners, and collaborate with stakeholders.

This report explains the forces that should drive transformation in your program and how to incorporate them into a road map that will make internal stakeholders appreciate how the security programs makes their objectives more attainable.

Physical conflicts increasingly have a cyber element to them. This report highlights how Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans.

FireEye researchers uncovered these stolen documents as part of our ongoing threat research. Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions belonging to the men fighting against Syrian President Bashar al-Assad’s forces. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

Download this report to learn more.

Mandiant’s annual threat report reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced persistent threat (APT) actors have evolved over the last year. The report, compiled from hundreds of Mandiant incident response investigations in more than 30 industry sectors, also includes approaches that organizations can take to improve the way they detect, respond to, and contain advanced attacks.

Download the report to learn:

• How attackers are staying hidden and maintaining a foothold in compromised systems
• Which industries comprised the bulk of Mandiant engagements in 2014
• Five key questions your investigation should answer
• How the lines are blurring between nation-state attacks and cyber crime—and why it matters

Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. In this follow-up to our groundbreaking May 2014 report, “Cybersecurity’s Maginot Line: A Real-World Assessment of the Defense-in-Depth Model,” we examine new data gathered in the ensuing weeks. Like France’s famed Maginot Line—an impressive but ultimately futile defense line built in the run-up to World War II to stave off a German invasion—today’s defenses are failing.

Because FireEye sensors operate behind other security layers, we have unique vantage point from which to gauge other security tools. By design, any threat observed by FireEye in the study had passed through all other security defenses.

The new data validates our original findings and identifies several new trends. Across all industry segments, 96 percent of systems were breached on average. And 27 percent of those breaches involved advanced malware. Download the report to learn more.

This first-of-its-kind study examines data from more than 1,600 FireEye network and email appliances in real-world settings. The FireEye devices were part of more than 1,200 “proof-of-value” trials in actual deployments, where they sat behind other defensive layers but were not set to block malicious activity. That unique vantage point revealed a deeply flawed defense-in-depth model.

The study gets its title from France’s famed Maginot Line — the technically impressive 940-mile border defense that Germany simply bypassed with a novel blitzkrieg style of warfare. Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s threat landscape. Organizations spend billions of dollars every year on IT security. But attackers are easily outflanking these defenses with clever, fast-moving attacks.

Operating since at least mid-2013, FIN4 distinctly focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition (M&A) deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries. FIN4 has targeted individuals such as top executives, legal counsel, outside consultants, and researchers, among others.

Our visibility into FIN4’s activities is limited to their network operations; we can only surmise how they may be using and potentially benefiting from the valuable information they are able to obtain. However one fact remains clear: access to insider information that could make or break stock prices for over 80 publicly traded companies could surely put FIN4 at a considerable trading advantage.

Download the report to:

• Find out the types of companies FIN4 has targeted and the information they're after
• Learn about the techniques used to compromise key executive email accounts
• Discover the mechanisms FIN4 uses to organize the data they collect and the steps used to evade detection
• Understand the preventative measures that can be taken to avoid similar attacks

This report details the survey results of all aspects of alert management in Europe – covering where alerts originate, how they’re categorized, and how they’re managed – and how the process can increase the likelihood of a breach being successful.

Download the report and learn:

• Why alerts are not fool-proof
• Why having more consoles may not be the answer to your security needs
• How your IT team may not be prepared to handle critical alerts
• How long it takes other organizations to respond to alerts, and how you compare
• Why outsourcing could save you money and mitigate risk

It hides in network communications, in all the noise—designed so that defenders can neither detect nor characterize its activity. But its purpose is transparent: to use Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks.

Download the report and read about the recently discovered HAMMERTOSS, a malware backdoor created by the Russian advanced persistent threat (APT) group APT29.

セキュリティ・ベンダー各社は、従来型セキュリティ・ソリューションの限界を渋々認め、サンドボックスとして知られるダイナミック解析ソリューションを製品ラインナップに加えようと躍起になっています。自動解析ソリューションは、仮想マシン（VM）を使用してファイルの振る舞いを検証し、不正な動作の有無を確認します。 しかしあまりにも多くの製品が市場に出回り、どのベンダーも同じような効果を主張しているため、最適なダイナミック解析ソリューションの選択は容易ではありません。このホワイトペーパーでは、サンドボックスの仕組み、サンドボックスに基づく大多数のアプローチが機能しない理由、VMに基づく解析ソリューションの評価基準について説明します。主な内容は次のとおりです。

• サンドボックスが特効薬にならない理由
• 一般的なサンドボックス技術が抱える6つの重大な欠陥
• VMツール評価時のチェック項目