ELIMINATING ZERO-DAY MALWARE ATTACKS IN DOCUMENTS DO NOT ASSUME OPENING A NORMAL BUSINESS DOCUMENT IS RISK FREE

Transcription

1 ELIMINATING ZERO-DAY MALWARE ATTACKS IN DOCUMENTS DO NOT ASSUME OPENING A NORMAL BUSINESS DOCUMENT IS RISK FREE

2 THE STATE OF THE INDUSTRY A trend towards finding the breach Identify failure faster than ever Or suffer the consequence as we see on a weekly basis Technology built and designed for a purpose Security never built in as a fundamental requirement Legacy systems, lack of investment, reluctance towards innovation Lack of respect and understanding of the enemy Highly skilled, trained, funded, innovators, creative and bespoke engineering Or a simple zero day ransomware attack that brings down NHS

3 A BUSINESS NOT TECHNICAL ISSUE Executives need to step up CIO/CISOs now recognised board position Complacency? Lack of knowledge? Assume IT will sort it!! Understand data risks and down time and plan for prevention not just cure Take control of risk areas such as documents/files Human error a major factor Provide policy guidelines and training to support their staff Use innovative security tools in the front line of defence

4 EU GDPR WILL CHANGE THE LOOK OF THIS SLIDE May 2017 WannaCry ransomware attack cripples a third of UK NHS

5 DOCUMENTS/FILES ARE A RISK?...they are the most commonly used point of entry into an organisation 1 million NEW MALWARE VARIANTS ARE BEING CREATED EACH DAY Source:Symantec 205 MEDIANNUMBEROFDAYS HACKERSWEREPRESENT ON THE NETWORK BEFORE DISCOVERY. Source:Mandiant Source:Verizon Source:Verizon 1 in every 113 NUMBER OF S THAT CONTAIN MALWARE Source:Symantec 78% OFCYBERESPIONAGE ATTACKSUSE ATTACHMENTS Source:Ponemon 94% OF SUCCESSFUL ATTACKS USE TODELIVER PAYLOAD. Source:Ponemon rtf pdf png docx zip jpg xlsx xls ppt gif pptx doc

6 WHY ARE DOCUMENTS/FILES SO DANGEROUS? Multi layered entities Structural, Functional and Content Readers are fundamentally promiscuous There are many versions/types of software that create documents They form the backbone of business communication Yet few companies really know what's traversing their network!! How many s per day maybe? What file types are you receiving? What s in those file types and do they conform?

7 UNSTRUCTURED DOCUMENT/FILES? Header Body File containing 2 variants from specification Zero day attack by removing data which caused Adobe Reader to crash and launch executable code Glasswall Quarantine Report Issue: B1D03F0 Description: Page tree node object couldn t be identified UNSTRUCTURED FILES THE FACTS Variants from standard: PDF 98% MS Office 92% Images 65% E.G. File creation products: Adobe Acrobat Bullzip SodaPDF Cute Microsoft Office Third party vendors Table Trailer

8 INDUSTRY LOOKING IN WRONG PLACE Looking in the wrong place Exposing structural weaponised files Ahead of the market

9 HOW GLASSWALL WORKS Files copied (parsed) into GW engine Original file retained for regulatory purposes GW separates document into structural, functional and content elements Checks every structural byte of file to design spec Applies policy to functional items Processing 200ms average file New compliant safe file regenerated Original content integrity maintained

10 MANAGING FUNCTIONAL RISK Commonly embedded and extensible items File functions that directly relate to targeted attacks URLs JavaScript FUNCTIONAL RISK Ability to apply standards PDF: Acroforms JavaScript URLs Malformed images Executable code Malformed images Files Business documents Macros Active forms Metadata DLP outbound Glasswall allows these functions to be managed by policy, by business unit or individual user thus managing risk profile

11 THREAT INTELLIGENCE WEEKLY REPORT EXAMPLES Analysis of customer data Hash of all attachment checked retrospectively Demonstrates where Glasswall has protected user Shows return on investment

12 USE CASE: GLASSWALL PROTECTION Disarms file attachments missed by gateway or infected internally Removes exploitable metadata in files (outbound) Preserves original content and file usability Sub second processing of file Integrates with existing security and as last line of defence Supports on premise or Office365

13 USE CASE: GLASSWALL API Trust uploaded files Application integration through RESTful API Sub second processing Rapid return of safe, usable files File analysis threat intelligence

14 NEW BASELINE Companies need to take total ownership of documents Layer upon layer of traditional AV security does not increase protection proportionate to the cost outlay Innovation and enforcing policy management Gartner defined a process for document security: Content, Disarm & Reconstruct (CDR) Glasswall delivers CDR + Glasswall delivers KNOWN GOOD documents/files

15 SUMMARY Sophisticated document based attacks are just beginning its not going to go away!! Cyber crime is a growing global business entity ~$1billion p.a. It affects every business and individual Major enterprise Public Sector, Government & Defence Supply chain SMEs Current anti virus and security from malicious attacks is failing GLASSWALL ELIMINATES DOCUMENT THREATS

16 TESTIMONIAL AND AWARDS Glasswall has successfully disarmed numerous zero-day malicious attachments that were not detected by our other messaging defences CSO, Global Infrastructure Provider Winner - Best Security Solution Finalist - Best Emerging Technology Winner - Ones To Watch A new approach to network security will emerge, moving focus from detection of the malicious to validation of the known good Frost and Sullivan, 2015 As malware sandbox evasion techniques improve, the use of content disarm and reconstruction (CDR) at the gateway...will increase Gartner, 2016 After installing Glasswall, no -borne malware has been discovered CISO, UK Magic Circle Law Firm WINNER Cyber Security Innovation of the Year