Gladiator Incident Alert

Transcription

1 Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE Jack Henry & Associates, Inc.

2 Cybersecurity Threat Landscape Many, Highly Sophisticated, Significant Impact Few, Moderately Sophisticated, Medium Impact Cross-site Scripting SSL-encrypted threats Zombie Bots RDP Exploits Buffer Overflow Memory Few, unsophisticated, Low Impact Self Replicating Code Password Guessing Password Cracking Disabling Audits Hijacking Sessions Exploit Known Vulnerabilites Packet Forging & Spoofing SPAM Back Doors Sweeper & Sniffers Service Overwhelm Stealth Diagnostics DoS SQL Injections Phishing Web Browser Pop-Ups VBA, ActiveX Flash Tricks OS Specific Attack Tools Scrapping Ddos Ransomeware APT s Spear Phising Trageted Attacks Drive-by Downloads Watering Hole Attacks

3 Cybercrime will Cost Businesses $2 Trillion Increase cost of data breaches to $2.1 trillion globally by 2019 Increasing to almost four times the estimated cost of breaches in 2015 Rapid digitization of consumers lives and enterprise records Source: Juniper The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation Jack Henry & Associates, Inc.

4 More Malware & More Attacks Symantec Internet Security Threat Report More than 430 million new pieces of malware in % increase from 2014 Attacks targeting businesses with fewer than 250 employees are increasing each year 43% of all attacks in 2015 were targeted at small businesses Jack Henry & Associates, Inc.

5 Millions of Raw Events a Day Single Digit Incident Notifications

6 CoreDEFENSE (Managed end to end Security) 1. Server Host IPS Endpoint Security Protection 3. Security Event Log Analysis System and Application Patching 5. Protection UTM (Fortinet, SonicWall, Cisco) 7. AMP (Advanced Malware Protection) Incident Alert Sandbox Enterprise Vulnerability Scanning 10. Enterprise Mobility Management 11. JHA Core System & NetTeller Monitoring ESM esat End-user Security Awareness Training Jack Henry & Associates, Inc.

7 Why Most Malware Protections Fail The Arms Race is in their favor Automated tools have made it simple to author new, effective malware variants 5.5 million new variants of malware monthly Obfuscation makes it easy to get around pesky signature based solutions Jack Henry & Associates, Inc.

8 AV is Failing, and IPS is not far Behind Signature Based Safety Net Zero Day and APT attacks the Sacrificial Lambs Jack Henry & Associates, Inc.

9 How do we Gain an Edge? Solutions must focus on behavior and threat intelligence AV and IPS focus here 150,000 Malware Variants a Day Nearly Infinite Exploit Methods End Users Opening Holes Gladiator advanced solutions AMP & IA focus here Attack Sources Expected Behavior Malware Hosting Jack Henry & Associates, Inc.

10 Gladiator Incident Alert 24/7 Managed Security Services: Integrated with Gladiator Expert SIEM Architecture to identify malware and prevent cybersecurity incidents. Superior Detection: Detects unknown threats (APTs, ATAs, zero-days, etc.) specifically designed to evade first-generation APT sandbox appliances. Advanced Threat Intelligence: Contains active command and control (C&C) servers, objects with zero-day exploits, toxic web sites, and malware distribution points identified as having breach intent Jack Henry & Associates, Inc.

11 Incident Alert Gladiator SOC Expert Threat Intelligence SIEM Unified Threat Management Security Appliance FW DS/IPS AV WCF VPN Users LastLine Sandbox Deep Content Inspection Security Appliance Memory CPU Operating Systems Applications Jack Henry & Associates, Inc.

12 The Deep Content Inspection Difference Scripts hidden in documents can Compromise users and server as a Launch pad for further compromises Dynamic analysis of artifacts enable LastLine to interact with malware During Hidden execution paths to identify Evasive behavior LastLine emulates computing hardware enabling visibility into CPU instructions, system memory and device interaction Dormant code analysis enables LastLine To identify dormant behavior, enabling Identification of even the most targeted malware Applications Operation Systems CPU Memory Application vulnerabilities exploited by malware are highly version dependent True Kernel Visibility enables identification and manipulation of stalling loops, delay tactic and other evasions used to avoid detection Able to inspect memory contents of malware including encrypted strings Jack Henry & Associates, Inc. Deep Content Inspection Engine

13 LastLine NSS Labs 100% In the history of NSS Labs evaluations, Lastline is the first and only vendor ever to score 100% Security Effectiveness with zero false positives Jack Henry & Associates, Inc.

14 LastLine Best in Breed Jack Henry & Associates, Inc.

15 LastLine - Innovation Jack Henry & Associates, Inc.

16 Last Line Analytics Jack Henry & Associates, Inc.

17 CoreDEFENSE Multi-layered Firewall Monitoring & Management Gladiator - SIEM First layer of defense Protect ports of entry to the financial institution Raw traffic analysis Cloud Services DDOS Mitigation Perimeter Protection Malware Protection Data Exfiltration User Education Detailed Reporting Intrusion Prevention Incident Alert & Advanced Malware Protection Server Security Monitoring Gladiator - SIEM Monitor all incoming and outgoing traffic Looking for virus and hacker signatures Provided by Fortinet, Cisco, SonicWall Gladiator - SIEM Sandbox-enabled deep content inspection Hosted DNS Anomaly Detection Service blocks connectivity to sites hosting malware Gladiator - SIEM Event log monitoring Vulnerability scanning Server IPS esat Employee Security Awareness Training Web based training w/ quiz & reporting Content updated regularly Separate module for Board members Monthly Security Timely Tips newsletter Jack Henry & Associates, Inc.

18 QUESTIONS Allen Eaves