Getting over Ransomware - Plan your Strategy for more Advanced Threats

Transcription

1 Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd.

2 BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago Today Kaspersky Lab PROTECTS PCS FROM VIRUSES using SIGNATURES, delivered with database updates Kaspersky Lab delivers SECURITY SOLUTIONS that PREDICT, DETECT AND RESPOND to cyber threats effectively, flexibly and reliably Always at the defensive edge

3 TARGETED SOLUTIONS FOR YOUR SPECIFIC SECURITY NEEDS Endpoint Security Virtualization Security Mobile Security Anti Targeted Attack Platform DDoS Protection Security Intelligence Services Security Solutions for Data Centers Fraud Prevention Industrial CyberSecurity

4 What We See Today

5 What We See Today New endpoint threats per day Web threats 31.9% of attacked users malicious online attacks Vulnerabilities attacked users Threat reports Mobile threats malicious installation packages Cyber Incidents Investigatio n Ransomware 5% or ~ unique attacked users. x4 growth/per year Data theft confirmed data breaches Targeted attacks $ average total impact of a data breach at an enterprise

6 What We See Today I m too small target I have no time for Security Malware Attack? Who care, Just restore my system

7 Not Only Ransomware Microsoft s August Patch Tuesday update that included 48 patches in all 25 of them critical The most serious RCE vulnerability (CVE ) Windows Search handles objects in memory Attacker who successfully exploited this vulnerability could take control of the affected system

8 Gamefish Do you remember EternalBlue? Download a malicious document masquerading as a hotel reservation form Steal credentials from business travelers APT28 USING ETERNALBLUE TO ATTACK HOTELS IN EUROPE, MIDDLE EAST 12 hours the victim s business network was compromised by someone using same credentials infomation

9 Banker Trojan Stealing and sending text messages Overlaying various applications with phishing windows Hunts for the user s call history, contacts and GPS location. Key Logger

10 Kaspersky New Generation Endpoint Technologies

11 Kaspersky Next Generation Endpoint Technologies Application Whitelisting System Watcher (Behavioral analysis & Rollback ) Kaspersky Security Network Anti-Cryptor for Shared Folders Anti-malware Engine/ Heuristic Kaspersky Security Network

12 Kaspersky Security Network

13 Kaspersky Security Network Global Security Intelligent Service Global cloud network - threat related information from 60 million+ users KASPERSKY SECURITYNETWORK Dynamic Whitelist with over 2.2 billions whitelisted object Application Reputations & Categorize Continuously feeds new data to protection components KASPERSKY GLOBAL USERS 5

14 System Watcher

15 System Watcher Logs application activity using data data received received from: from: KES Anti-Virus engine Firewall component System Watcher Blocks dangerous activity Rolls back malware actions Zero Day Attack place to backup *.EXE AV System Watcher Behavioral analysis Stop Malware Action Log Object Activity Real time backup Roll backup rollback backup modified original

16 Application Privilege Control

17 Application Privilege Control Programs are categorized (KSN, heuristic and manually): Trusted Low Restricted High Restricted Untrusted Limitations are specified for each category: File access Registry access Interaction with other programs New! Audio/Video Control High Restricted Application Privilege Control Application Privilege Control

18 Application Control and Whitelisting

19 APPLICATION STARTUP CONTROL SCENARIOS Default deny Only apps from a safe whitelist can run Default allow All apps can run except those on the blacklist Maximum security Easier to manage Requires a lot of administration Application Privilege Control Can Vulnerability compromise security Monitor Available for both servers and workstations Powered by Kaspersky Lab Dynamic Whitelisting +1M Files/day 1.3+ billion files In-house Whitelisting Lab Constantly updated safe apps database Minimizes attack options for malicious apps with default deny

20 Application Startup Control Whitelist Steps to configure: 1. Define a list of allowed apps from Dynamic Whitelist 2. Define a list of allowed users (for IT support specialists) 3. Enable Whitelist in KES policy Apps Whitelist User Whitelist Application Whitelisting

21 Vulnerability Assessment - Exploit Prevention and Patch Management

22 EXPLOIT PREVENTION THE PROBLEM: exploitation of vulnerabilities in applications facilitates infection Monitors popular applications to prevent exploitation Fully automatic no configuration needed No performance and compatibility issues RESULT: blocking of cyber attack spearhead, including zero days, to prevent infection

23 MONITORING AND PATCHING VULNERABILITIES THE PROBLEM: vulnerabilities in apps can be exploited by malware to penetrate your network Detect and prioritize vulnerabilities in apps and OS 30+ vendors150+ apps, 800+ software versions supported Automated patches and updates distribution RESULT: a better security posture through elimination of exploitable vulnerabilities

24 Kaspersky Systems Management Vulnerability Assessment and Patch Management Vulnerability detection & prioritization Distribution of patches & updates Patch delivery status reports Inventory & License Control Hardware & software inventories License management & compliance Software Distribution Multicast technology supported Policies for automatic distribution OS Deployment Easy image creation & deployment Store, update & deploy Post-installation editing support SIEM Integration All SIEMs via Syslog (RFC 5424) Native HP ArcSight, IBM QRadar and Splunk support Centralized Management Remote troubleshooting Role-Based Access Control Enterprise-level reporting

25 Summary KASPERSKY LAB MULTI-LAYERED PROTECTION in Unified Platform Network Attack Blocker Behavioural detection (System Watcher) Automatic Exploit Prevention Cloud-based protection Heuristics (structure and emulation) Precise detection technologies

26 Kaspersky Cyber Security Awareness Online Training Platform

27 EMPLOYEES ONLINE TRAINING PLATFORM => CYBER HYGIENE SKILLS Skills training modules + For all employees Simulated phishing attacks Knowledge Assessment Analytics and Reporting Check demo at

28 SECURITY DOMAINS COVERED (LIST OF INTERACTIVE MODULES) Anti-Phishing Phil Learn how to spot phishing attacks by identifying fraudulent URLs Anti-Phishing Phyllis Learn how to recognize phishing s by identifying red flags Data Protection and Destruction Use portable storage safety and properly discard sensitive data Security Learn to identify phishing s, dangerous attachments, and other scams Mobile Device Security Use important physical and technical safeguards to protect your devices and your data Mobile App Security Learn how to judge the safety of mobile apps PII Passwords Physical Security Protected Health Information Safe Social Networks PCI DSS Protect confidential information about yourself, your employer and your customers Learn how to create and manage strong passwords Learn how to protect people and property Learn why and how you should safeguard Protected Health Information (PHI) Learn how to use social networks safely and responsibly Recognize warning signs and improve security of credit card data Safer Web Browsing Security Beyond the Office Security Essentials Security Essentials Executives Social Engineering URL Training Stay safe on the Internet by avoiding risky behavior and common traps Avoid common security mistakes while working at home or on the road Recognize security issues commonly encountered in daily job Recognize and avoid threats encountered by senior managers at work and at home Recognize and avoid social engineering scams Learn how to spot fraudulent URLs Check for demo.

29 EMPLOYEE SKILLS TRAINING PLATFORM For all employees Employee Skills Training Platform is available in 27 languages, and this count is growing. Check for demo.

30 LET S TALK? Lapcom Ltd. Sole Distributor of Kaspersky Lab Hong Kong Eric Kwok Eric.kwok@lapcom.com.hk