Kim Due Andersen Channel Account Manager, kim_andersen@trendmicro.com
Udviklingen i trusselsbilledet 2
Trusselsbilledet udvalgte nøgletal. 2016: Stigning på 752% i Ransomware familier Kilde: Trend Micro 80% af brud sker stadigvæk udefra på trods af flere taler om at brugerne er den største risiko 85% af succesfulde exploits sker gennem Top 10 (kendte) sårbarheder En phishingmail åbnes i snit 1 min og 40 sec efter modtagelse, og attachment åbnes i snit 2 min senere! Kilde: Verizon 3
4
Social media?? Og Burger King blev solgt til McDonalds 5
How it Works Ransom Note Trend Micro research has found 99% of ransomware in email and web traffic Pay Ransom Data Decrypted?? OR Multiple Attack Vectors Data Encrypted Restore from Backup 6
Fundamental Best Practices Necessary But Not Sufficient Back-up and Restore Automated: 3 copies, 2 formats, 1 air-gapped from network Access Control Limit access to business critical data Keep Current with Patching Minimize exploits of vulnerabilities Employee Education on Phishing Awareness, best practices, simulation testing 7
Four Layers of Protection 1 Email and Web Gateway 2 Endpoint 3 Network 4 Server 8
Email and Web Protection Block ransomware before it gets to your users. Spear Phishing Protection Identify and block emails which spur users to action that will deliver ransomware Malware Scanning Scan for ransomware in emails, attachments and downloads Web Reputation Block access to know malicious urls Sandbox Attachments and URLs Detect and stop malicious URLs, document exploits, macros and scripts
Endpoint Protection Use the broadest range of next-gen endpoint protection to detect and block ransomware that makes it to the endpoint. Ransomware Behavior Monitoring Detect and stop unauthorized encryption of multiple files Application Control Allow only know good applications to run Vulnerability Shielding Virtually patche endpoint software until it can be patched, shielding endpoints against vulnerability exploits Lateral Movement Detection IDS/IPS rules detect and block lateral movement of attackers
Network Protection Detect and block ransomware from spreading on your network via unmanaged devices or other attack methods like island hopping. Network Monitoring Monitor all network ports and protocols: pattern and reputation analysis and script emulation zero-day exploits and command and control traffic Custom Sandbox Analysis Detect mass file modifications, encryption behavior and modifications that are consistent with ransomware 11
Server Protection Stop ransomware from impacting your most critical data on your servers, whether physical, virtual or in the cloud. Malware Scanning Scan for malicious software and stop it Vulnerability Shielding Virtually patches server software until it can be patched, shielding servers against vulnerability exploits Suspicious Action Monitoring Detect suspicious activity on file servers related to ransomware and stops it C&C Traffic Detection Detect and alert on ransomwarespecific command & control traffic
There is no silver bullet History has clearly shown that no single approach will be successful for thwarting all types of malware attacks. - Gartner EPP Magic Quadrant 2016 13
The Right Technique at the Right Time With its cross-generational blend of threat defense techniques including high-fidelity machine learning, Trend Micro XGen endpoint security is always adapting to identify and defeat new ransomware and other unknown threats. LEGEND Known Good Data Known Bad Data Web & File Reputation Exploit Prevention Application Control Variant Protection Unknown Data Noise Cancellation Pre-execution Machine Learning Behavioral Analysis Safe files allowed Runtime Machine Learning Malicious files blocked 14
Centralized Ransomware Visibility for Early Detection and Prevention 15
Central Visibility with Control Manager User centric threat and DLP* visibility across web, endpoint, email, cloud security layers Single viewpoint into hybrid Office 365 & on-premises Exchange architectures 16 * TMCM-Cloud App Security integration threat data available now, DLP coming in Q2 16
Complete Protection Against Ransomware 17
For Ransomware Removal Tools and Best Practices Visit www.trendmicro.com