Sustainable Security & Compliance Solutions

Similar documents
Cybersecurity & Security as a Service Trends. SteakOut, August 1, 2017

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

INTRODUCING SOPHOS INTERCEPT X

Next Generation Enduser Protection

Cybersecurity & Security as a Service Trends. SteakOut, June 29, 2017

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA NetWitness Suite Respond in Minutes, Not Months

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Symantec Ransomware Protection

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Best Practices in Securing a Multicloud World

Stopping the Threat at the Door

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Sophos Central Admin. help

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Synchronized Security

Endpoint Protection : Last line of defense?

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

CYBER RESILIENCE & INCIDENT RESPONSE

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Getting over Ransomware - Plan your Strategy for more Advanced Threats

9 Steps to Protect Against Ransomware

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

2017 Annual Meeting of Members and Board of Directors Meeting

Designing and Building a Cybersecurity Program

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

with Advanced Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Compliance Audit Readiness. Bob Kral Tenable Network Security

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Stop Ransomware In Its Tracks. Chris Chaves Channel Sales Engineer

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Dell EMC Isolated Recovery

HOSTED SECURITY SERVICES

The 2017 State of Endpoint Security Risk

deep (i) the most advanced solution for managed security services

Monthly Cyber Threat Briefing

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Cybersecurity for Service Providers

Tripwire State of Cyber Hygiene Report

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

RSA INCIDENT RESPONSE SERVICES

the SWIFT Customer Security

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Symantec Endpoint Protection 14

AKAMAI CLOUD SECURITY SOLUTIONS

Protecting productivity with Industrial Security Services

THE RISE OF GLOBAL THREAT INTELLIGENCE

to Enhance Your Cyber Security Needs

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Trend Micro and IBM Security QRadar SIEM

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Digital Wind Cyber Security from GE Renewable Energy

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Cybowall Solution Overview

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Managed Endpoint Defense

HIPAA 2017 Compliancy Group, LLC

Reinvent Your 2013 Security Management Strategy

ACHIEVING FIFTH GENERATION CYBER SECURITY

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cybersecurity Today Avoid Becoming a News Headline

Transforming Security Part 2: From the Device to the Data Center

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Continuously Discover and Eliminate Security Risk in Production Apps

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

SIEMLESS THREAT MANAGEMENT

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Kaspersky Open Space Security

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

THE TRIPWIRE NERC SOLUTION SUITE

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Background FAST FACTS

AT&T Endpoint Security

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Checklist for Evaluating Deception Platforms

Gujarat Forensic Sciences University

RSA INCIDENT RESPONSE SERVICES

IBM Security Network Protection Solutions

BETTER Mobile Threat Defense (BMTD)

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Transcription:

Sustainable Security & Compliance Solutions

Ransomware Realities & Trends Top Data Types Impacted Top 10 Proactive Measures Sophos Next Gen Technologies TopGolf!

Core Team Experienced cyber, compliance, executive team Consultants to SMB & F500 Transformation, change management expertise 67+ industry certifications Industries Served Security Operations Center Expertise 6000 + SIEM Services hours delivered 300+ SIEM Services customers 60+ MSSP customers 500+ SIEM Platform Training customers Enabling, building national service provider cyber practices & MSSP offerings Ongoing Investments Building channel ecosystem Expanding MSSP portfolio Developing & commercializing IP

Its Not Paranoia if They Really Are Out to Get You! There Are No Silver Bullets. Change is Difficult. People and Process (Gaps) Create Vulnerabilities.

http://breachlevelindex.com/

Security & Program Evolution Imperative Attacks from within the perimeter: focused on Human & Software Exploits Ransomware reaching $1.2B in damages Lack of Threat Intelligence after a Breach

2016 TrendMicro The Reign of Ransomware Report

Advanced Malware Evolving Zero Day Exploits Accelerating Limited Visibility Continuing 9

2016 TrendMicro The Reign of Ransomware Report

RaaS is now Pervasive! 2016 TrendMicro The Reign of Ransomware Report

2016 TrendMicro The Reign of Ransomware Report

2017 Trend Micro Report

2016 TrendMicro The Reign of Ransomware Report

https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf?

Note: Utilize a maturity scale to identify what next steps are required to evolve your cybersecurity and compliance programs and your security defense posture, systems, tools, procedures. Cybersecurity Program development best practices resources and webinar can be found here: https://www.knowledgenet.com/cybersecurity-program-development-best-practices/

Wikipedia, the free encyclopedia Note: Cyber-Hygiene best practices resources and webinar can be found here: https://www.knowledgenet.com/cyberhygiene-best-practices/

Secure & Maintain Awareness & Support Among C Levels. CXO Discussion Topics: Cyber Insurance Liability, Exposure Risk Management Process Disaster Recovery, Business Continuity 2016 SANS Cyber Insurance Survey Develop & Implement Awareness Campaigns. Cyber-Hero & Cyber Squads: Internal Advocates. Cyber Minute: Ongoing Awareness.

https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf?

Research resources, partners. (ISACA, ISSA, ISC2, CSA) Utilize available tools, partners, resources. (MS-ISAC) Subscribe to cyber intelligence resources, feeds. (Infragard.org, ACTRA) Participate in various cybersecurity industry associations and events. Find a trusted partner(s) & subject matter expert(s). Review, assess, rank, prioritize partners and vendors by ability to assist with planning, response.

1. Cyber-Hygiene Program (People, Passwords, Patching) 2. Ongoing Discovery (What is, should be - should not be on network) 3. Update Business Continuity & Disaster Recovery Plan 4. Data Back Ups (Off network) 5. Data Encryption (At Rest and In Flight) 6. Update End Point Protection (Don t Just rely on technology) 7. Risk, Cyber, Compliance Assessments (Deploy a Program) 8. Security Education Training & Awareness (w/phishing Simulations) 9. Security Operations Center & 24 x 7 Monitoring (Deploy a Program) 10. Strategic Partners (Pre-Planning, Post Planning & Response) 11. BONUS: Make Ongoing Investments (Next Gen Tech) Note: Best Practices and Webinars on these topics can be found at: https://www.terraverdeservices.com/resources/

Dave Fore, Account Executive Dave.Fore@sophos.com www.sophos.com/central

Security & Program Evolution Imperative Attacks from within the perimeter: focused on Human & Software Exploits Ransomware reaching $1.2B in damages Lack of Threat Intelligence after a Breach

Advanced Malware Evolving Zero Day Exploits Accelerating Limited Visibility Continuing 29

The Evolution of Endpoint Threats From Malware to Exploits 1998 1999 2003 2007 2014 2015 2016 Melissa Virus Love Letter Worm FinFischer Spyware Exploit as a Service Locky Ransomware $1.2B $15B $780M $2.3B $800M $500M $1.1B TRADITIONAL MALWARE ADVANCED THREATS 31

The Evolution of Sophos Endpoint Security From Anti-Malware to Anti-Exploit to Next-Generation Exposure Prevention Pre-Exec Analytics File- Scanning Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Signatures Known Malware Malware Bits Signatureless Behavior Analytics Runtime Behavior Technique Identification TRADITIONAL MALWARE ADVANCED THREATS

Where Malware Gets Stopped }Note: Each Model Standalone is 80-95% Effective This 5% is the SCARY stuff 80% 10% 5% 3% 2% Exposure Prevention Pre-Exec Analytics Signatures Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Signatureless Behavior Analytics Technique Identification Traditional Malware Advanced Threats

! MALICIOUS URLS UNAUTHORIZED APPS REMOVABLE MEDIA EXECUTABLE FILES MS FILES & PDF RANSOMWARE PREVENTION EXPLOIT PREVENTION ADVANCED CLEAN INCIDENT RESPONSE 90% OF DATA BREACHES ARE FROM EXPLOITS KITS 90% OF EXPLOIT KITS ARE BUILT FROM KNOWN VULNERABILITIES AND YET MORE THAN 60% OF IT STAFF LACK INCIDENT RESPONSE SKILLS BEFORE IT REACHES DEVICE PREVENT BEFORE IT RUNS ON DEVICE DETECT RESPOND SOPHOS NEXT GENERATION ENDPOINT DETECTION AND RESPONSE

Introducing

Introducing Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior-based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT-friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean

Anatomy of a Ransomware Attack Exploit Kit or Spam with Infection CryptoGuard Command & Control Established Simple and Comprehensive Universally Prevents Spontaneous Encryption of Data Restores Files to Known State Simple Activation in Sophos Central Local Files are Encrypted CRYPTOGUARD Ransomware deleted, Ransom Instructions delivered

Updated EndUser Agent UI Updated Admin UI NEW Anti-Exploit Attack Prevention Provides advanced exploit protection by focusing on common techniques used by attackers Protects applications against zero-day exploits, malicious traffic, and process breaches

Security 6,787 new vulnerabilities in 2015 31% increase from 2014 (Source: Gartner) Why Is It So Challenging to Address New Threats? 193 Days on average to fix vulnerabilities after discovery (Source: WhiteHat Security) IT Ops 80% of breaches are from known vulnerabilities (Source: Forrester)

Enforce Data Execution Prevention (DEP) Prevents exploit code running from data memory Mandatory Address Space Layout Randomization (ASLR) Prevents predictable code locations Bottom Up ASLR Improves code location randomization Null Page Prevents exploits that jump via page 0 Anti-HeapSpraying Pre-allocates common memory areas to block standard attacks Dynamic Heap Spray Stops attacks that spray suspicious sequences on the heap Import Address Table Filtering (IAF) Stops attackers that lookup API addresses in the IAT VTable Hijacking Helps to stop attacks that exploit virtual tables in Adobe Flash Stack Pivot Stops abuse of the stack pointer Stack Exec Stops attacker code on the stack SEHOP Stops abuse of the structured exception handler Stack-based ROP gadget detection Stops standard Return-Oriented Programming attacks Control-Flow Integrity (CFI) assisted by hardware Stops advanced Return-Oriented Programming attacks Syscall Stops attackers that attempt to bypass security hooks WOW64 Stops attacks that address a 64-bit function from Wow64 Load Library Blocks libraries that load reflectively or from UNC paths Shellcode Stops code execution in the presence of exploit shellcode VBScript God Mode Prevents abuse of VBScript in IE to execute malicious code Block Untrusted Fonts (Windows 10 only) Stops elevation of privilege (EOP) attacks via untrusted fonts Application Lockdown Stops logic-flaw attacks that bypass mitigations Process Protection Stops attacks that perform process hijacking or replacement Network Lockdown Helps to stop attacks that connect back to C&C

Root Cause Analysis Understanding the Who, What, When, Where, Why and How 41

Sophos Clean Advanced Malware Removal. Second opinion scan. Removes Threats Deep System Inspection Removes Malware Remnants Full Quarantine / Removal Effective Breach Remediation On-Demand Assessment Identifies Risky Files / Processes Constantly Refreshed Database Provides Additional Confidence Command-Line Capable 100% Automated with Intercept X Also available as a standalone Forensic Clean Utility

Sophos Intercept X Two Ways to Play The Ultimate Bundle Central Endpoint Advanced Add-On Product Ultimate Promo Bundle Contact re: Discount Upgrades the Endpoint to a Single Agent Existing AV? Better Together Compliments and enhances traditional AV Adds Levels of Protection currently lacking Provides a Forensic-Level Clean Purpose built to compliment and enhance traditional endpoint solutions Security focused on exploit techniques, not merely the tools used Designed for the IT Generalist. Powerful enough for the Info-Sec Professional

Introducing Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT Friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean

Sustainable Security & Compliance Solutions Contact Us for a Private Demo! 45

TopGolf!

http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-recap-january-1-13-2017 http://www.securitymagazine.com/articles/86787-ransomware-attacks-to-grow-in-2016 http://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2017 http://www.computerweekly.com/news/450410530/ransomware-expected-to-dominate-in-2017 https://www.theguardian.com/technology/2016/aug/03/ransomware-threat-on-the-rise-as-40-of-businesses-attacked https://digitalguardian.com/blog/ransomware-protection-attacks https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx https://www.secureworldexpo.com/new-q3-kaspersky-report-shows-cyber-criminals-are-getting-smarter https://www.secureworldexpo.com/russian-bank-cyberheists-are-spreading-worldwide http://www.csoonline.com/article/3134029/security/frightening-technology-trends-to-worry-about.html#slide1 http://www.infosecurity-magazine.com/news/ransomware-mobile-botnets-and-ek/ http://www.infosecurity-magazine.com/news/autorooting-overlay-malware-are/ http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-recap-oct-21-2016 http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/ http://www.idtheftcenter.org/itrc-surveys-studies/2015databreaches.html http://breachlevelindex.com/ http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf? https://community.sophos.com/kb/en-us/124679 https://community.sophos.com/kb/en-us/120797 https://heimdalsecurity.com/blog/what-is-ransomware-protection/ https://www.corero.com/blog/759-the-links-between-ransom-ransomware-and-ddos-attacks.html http://www.idigitaltimes.com/ransomware-hitting-dozens-healthcare-organizations-why-file-encrypting-malware-523219 http://www.darkreading.com/partner-perspectives/intel/healthcare-organizations-must-consider-the-financial-impact-of-ransomware-attacks/a/d-id/1325030 https://lists.riskbasedsecurity.com/pipermail/breachexchange/2016-april/000143.html http://blogs.cisco.com/security/ransomware-the-race-you-dont-want-to-lose http://www.hhs.gov/blog/2016/07/11/your-money-or-your-phi.html http://www.fcmcclerk.com/news/malicious_email_campaign.php http://arstechnica.com/security/2016/03/two-more-healthcare-networks-caught-up-in-outbreak-of-hospital-ransomware/ http://arstechnica.com/security/2016/03/two-more-healthcare-networks-caught-up-in-outbreak-of-hospital-ransomware/ https://heimdalsecurity.com/blog/what-is-ransomware-protection/ http://venturebeat.com/2016/03/26/next-wave-of-ransomware-could-demand-millions/ http://www.zdnet.com/article/cybersecurity-predictions-for-2016-how-are-they-doing/ http://www.healthcareitnews.com/news/phishing-attack-baystate-health-puts-data-13000-patients-risk Tech https://www.techsupportall.com/best-anti-ransomware-software/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback