Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd.
BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago Today Kaspersky Lab PROTECTS PCS FROM VIRUSES using SIGNATURES, delivered with database updates Kaspersky Lab delivers SECURITY SOLUTIONS that PREDICT, DETECT AND RESPOND to cyber threats effectively, flexibly and reliably Always at the defensive edge
TARGETED SOLUTIONS FOR YOUR SPECIFIC SECURITY NEEDS Endpoint Security Virtualization Security Mobile Security Anti Targeted Attack Platform DDoS Protection Security Intelligence Services Security Solutions for Data Centers Fraud Prevention Industrial CyberSecurity
What We See Today
What We See Today 310 000 New endpoint threats per day Web threats 31.9% of attacked users 758 000 000 malicious online attacks Vulnerabilities 4 347 966 attacked users Threat reports Mobile threats 8 526 221 malicious installation packages Cyber Incidents Investigatio n Ransomware 5% or ~ 1 500 000 unique attacked users. x4 growth/per year Data theft 64 000 confirmed data breaches Targeted attacks $891 000 average total impact of a data breach at an enterprise
What We See Today I m too small target I have no time for Security Malware Attack? Who care, Just restore my system
Not Only Ransomware Microsoft s August Patch Tuesday update that included 48 patches in all 25 of them critical The most serious RCE vulnerability (CVE-2017-8620) Windows Search handles objects in memory Attacker who successfully exploited this vulnerability could take control of the affected system
Gamefish Do you remember EternalBlue? Download a malicious document masquerading as a hotel reservation form Steal credentials from business travelers APT28 USING ETERNALBLUE TO ATTACK HOTELS IN EUROPE, MIDDLE EAST 12 hours the victim s business network was compromised by someone using same credentials infomation
Banker Trojan Stealing and sending text messages Overlaying various applications with phishing windows Hunts for the user s call history, contacts and GPS location. Key Logger
Kaspersky New Generation Endpoint Technologies
Kaspersky Next Generation Endpoint Technologies Application Whitelisting System Watcher (Behavioral analysis & Rollback ) Kaspersky Security Network Anti-Cryptor for Shared Folders Anti-malware Engine/ Heuristic Kaspersky Security Network
Kaspersky Security Network
Kaspersky Security Network Global Security Intelligent Service Global cloud network - threat related information from 60 million+ users KASPERSKY SECURITYNETWORK Dynamic Whitelist with over 2.2 billions whitelisted object Application Reputations & Categorize Continuously feeds new data to protection components KASPERSKY GLOBAL USERS 5
System Watcher
System Watcher Logs application activity using data data received received from: from: KES Anti-Virus engine Firewall component System Watcher Blocks dangerous activity Rolls back malware actions Zero Day Attack place to backup *.EXE AV System Watcher Behavioral analysis Stop Malware Action Log Object Activity Real time backup Roll backup rollback backup modified original
Application Privilege Control
Application Privilege Control Programs are categorized (KSN, heuristic and manually): Trusted Low Restricted High Restricted Untrusted Limitations are specified for each category: File access Registry access Interaction with other programs New! Audio/Video Control High Restricted Application Privilege Control Application Privilege Control
Application Control and Whitelisting
APPLICATION STARTUP CONTROL SCENARIOS Default deny Only apps from a safe whitelist can run Default allow All apps can run except those on the blacklist Maximum security Easier to manage Requires a lot of administration Application Privilege Control Can Vulnerability compromise security Monitor Available for both servers and workstations Powered by Kaspersky Lab Dynamic Whitelisting +1M Files/day 1.3+ billion files In-house Whitelisting Lab Constantly updated safe apps database Minimizes attack options for malicious apps with default deny
Application Startup Control Whitelist Steps to configure: 1. Define a list of allowed apps from Dynamic Whitelist 2. Define a list of allowed users (for IT support specialists) 3. Enable Whitelist in KES policy Apps Whitelist User Whitelist Application Whitelisting
Vulnerability Assessment - Exploit Prevention and Patch Management
EXPLOIT PREVENTION THE PROBLEM: exploitation of vulnerabilities in applications facilitates infection Monitors popular applications to prevent exploitation Fully automatic no configuration needed No performance and compatibility issues RESULT: blocking of cyber attack spearhead, including zero days, to prevent infection
MONITORING AND PATCHING VULNERABILITIES THE PROBLEM: vulnerabilities in apps can be exploited by malware to penetrate your network Detect and prioritize vulnerabilities in apps and OS 30+ vendors150+ apps, 800+ software versions supported Automated patches and updates distribution RESULT: a better security posture through elimination of exploitable vulnerabilities
Kaspersky Systems Management Vulnerability Assessment and Patch Management Vulnerability detection & prioritization Distribution of patches & updates Patch delivery status reports Inventory & License Control Hardware & software inventories License management & compliance Software Distribution Multicast technology supported Policies for automatic distribution OS Deployment Easy image creation & deployment Store, update & deploy Post-installation editing support SIEM Integration All SIEMs via Syslog (RFC 5424) Native HP ArcSight, IBM QRadar and Splunk support Centralized Management Remote troubleshooting Role-Based Access Control Enterprise-level reporting
Summary KASPERSKY LAB MULTI-LAYERED PROTECTION in Unified Platform Network Attack Blocker Behavioural detection (System Watcher) Automatic Exploit Prevention Cloud-based protection Heuristics (structure and emulation) Precise detection technologies
Kaspersky Cyber Security Awareness Online Training Platform
EMPLOYEES ONLINE TRAINING PLATFORM => CYBER HYGIENE SKILLS Skills training modules + For all employees Simulated phishing attacks Knowledge Assessment Analytics and Reporting Check demo at www.kaspersky.com/demo-sa
SECURITY DOMAINS COVERED (LIST OF INTERACTIVE MODULES) Anti-Phishing Phil Learn how to spot phishing attacks by identifying fraudulent URLs Anti-Phishing Phyllis Learn how to recognize phishing emails by identifying red flags Data Protection and Destruction Use portable storage safety and properly discard sensitive data Email Security Learn to identify phishing emails, dangerous attachments, and other email scams Mobile Device Security Use important physical and technical safeguards to protect your devices and your data Mobile App Security Learn how to judge the safety of mobile apps PII Passwords Physical Security Protected Health Information Safe Social Networks PCI DSS Protect confidential information about yourself, your employer and your customers Learn how to create and manage strong passwords Learn how to protect people and property Learn why and how you should safeguard Protected Health Information (PHI) Learn how to use social networks safely and responsibly Recognize warning signs and improve security of credit card data Safer Web Browsing Security Beyond the Office Security Essentials Security Essentials Executives Social Engineering URL Training Stay safe on the Internet by avoiding risky behavior and common traps Avoid common security mistakes while working at home or on the road Recognize security issues commonly encountered in daily job Recognize and avoid threats encountered by senior managers at work and at home Recognize and avoid social engineering scams Learn how to spot fraudulent URLs Check www.kaspersky.com/demo-sa for demo.
EMPLOYEE SKILLS TRAINING PLATFORM For all employees Employee Skills Training Platform is available in 27 languages, and this count is growing. Check www.kaspersky.com/demo-sa for demo.
LET S TALK? Lapcom Ltd. Sole Distributor of Kaspersky Lab Hong Kong www.kaspersky.com.hk Eric Kwok Eric.kwok@lapcom.com.hk https://threatpost.com/ https://securelist.com