Endpoint Protection : Last line of defense?

Similar documents
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ANATOMY OF AN ATTACK!

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Symantec Ransomware Protection

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Symantec Endpoint Protection 14

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

IBM Security Network Protection Solutions

2018 Cyber Security Predictions

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Synchronized Security

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Securing the SMB Cloud Generation

Defensible and Beyond

Next Generation Endpoint Security Confused?

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Advanced Endpoint Protection

PrecisionAccess Trusted Access Control

THE ACCENTURE CYBER DEFENSE SOLUTION

How We Delivered Compliance to a London-based Law Firm. A Network Security Project Case Study.

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

100% Endpoint Protection dank Machine Learning, EDR & Deception?

MOBILE SECURITY OVERVIEW. Tim LeMaster

Building Resilience in a Digital Enterprise

Massive Attack WannaCry Update and Prevention. Eric Kwok KL.CSE

South Korea Cyber-attack Heightens Changes in Threat Landscape. Richard Sheng Sr. Director, Enterprise Security, Asia Pacific

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER. Claudio Tosi, Sales Engineer, Malwarebytes

Gladiator Incident Alert

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Maximum Security with Minimum Impact : Going Beyond Next Gen

Cyber Defense Operations Center

Next Generation Enduser Protection

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Symantec Client Security. Integrated protection for network and remote clients.

with Advanced Protection

McAfee Embedded Control

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

CTS2134 Introduction to Networking. Module 08: Network Security

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Cyber Security. Our part of the journey

Stopping Advanced Persistent Threats In Cloud and DataCenters

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

A Simple Guide to Understanding EDR

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

ForeScout CounterACT. Security Policy Templates. Configuration Guide. Version

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

CIH

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

CloudSOC and Security.cloud for Microsoft Office 365

Combating Cyber Risk in the Supply Chain

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Intelligent and Secure Network

Intel Security Advanced Threat Defense Threat Detection Testing

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Seqrite Endpoint Security

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Business Strategy Theatre

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

CounterACT Security Policy Templates

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Service Provider View of Cyber Security. July 2017

9 Steps to Protect Against Ransomware

The Evolution of : Continuous Advanced Threat Protection

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

The Internet of Everything is changing Everything

McAfee Public Cloud Server Security Suite

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

THE REAL TRUTH BEHIND RANSOMWARE EDDY WILLEMS SECURITY EVANGELIST

The Evolving Threat of Internet Worms

NETWORK THREATS DEMAN

MODERN DESKTOP SECURITY

2. INTRUDER DETECTION SYSTEMS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

RSA Security Analytics

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Chapter 4. Network Security. Part I

Multi-vector DDOS Attacks

The 2017 State of Endpoint Security Risk

Intelligent Protection

RSA INCIDENT RESPONSE SERVICES

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

The GenCyber Program. By Chris Ralph

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Transcription:

Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor

OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development in security technology requires understanding on how the many solutions work together, not against each other. Good understanding of technology allows better design and implementation when: Integrating Security Controls in a new infrastructure, or Incorporating new or optimizing existing security controls in response to recent threats. Understanding the role of Endpoint Security Controls as the last line of defense.

CYBER SECU RITY IS A CEO, NOT CIO ISSU E T H E B U S I N E S S I M PA C T O F C Y B E R C R I M E I S O V E R W H E L M I N G 200+ D AY S Cyber threats are a material risk to your business Median number of days attackers are present on a victims network before detection Source Microsoft Advanced Threat Analytics Attacks are fast, efficient, and easier to implement $3 TRILLION Impact of loss of productivity and growth by 2020 Source : McKinsey Risk and Responsibility in Hyperconnected World Report 2014 $4 MILLION Average cost of a data breach (up 29% since 2013) [383 Org in 12 countries] Source : 2016 Ponemon Institute Cost of Data Breach Study 50 % of those who open phishing messages, click attachments within the first hour Source Microsoft Advanced Threat Analytics

CHANGES IN CYBER THREAT? MALWARE SELF PROPAGATE DISRUPT PERSISTENT Blaster Worm Discovered: August 11, 2003 Propagates via network (network worm) Scans and connect on TCP port 135 Exploit MS Windows DCOM RPC Interface Buffer Overrun Vulnerability. Date trigger payload that launches DDoS SYN flood against windowsupdate.com Sends large amount of data sufficient to overrun the buffer Gain shell on TCP port 4444 - backdoor Invoke 'tftp.exe download System to reboot in order to launch Created by an 18-year-old from Minnesota, sentenced to 18mo prison term. Wannacry Ransomware Discovered: May 12, 2017 Propagates via network (network worm) Scans and exploit SMB protocol Eternal Blue exploit Install backdoors (Double Pulsar) Encrypting data and demanding ransom payments in Bitcoin Includes Kill switch (prevented infected computers from spreading WannaCry further). Affected more than 200,000 computers across 150 countries (manufacturing plants, hospitals) System reboot/bluescreen on certain platform. Created by a North Korean computer programmer, claimed to be state-sponsored attack.

RECENT INCIDENTS/VULNERABILITY HIT ENDPOINTS RANSOMWARE HARDWARE LEVEL VULNERABILITY May 2017 - Wannacry Ransomware June 2017 - NotPetya Oct 2017 Bad Rabbit Jan 2018 Meltdown and Spectre Kernel memory vulnerability allow memory exploit at hardware level

ANATOMY OF A HACK AND WHAT S AT STAKE Objective of compromise: To steal information, credentials. To weaponize a compromised host as launching pad, man in the middle. To ransom the victim. To gain unauthorized use of computing resources crypto mining, spam relay, malware hosting

MULTI LAYERED ATTACK MITIGATION MULTI- LEVEL SUBVERSION TO ULTIMATELY TARGET ENDPOINTS Cyber Attacks @network @application IPS Anti-DDoS ACL VPN ATP AV GW Anti-Spam Host-based Anti-Virus Host-based Firewall Disk/volume encryption Data Leakage Prevention Advanced Threat Protection I/O lockdown Content Filter Internet / WAN Router Gateway Firewall Gateway Security Controls Endpoints Security Controls

BLACKLISTING WHITELISTING LEARNING SECURITY CONTROLS Blacklist: allows everyone access except those listed in the blacklist Whitelist: denies everyone access except those listed in the whitelist Blacklisting Technology Block/Blacklist selected files/applications/url/domain/content based on certain known fact/signature. IPS, Firewall, Content Filter, DLP, Anti Malware Whitelisting Technology Application Whitelist - Allow installation of only selected files/application based on certain known criteria that is set as policy. Network Traffic Whitelist Access Control List Learning Technology Conduct analysis to determine anomaly, based on algorithms such as behavioral, heuristic, Artificial Intelligence, Machine Learning and more Example: Anti-spam, ATP, Anti-DDoS Page 8

ANTI MALWARE EVOLVED INTO ENDPOINT PROTECTION DETECTING THE KNOWN AND UNKNOWN (ZERO- DAY) Challenges Signature-less approaches (APT) Behavioral detection and forensics Viruses, Worms, Trojans mutate - polymorphic code change every time it runs signature fails. Gartner and Forrester has described AV as ineffective and outdated. False Positive when doing app updates Performance degrade due to size of heavy processing. 1949 to 1980 1980 to 1990 1990 to 2000 2000 to 2005 2005 to 2014 2014 to present Conflict with encryption software. 9

ENDPOINT TARGETS INTERNET FACING SERVERS END USER COMPUTERS SERVERS END USER WEB Server Injection Attacks Mail Server Via Phishing /Spam Via Web Drive-by attacks AV Serve r Directory Service Via Network Scannin g Via Folder Sharing Domain Name Server Via File Transfers Via Tech Support Advertisement

METHODS OF APPLICATION WHITELISTING WHAT TO LOOK FOR IN APPLICATION WHITELISTING Critical systems require only limited function to conduct daily operations and should operate based on trusted applications. Implementing Top 4* security controls at endpoints will mitigate at least 85% of the intrusion techniques. Application whitelisting is one of the Top 4 controls. Methods used by most application whitelist solution: File Hash - maintaining hash of the whitelisted files Digital Certificates - trust certain publishers of software. Most software vendors digitally sign their applications. This digital signature can be used by many whitelisting vendors to automatically approve software from a specific vendor into the whitelist. Trusted updaters e.g. predefined accounts, processes or network locations which are automatically trusted. Automatic trust means that an application can be installed and automatically added to the enterprise whitelist. Monitoring mode Incident Response - This provides visibility into the executables which are running on end user systems and can be used to detect, confirm and respond to attacks. *TOP 4 STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS: MANDATORY REQUIREMENT EXPLAINED by Australian Signals Directorate (ASD) assesses that https://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm Page 11

BRINGING IT ALL TOGETHER TOWARDS EFFECTIVE SECURITY CONTROLS AGAINST PAST, CURRENT AND EMERGING THREATS Make security controls work together, not against each other. Don t just settle Measure effectiveness of Endpoint controls and make improvements. Page 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback