SlideShare a Scribd company logo

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Download as PPTX, PDF
Lumension
Lumension

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business? • Gain a detailed overview of the next generation of threats out there • Understand how to detect key threats and attacks before they develop a stranglehold on your business • Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line

1 of 27
Dean Barnes Paul Zimski Principal Security Manager – VP, Solution Marketing, Threat Management Lumension Royal Mail
POLL #1
State Sponsored Malware is Officially Out of the Shadows Google begins alerting Gmail users to 'state-sponsored' attacks. Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.
HOW… …did we get to the point where your online email provider specifically warns users of state- sponsored attacks?
FIRST… …a little history.
Event Timeline: Stuxnet • Publically disclosed 13 months after the first attack against Iran • Designed to sabotage Iranian nuclear refinement plants • Stuxnet attacked Windows systems using an unprecedented four zero-day attacks • First to include a programmable logic controller (PLC) rootkit • Has a valid, but abused digital signature • Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems 2009.06: STUXNET
Event Timeline: Duqu • Considered to be “next generation Stuxnet” • Believed that Duqu was created by the same authors as Stuxnet • Exploits zero-day Windows kernel vulnerabilities • Components are signed with stolen digital keys • Highly targeted and related to the nuclear program of Iran • Designed to capture information such as keystrokes and system information • Central command and control with modular payload delivery – also capable of attacking 2010.09: DUQU 2009.06: STUXNET
Event Timeline: Flame • Designed for targeted cyber espionage against Middle Eastern countries • Spreads to systems over a local network (LAN) or via USB stick • Creates Bluetooth beacons to steal data from nearby devices • “Most complex malware ever found” • “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates • Utilized multiple zero day exploits 2011.05: FLAME 2010.09: DUQU 2009.06: STUXNET
Common APT Characteristics • Highly Targeted and endpoint focused • Use Sophisticated and Low-tech techniques – USB Key Delivery; social engineering • Zero-day vulnerabilities • Fraudulent Certificates • Centralized Command and Control • Undetected for prolonged periods – Exfiltration masking 10
Weaponized - What’s Different? Development Delivery Detection Command & Control Intent • Nation-States • Zero day • Digitally signed • Central command • Surveillance propagation with compromised • Truly customized certificates • Modular payloads • Disrupt / Destroy payloads • Multi-vectored: Blue tooth, USB, • Outbound ex- network filtration masking
WHY… …should the enterprise care?
Why Should the Enterprise Care? Retaliation Risk US Admits Stuxnet - expect increasing retaliation risk against sensitive economic and infrastructure assets
Why Should the Enterprise Care? Collateral Damage Loss of control of weaponized malware in (once weaponized malware is released control is effectively lost) – being exposed to accidentally spreading malware (Stuxnet was discovered after it escaped its targeted environment and started spreading)
Why Should the Enterprise Care? Adaptation by Cyber Criminals Targeted attacks on sensitive information Variants of Stuxnet already seen
What Should The Enterprise Do? Know Where the Risk Is Every endpoint Need to have Need to have a is an enterprise of ONE. autonomous protection. layered approach.
POLL #2
Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
Effectiveness of AV? Pros: AV • Stops “background noise” malware Control the Known • May detect reused code (low probability) • Will eventually clean payloads after they are discovered Cons: • Not an effective line of defense for proactive detection • Can degrade overall endpoint performance with little return on protection
Device Control Effectiveness Pros: • Can prevent unauthorized devices from delivering Device Control payloads Control the Flow • Can stop specific file types from being copied to host machines • Stops a common delivery vector for evading extensive physical and technologic security controls Cons: • Limited scope for payload delivery interruption
Encryption Effectiveness? Hard Drive and Media Encryption Control the Data Pros: • Makes lateral data acquisition more difficult • A good data protection layer outside of APT Cons: • Generally will not protect data if endpoint is compromised at a system level
Application Control Effectiveness Application Control Control the Grey Pros: • Extremely effective against zero day attacks • Stops unknown, targeted malware payloads • Low performance impact on endpoints Cons: • Susceptible to compromise as policy flexibility is increased • Does not stop memory injections (attacks that do not escape service memory)
Patch and Configuration Basics Patch and Configuration Management Control the Vulnerability Landscape Pros: • Eliminates the attackable surface area that hackers can target • Central configuration of native desktop firewalls • Improves endpoint performance and stability • Can enable native memory injection protection Cons: • Does not stop zero-day vulnerabilities
Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
Employee Education Often the first and last line of defense. lumension.com/how-to-stay-safe-online
Summary - Defense in Depth Endpoint Strategy AntiVirus Disinfect generic malware Drive-by malware USB Device Control Enable secure device use Threat Data Vectors Loss Hard Drive & Insider Risk Media Encryption Protect stored data APT Application Control Stop un-trusted change Protection Zero Day Patch & Configuration Reduce attackable surface area Automated Management attacks Landscape
Learn More Quantify Your IT Watch the Get a Risk with Free On-Demand Demos Free Trial Scanners

Recommended

Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Lumension
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Novell
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product InformationZeeshan Humayun
 

Recommended

Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Lumension
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Novell
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product InformationZeeshan Humayun
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp aptJoey Hernandez
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Network security Topic 2 overview continued
Network security Topic 2 overview continuedNetwork security Topic 2 overview continued
Network security Topic 2 overview continuedKhawar Nehal khawar.nehal@atrc.net.pk
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_ClassDr. Robert L. Straitt
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Information security
Information securityInformation security
Information securityRohit Gir
 
10a98 virus111
10a98 virus11110a98 virus111
10a98 virus111Nihar Taranekar
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
V Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii EditedV Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii EditedSHC
 
V Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii EditedV Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii EditedSHC
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malwaresecurityxploded
 

More Related Content

What's hot

Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Information security
Information securityInformation security
Information securityRohit Gir
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attackspoofyroot
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
V Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii EditedV Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii EditedSHC
 
V Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii EditedV Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii EditedSHC
 

What's hot (20)

Iscsp apt
Iscsp aptIscsp apt
Iscsp apt
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Network security Topic 2 overview continued
Network security Topic 2 overview continuedNetwork security Topic 2 overview continued
Network security Topic 2 overview continued
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk Scoring
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_Class
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 
Information security
Information securityInformation security
Information security
 
10a98 virus111
10a98 virus11110a98 virus111
10a98 virus111
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
V Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii EditedV Pro Bp08505 Phase Ii Edited
V Pro Bp08505 Phase Ii Edited
 
V Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii EditedV Pro Bp08505 Phase Iii Edited
V Pro Bp08505 Phase Iii Edited
 

Viewers also liked

Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malwaresecurityxploded
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 
Proofing against malware
Proofing against malwareProofing against malware
Proofing against malwareSensePost
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisDissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisCHOOSE
 
How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware Sanyog Chandra
 
How to protect pc against Malware
How to protect pc against MalwareHow to protect pc against Malware
How to protect pc against Malwarejackadision
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Mikko Hypponen
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malwareaaberra
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Cyphort
 

Viewers also liked (20)

Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
 
Malware-Troyanos-javier
Malware-Troyanos-javierMalware-Troyanos-javier
Malware-Troyanos-javier
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Proofing against malware
Proofing against malwareProofing against malware
Proofing against malware
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisDissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
 
How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware
 
How to protect pc against Malware
How to protect pc against MalwareHow to protect pc against Malware
How to protect pc against Malware
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
ATP
ATPATP
ATP
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 
Osorio antonhy 3 b
Osorio antonhy 3 bOsorio antonhy 3 b
Osorio antonhy 3 b
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 

Similar to Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
B sep ds-21194634.en-us
B sep ds-21194634.en-usB sep ds-21194634.en-us
B sep ds-21194634.en-usPelos TCHIKAYA
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Webroot
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael FirstenbergTI Safe
 
Real-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionReal-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionWebroot
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 

Similar to Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats (20)

Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Business
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
B sep ds-21194634.en-us
B sep ds-21194634.en-usB sep ds-21194634.en-us
B sep ds-21194634.en-us
 
Bezpečnost není jen antivirus
Bezpečnost není jen antivirusBezpečnost není jen antivirus
Bezpečnost není jen antivirus
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Real-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionReal-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware Infection
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 

More from Lumension

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 

More from Lumension (20)

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

  • 1.
  • 2. Dean Barnes Paul Zimski Principal Security Manager – VP, Solution Marketing, Threat Management Lumension Royal Mail
  • 4. State Sponsored Malware is Officially Out of the Shadows Google begins alerting Gmail users to 'state-sponsored' attacks. Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.
  • 5. HOW… …did we get to the point where your online email provider specifically warns users of state- sponsored attacks?
  • 7. Event Timeline: Stuxnet • Publically disclosed 13 months after the first attack against Iran • Designed to sabotage Iranian nuclear refinement plants • Stuxnet attacked Windows systems using an unprecedented four zero-day attacks • First to include a programmable logic controller (PLC) rootkit • Has a valid, but abused digital signature • Payload targeted only Siemens supervisory control and data acquisition (SCADA) systems 2009.06: STUXNET
  • 8. Event Timeline: Duqu • Considered to be “next generation Stuxnet” • Believed that Duqu was created by the same authors as Stuxnet • Exploits zero-day Windows kernel vulnerabilities • Components are signed with stolen digital keys • Highly targeted and related to the nuclear program of Iran • Designed to capture information such as keystrokes and system information • Central command and control with modular payload delivery – also capable of attacking 2010.09: DUQU 2009.06: STUXNET
  • 9. Event Timeline: Flame • Designed for targeted cyber espionage against Middle Eastern countries • Spreads to systems over a local network (LAN) or via USB stick • Creates Bluetooth beacons to steal data from nearby devices • “Most complex malware ever found” • “Collision" attack on the MD5 algorithm – to create fraudulent Microsoft digital certificates • Utilized multiple zero day exploits 2011.05: FLAME 2010.09: DUQU 2009.06: STUXNET
  • 10. Common APT Characteristics • Highly Targeted and endpoint focused • Use Sophisticated and Low-tech techniques – USB Key Delivery; social engineering • Zero-day vulnerabilities • Fraudulent Certificates • Centralized Command and Control • Undetected for prolonged periods – Exfiltration masking 10
  • 11. Weaponized - What’s Different? Development Delivery Detection Command & Control Intent • Nation-States • Zero day • Digitally signed • Central command • Surveillance propagation with compromised • Truly customized certificates • Modular payloads • Disrupt / Destroy payloads • Multi-vectored: Blue tooth, USB, • Outbound ex- network filtration masking
  • 13. Why Should the Enterprise Care? Retaliation Risk US Admits Stuxnet - expect increasing retaliation risk against sensitive economic and infrastructure assets
  • 14. Why Should the Enterprise Care? Collateral Damage Loss of control of weaponized malware in (once weaponized malware is released control is effectively lost) – being exposed to accidentally spreading malware (Stuxnet was discovered after it escaped its targeted environment and started spreading)
  • 15. Why Should the Enterprise Care? Adaptation by Cyber Criminals Targeted attacks on sensitive information Variants of Stuxnet already seen
  • 16. What Should The Enterprise Do? Know Where the Risk Is Every endpoint Need to have Need to have a is an enterprise of ONE. autonomous protection. layered approach.
  • 18. Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  • 19. Effectiveness of AV? Pros: AV • Stops “background noise” malware Control the Known • May detect reused code (low probability) • Will eventually clean payloads after they are discovered Cons: • Not an effective line of defense for proactive detection • Can degrade overall endpoint performance with little return on protection
  • 20. Device Control Effectiveness Pros: • Can prevent unauthorized devices from delivering Device Control payloads Control the Flow • Can stop specific file types from being copied to host machines • Stops a common delivery vector for evading extensive physical and technologic security controls Cons: • Limited scope for payload delivery interruption
  • 21. Encryption Effectiveness? Hard Drive and Media Encryption Control the Data Pros: • Makes lateral data acquisition more difficult • A good data protection layer outside of APT Cons: • Generally will not protect data if endpoint is compromised at a system level
  • 22. Application Control Effectiveness Application Control Control the Grey Pros: • Extremely effective against zero day attacks • Stops unknown, targeted malware payloads • Low performance impact on endpoints Cons: • Susceptible to compromise as policy flexibility is increased • Does not stop memory injections (attacks that do not escape service memory)
  • 23. Patch and Configuration Basics Patch and Configuration Management Control the Vulnerability Landscape Pros: • Eliminates the attackable surface area that hackers can target • Central configuration of native desktop firewalls • Improves endpoint performance and stability • Can enable native memory injection protection Cons: • Does not stop zero-day vulnerabilities
  • 24. Defense in Depth Strategy AV Successful risk mitigation starts with a solid Control the Known vulnerability management foundation, together with layered defenses beyond traditional black-list approaches. Device Control Control the Flow Hard Drive and Media Encryption Control the Data Application Control Control the Grey Patch and Configuration Management Control the Vulnerability Landscape
  • 25. Employee Education Often the first and last line of defense. lumension.com/how-to-stay-safe-online
  • 26. Summary - Defense in Depth Endpoint Strategy AntiVirus Disinfect generic malware Drive-by malware USB Device Control Enable secure device use Threat Data Vectors Loss Hard Drive & Insider Risk Media Encryption Protect stored data APT Application Control Stop un-trusted change Protection Zero Day Patch & Configuration Reduce attackable surface area Automated Management attacks Landscape
  • 27. Learn More Quantify Your IT Watch the Get a Risk with Free On-Demand Demos Free Trial Scanners