SlideShare une entreprise Scribd logo

Is antivirus enough to protect industrial networks

TI Safe
TI Safe

The document summarizes a workshop on whether antivirus is an efficient tool for industrial network protection. The workshop was presented by Marcelo Branquinho and Jan Seidl of TI Safe in Hannover, Germany in March 2013. The workshop agenda covered topics like malware in automation networks, the limitations of signature-based antivirus detection, and the need for a defense-in-depth approach using tools like intrusion detection systems and whitelisting rather than solely relying on antivirus. Test results were presented that showed many antivirus solutions were unable to detect hacking tools and custom malware.

1  sur  49
Télécharger pour lire hors ligne
Workshop: Is antivirus an efficient tool for industrial network protection? Marcelo Branquinho & Jan Seidl CEBIT - March of 2013 Hannover, Germany www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Presentors Marcelo Branquinho Jan Seidl marcelo.branquinho@tisafe.com jan.seidl@tisafe.com • CEO at TI Safe. • Technical Coordinator at TI Safe. • Senior member of ISA and committee • Expert in risk analysis in member of ANSI/ISA-99. automation systems. • Researcher in security technologies to • Researcher in the field of malware protect critical infrastructure. engineering. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Follow us! • Twitter: @tisafe • SlideShare: www.slideshare.net/tisafe • Facebook: www.facebook.com/tisafe • Flickr: http://www.flickr.com/photos/tisafe www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
You don’t have to copy... http://www.slideshare.net/tisafe www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Workshop Agenda • Malware in automation networks • The is no silver-bullet/turnkey solution • Signature-based detection is almost useless • Bonus: Free tools can also bypass AV • IDPS and Whitelisting • Defense in depth and segmentation • Training and awareness: Educating users • Finding “Patient Zero” and regaining control through “Divide and Conquer” • Closing comments • Audience Q&A www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Malware in SCADA networks www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Vectors of infection • Exploits • Removable media (Pen Drives, External HD) • Shared Networks • External networks (connections with other company´s networks) • 3G networks • Virtual Private Networks (VPNs) • Disgruntled employees • Lack of user’s expertise (click on links and attachments ...) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
The “Happy clicker” user I should click here! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Vectors of spreading • Exploits • Removable media (Pen Drives, External HD) • Shared Network Drives • External networks (connections with other company‘s networks) • 3G networks • VPNs www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Possible infection impacts • Unavailability of engineering and supervisory workstations. • Unavailability of control servers. • Unavailability of controllers (PLCs, IEDs, RTUs). • Disruption of control network. • Loss of data. • Intellectual property theft. • Physical damage. • Loss of human lives. • Environmental damage. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Impact www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Documented Incidents in Brazil Incidents # Cases Malware 5 In most cases of contaminations Human error 14 observed in our customers, there Device failure 7 Others 4 was an antivirus solution installed Incidents in Brazil on the infected hosts... … that wasn't able to detect and Picture: Documented industrial incidents in prevent the spread of infection Brazil until December of 2012. throughout the network. Source: TI Safe Knowledge Base. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
There is no silver-bullet / turn-key solution :( and there will 'never' be. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? Security is a concept not a monolithic solution. Many solutions working together build up security. Don't trust “all-in-one” solutions (UTMs, applications that work in multiple areas, etc.) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? You need the best solution for each area. Each vendor has expertise in its own area and probably won't master all of them at the same time. Security is not only for your hosts but also networks and personnel. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Signature-based detection is almost useless www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? Signatures are based in known patterns in files. What about unknown threats? Polymorphism isn't something new. A wide variety of malware has its source code available. Anybody can change it, recompile it and... VOILÁ! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? Remember: Hackers don't follow patterns! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? We tested some free hacking tools against antivirus software from popular vendors... www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Why? … and got some interesting and alarming results. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Antivirus solutions tested • McAfee Antivirus Plus 2012 • F-Secure Antivirus 2012 • Kaspersky Antivirus 2012 • avast! Pro Antivirus 6 • Panda Antivirus Pro 2012 • AVG Anti-Virus FREE 2012 • Trend Titanium Maximum • Sophos Anti-Virus 7 Security 2012 • Microsoft Security Essentials • Norton Antivirus 2012 • E-SET NOD32 Antivirus 5 All antivirus software tested (except for the free ones) were obtained from the websites of All antivirus software tested (except for the free ones) were obtained from the websites of their manufacturers in their 32-bit evaluation version (English). their manufacturers in their 32-bit evaluation version (English). All antivirus solutions were installed on the 'Recommended‘ setting. All antivirus solutions were installed on the 'Recommended‘ setting. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test Results Matrix Soluções de Antivirus Testadas McAfee Antivirus Plus Kaspersky Antivirus Panda Antivirus Pro Trend Titanium AVG Anti-Virus FREE Microsoft Security Ataques Executados Norton Antivirus 2012 F-Secure Antivirus 2012 avast! Pro Antivirus 6 Sophos Anti-Virus 7 E-SET NOD32 Antivirus 5 2012 2012 2012 Maximum Security 2012 Essentials 1 EICAR EICAR test file EICAR-Test-File EICAR-AV-TEST-FILE Eicar_test_file EICAR Test String Trojan.Generic.6567028 EICAR Test-NOT virus!!! EICAR_Test EICAR-AV-Test DOS/EICAR_Test_File Eicar test file Metasploit EXE Default Template (no a variant of Win32/Rozena.AA 2 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/EncPk-ACE Trojan.Win32/Swrort.A encryption) trojan Metasploit EXE Default Template a variant of Win32/Rozena.AH 3 Swrort.d Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit EXE Notepad Template (no a variant of Win32/Rozena.AA 4 Swrort.f Trojan.Win32.Generic Trj/Genetic.gen - - Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A encryption) trojan Metasploit EXE Notepad Template a variant of Win32/Rozena.AH 5 Swrort.d Trojan.Win32.Generic Trj/Genetic.gen - - Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit EXE SkypePortable Template a variant of Win32/Rozena.AH 6 Swrort.d Trojan.Win32.Generic - - - Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit LOOP-VBS Default Template a variant of Win32/Rozena.AA 7 Swrort.f Trojan.Win32.Generic Script Blocked TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (no encryption) trojan Metasploit LOOP-VBS Default Template a variant of Win32/Rozena.AH 8 Swrort.f Trojan.Win32.Generic Script Blocked TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Trojan.Win32.Genome Win32/ShellcodeRunner.A 9 Shellcodexec Default w/ VBS launcher Generic.tfr!i Trj/CI.A - Trojan.Gen Trojan.Generic.6567028 Win32:Malware-gen Trojan Generic22.KPM Mal/Generic.L - .vrrg trojan TI Safe Modded Shellcodeexec (w/ VBS 10 - - Script Blocked - - - - - - - - launcher) TI Safe Modded Shellcodeexec (Custom 11 - - - - - Backdoor.Shell.AC - Trojan Generic22.SND - Trojan.Win32/Swrort.A - EXE w/ embedded payload) 12 TI Safe Custom Payload Launcher - - - - - - - - Mal/FakeAV-FS - - Bloodhound.Exploit.21 13 Metasploit PDF (adobe_utilprintf) Exploit.PDF.bk.gen Exploit.JS.Pdfka.cil - HEUR_PDFEXP.B Exploit.PDF-JS.Gen JS:Pdfka-gen Script/Exploit Troj/PDFJs-B Trojan.Win32/Swrort.A JS/Exploit.Pdfka.NOO trojan 3 Metasploit PDF 14 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Bloodhound.PDF.24 Exploit.PDF-Dropper.Gen Win32:SwPatch Exploit.PDF Mal/Swrort-C Trojan.Win32/Swrort.A PDF/Exploit.Pidief.PFW trojan (adobe_pdf_embedded_exe) Metasploit PDF 15 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_PIDIEF.SMEO Bloodhound.PDF.24 Exploit.PDF-Dropper.Gen PDF:Launchr-C Exploit Mal/Swrort-C Trojan.Win32/Swrort.A PDF/Exploit.Pidief.PFT trojan (adobe_pdf_embedded_exe_nojs) 16 Metasploit Java Applet - - - - - - - - - - - FILLED RED BLOCKS = OWNED! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test Results AV's can't stop targeted attacks and custom malware. Java-based malware is even tougher to detect. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test Results Most of the antivirus solutions were unable to detect the threat in memory. Remember: antivirus were developed for home and corporate use, not for automation plants. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test results: Infections and detections by malware type www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test results: Detection and Infection rates www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Test results: our final ranking # Antivirus Score F-Secure 2012 1 13 Sophos 7 McAfee Plus 2012 Kaspersky 2012 Avast! Pro 6 Microsoft Security Essentials 2 E-SET NOD32 5 12 3 Panda Pro 2012 11 Norton 2012 4 AVG FREE 2012 9 5 Trend Titanium Maximum Security 8 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Detect behaviours, not patterns Use up-to-date network-based and host-based IDPS Yes, they also use pattern-based signatures but most of them also have behavior detection schemes Some antivirus products are shipped with a Host IDPS to work together. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Whitelisting is better than Blacklisting Photo credit: Codinghorror www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Whitelisting is better than Blacklisting Because you can't relate ALL malicious URLs and/or keywords. Stop your internal dialog! You CAN'T! Get over it :) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Whitelisting is also not bulletproof “No Tools? No Problem! Building a PowerShell Botnet” Christopher “@obscuresec” Campbell at Shmoocon Firetalks 2013 http://bit.ly/150V4fM www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
The defense in depth www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
The defense in depth Firewalls, IDPS, Data Locks, cameras etc diodes Segmentation, VLANs, port-mirrored IDS Whitelisting software, HIDPS, central logging WAFs, strong architechture Photo credit: Sentrillion Encryption and access control www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Network Segmentation The zones and conduits model as proposed by ANSI ISA-99 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Educating Users Promote workshops and “security days” to promote awareness. Your users don't really know the impact of using a 3G modem to check their personal email or Facebook wall. Even less that they can ruin plant's processes by clicking on a link sent by that hot girl he's been chatting for weeks. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Never forget what your users means to your security www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Containing an outbreak www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Finding patient zero www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Finding patient zero You´d better have monitoring! Find hosts that are communicating with ports and hosts that shouldn't, performing unusual network noise. Perform forensic analysis on suspected hosts to confirm infection date. Find the first infection point (Mark Zero). Try to determinate how it happened. Close the hole. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Cleaning by dividing & conquering www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Cleaning by dividing & conquering Isolate clean networks from infected ones. Create a clean copy of the infected network structure. Reinstall infected hosts from known-good backups and place them in the clean network copy to avoid reinfection. Destroy and set fire to infected network. (fire actually not needed). www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments Sophisticated Malware or unknown vulnerabilities (zero-day) easily overcome the protection provides by most antivirus solutions. We can assure that no market anti-virus solution is able to provide complete protection for automation networks. These solutions lead companies to have a "false sense of security". It's absolutely necessary to use complementary controls. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments We recommend the following security practices: Segment your network according to the zones and conduits model as specified by the ANSI/ISA-99 standard. Perform periodic reviews of firewalls and IPS rules that protect automation networks, driven by the best practices. Configure your protection software with customized SCADA signature packages (IT rules are almost useless in automation networks). www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments We recommend the following security practices: Enforce control over any device that is connected to the SCADA network (third party laptops, removable media, modems, etc.). Perform deep inspection of new software before they are installed can increase the security level and prevent infections. Do not allow the use of e-mail and web access from inside the automation network by any means and, where possible, update critical computer security patches according to vendor's recommendation. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments Our experience shows that the disinfection of a contaminated SCADA network is time and resource costly, complex and depends on the cooperation of manufacturers for success, rendering this process slow. We encourage the international community to create a best practices guide for automation network disinfection that will serve as a baseline for companies that are experiencing this problem to regain control over their control networks on a planned and fast way. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Closing Comments Companies should be prepared for the worst and have a contingency plan. It's essential to have automated backup tools installed on servers as well as redundant critical automation network. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
Audience Q&A ??? www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
We can help you! Marcelo.branquinho@tisafe.com Jan.seidl@tisafe.com Rio de Janeiro: +55 (21) 2173-1159 São Paulo: +55 (11) 3040-8656 Twitter: @tisafe Skype: ti-safe Opening first office in Europe Next Q2/2013 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.

Recommandé

[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...
[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...
[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...CODE BLUE
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Techno Solutions
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 

Recommandé

[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...
[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...
[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...CODE BLUE
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration TestingiViZ Techno Solutions
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureKaspersky
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationNetworkCollaborators
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Filip Maertens
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 
Ccie security 01
Ccie security 01Ccie security 01
Ccie security 01Peter Cheong
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO AuthenticationLINE Corporation
 
Clavister Csp Sit Group
Clavister Csp Sit GroupClavister Csp Sit Group
Clavister Csp Sit Grouptwproject
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration TestingAhmed Sherif
 
Rs 232 y rs-485
Rs 232 y rs-485Rs 232 y rs-485
Rs 232 y rs-485Jorge Luis Camarena Berrospi
 
Rs232 485 fundamental
Rs232 485 fundamentalRs232 485 fundamental
Rs232 485 fundamentalrounak077
 

Contenu connexe

Tendances

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationNetworkCollaborators
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Filip Maertens
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO AuthenticationLINE Corporation
 
Clavister Csp Sit Group
Clavister Csp Sit GroupClavister Csp Sit Group
Clavister Csp Sit Grouptwproject
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 

Tendances (19)

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during development
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
 
Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7Cyber Security Lecture at Rah Rah 7
Cyber Security Lecture at Rah Rah 7
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
 
Ccie security 01
Ccie security 01Ccie security 01
Ccie security 01
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
Clavister Csp Sit Group
Clavister Csp Sit GroupClavister Csp Sit Group
Clavister Csp Sit Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
 

En vedette

Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration TestingAhmed Sherif
 
Rs232 485 fundamental
Rs232 485 fundamentalRs232 485 fundamental
Rs232 485 fundamentalrounak077
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale funJan Seidl
 
PPT on Substation Automation through SCADA
PPT on Substation Automation through SCADAPPT on Substation Automation through SCADA
PPT on Substation Automation through SCADAANKIT SURANA
 
Scada and power system automation
Scada and power system automationScada and power system automation
Scada and power system automationShubham Kapoor
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of EverythingCharbel Zeaiter
 

En vedette (9)

Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
 
Rs 232 y rs-485
Rs 232 y rs-485Rs 232 y rs-485
Rs 232 y rs-485
 
Rs232 485 fundamental
Rs232 485 fundamentalRs232 485 fundamental
Rs232 485 fundamental
 
SCADA hacking industrial-scale fun
SCADA hacking industrial-scale funSCADA hacking industrial-scale fun
SCADA hacking industrial-scale fun
 
RS 232
RS 232RS 232
RS 232
 
PPT on Substation Automation through SCADA
PPT on Substation Automation through SCADAPPT on Substation Automation through SCADA
PPT on Substation Automation through SCADA
 
All about scada
All about scadaAll about scada
All about scada
 
Scada and power system automation
Scada and power system automationScada and power system automation
Scada and power system automation
 
The Future of Everything
The Future of EverythingThe Future of Everything
The Future of Everything
 

Similaire à Is antivirus enough to protect industrial networks

IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Svarbiausios ESET technologijos
Svarbiausios ESET technologijosSvarbiausios ESET technologijos
Svarbiausios ESET technologijosBaltimax
 
комплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastкомплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastDiana Frolova
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Kenneth de Brucq
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceIvanti
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company PresentationChaitanyaS
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierCTE Solutions Inc.
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...GARL
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof softwareFabrice Derepas
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554TISA
 
Trend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 ReviewTrend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 Reviewstakro
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 

Similaire à Is antivirus enough to protect industrial networks (20)

IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
Svarbiausios ESET technologijos
Svarbiausios ESET technologijosSvarbiausios ESET technologijos
Svarbiausios ESET technologijos
 
комплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblastкомплексная защита от современных интернет угроз с помощью Check point sandblast
комплексная защита от современных интернет угроз с помощью Check point sandblast
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
 
SecurePass at OpenBrighton
SecurePass at OpenBrightonSecurePass at OpenBrighton
SecurePass at OpenBrighton
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company Presentation
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
 
Build and deploy bulletproof software
Build and deploy bulletproof softwareBuild and deploy bulletproof software
Build and deploy bulletproof software
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
 
Trend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 ReviewTrend Micro Titanium Antivirus 2012 Review
Trend Micro Titanium Antivirus 2012 Review
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 

Plus de TI Safe

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...TI Safe
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...TI Safe
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...TI Safe
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...TI Safe
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...TI Safe
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...TI Safe
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...TI Safe
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...TI Safe
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...TI Safe
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...TI Safe
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...TI Safe
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...TI Safe
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...TI Safe
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...TI Safe
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...TI Safe
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...TI Safe
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...TI Safe
 
Retrospectiva
RetrospectivaRetrospectiva
RetrospectivaTI Safe
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1TI Safe
 

Plus de TI Safe (20)

CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
 
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
 
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor... CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
 
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
 
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
 
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
 
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
 
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
 
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
 
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
 
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
 
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
 
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
 
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
 
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
 
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
 
Retrospectiva
RetrospectivaRetrospectiva
Retrospectiva
 
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
 

Is antivirus enough to protect industrial networks

  • 1. Workshop: Is antivirus an efficient tool for industrial network protection? Marcelo Branquinho & Jan Seidl CEBIT - March of 2013 Hannover, Germany www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 2. Presentors Marcelo Branquinho Jan Seidl marcelo.branquinho@tisafe.com jan.seidl@tisafe.com • CEO at TI Safe. • Technical Coordinator at TI Safe. • Senior member of ISA and committee • Expert in risk analysis in member of ANSI/ISA-99. automation systems. • Researcher in security technologies to • Researcher in the field of malware protect critical infrastructure. engineering. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 3. Follow us! • Twitter: @tisafe • SlideShare: www.slideshare.net/tisafe • Facebook: www.facebook.com/tisafe • Flickr: http://www.flickr.com/photos/tisafe www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 4. You don’t have to copy... http://www.slideshare.net/tisafe www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 5. Workshop Agenda • Malware in automation networks • The is no silver-bullet/turnkey solution • Signature-based detection is almost useless • Bonus: Free tools can also bypass AV • IDPS and Whitelisting • Defense in depth and segmentation • Training and awareness: Educating users • Finding “Patient Zero” and regaining control through “Divide and Conquer” • Closing comments • Audience Q&A www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 6. Malware in SCADA networks www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 7. Vectors of infection • Exploits • Removable media (Pen Drives, External HD) • Shared Networks • External networks (connections with other company´s networks) • 3G networks • Virtual Private Networks (VPNs) • Disgruntled employees • Lack of user’s expertise (click on links and attachments ...) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 8. The “Happy clicker” user I should click here! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 9. Vectors of spreading • Exploits • Removable media (Pen Drives, External HD) • Shared Network Drives • External networks (connections with other company‘s networks) • 3G networks • VPNs www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 10. Possible infection impacts • Unavailability of engineering and supervisory workstations. • Unavailability of control servers. • Unavailability of controllers (PLCs, IEDs, RTUs). • Disruption of control network. • Loss of data. • Intellectual property theft. • Physical damage. • Loss of human lives. • Environmental damage. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 11. Impact www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 12. Documented Incidents in Brazil Incidents # Cases Malware 5 In most cases of contaminations Human error 14 observed in our customers, there Device failure 7 Others 4 was an antivirus solution installed Incidents in Brazil on the infected hosts... … that wasn't able to detect and Picture: Documented industrial incidents in prevent the spread of infection Brazil until December of 2012. throughout the network. Source: TI Safe Knowledge Base. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 13. There is no silver-bullet / turn-key solution :( and there will 'never' be. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 14. Why? Security is a concept not a monolithic solution. Many solutions working together build up security. Don't trust “all-in-one” solutions (UTMs, applications that work in multiple areas, etc.) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 15. Why? You need the best solution for each area. Each vendor has expertise in its own area and probably won't master all of them at the same time. Security is not only for your hosts but also networks and personnel. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 16. Signature-based detection is almost useless www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 17. Why? Signatures are based in known patterns in files. What about unknown threats? Polymorphism isn't something new. A wide variety of malware has its source code available. Anybody can change it, recompile it and... VOILÁ! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 18. Why? Remember: Hackers don't follow patterns! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 19. Why? We tested some free hacking tools against antivirus software from popular vendors... www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 20. Why? … and got some interesting and alarming results. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 21. Antivirus solutions tested • McAfee Antivirus Plus 2012 • F-Secure Antivirus 2012 • Kaspersky Antivirus 2012 • avast! Pro Antivirus 6 • Panda Antivirus Pro 2012 • AVG Anti-Virus FREE 2012 • Trend Titanium Maximum • Sophos Anti-Virus 7 Security 2012 • Microsoft Security Essentials • Norton Antivirus 2012 • E-SET NOD32 Antivirus 5 All antivirus software tested (except for the free ones) were obtained from the websites of All antivirus software tested (except for the free ones) were obtained from the websites of their manufacturers in their 32-bit evaluation version (English). their manufacturers in their 32-bit evaluation version (English). All antivirus solutions were installed on the 'Recommended‘ setting. All antivirus solutions were installed on the 'Recommended‘ setting. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 22. Test Results Matrix Soluções de Antivirus Testadas McAfee Antivirus Plus Kaspersky Antivirus Panda Antivirus Pro Trend Titanium AVG Anti-Virus FREE Microsoft Security Ataques Executados Norton Antivirus 2012 F-Secure Antivirus 2012 avast! Pro Antivirus 6 Sophos Anti-Virus 7 E-SET NOD32 Antivirus 5 2012 2012 2012 Maximum Security 2012 Essentials 1 EICAR EICAR test file EICAR-Test-File EICAR-AV-TEST-FILE Eicar_test_file EICAR Test String Trojan.Generic.6567028 EICAR Test-NOT virus!!! EICAR_Test EICAR-AV-Test DOS/EICAR_Test_File Eicar test file Metasploit EXE Default Template (no a variant of Win32/Rozena.AA 2 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/EncPk-ACE Trojan.Win32/Swrort.A encryption) trojan Metasploit EXE Default Template a variant of Win32/Rozena.AH 3 Swrort.d Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit EXE Notepad Template (no a variant of Win32/Rozena.AA 4 Swrort.f Trojan.Win32.Generic Trj/Genetic.gen - - Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A encryption) trojan Metasploit EXE Notepad Template a variant of Win32/Rozena.AH 5 Swrort.d Trojan.Win32.Generic Trj/Genetic.gen - - Backdoor.Shell.AC Win32:SwPatch Win32/Heur Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit EXE SkypePortable Template a variant of Win32/Rozena.AH 6 Swrort.d Trojan.Win32.Generic - - - Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Metasploit LOOP-VBS Default Template a variant of Win32/Rozena.AA 7 Swrort.f Trojan.Win32.Generic Script Blocked TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (no encryption) trojan Metasploit LOOP-VBS Default Template a variant of Win32/Rozena.AH 8 Swrort.f Trojan.Win32.Generic Script Blocked TROJ_SWRORT.SME Packed.Generic.347 Backdoor.Shell.AC Win32:SwPatch - Mal/Swrort-C Trojan.Win32/Swrort.A (shikata_ga_nai) trojan Trojan.Win32.Genome Win32/ShellcodeRunner.A 9 Shellcodexec Default w/ VBS launcher Generic.tfr!i Trj/CI.A - Trojan.Gen Trojan.Generic.6567028 Win32:Malware-gen Trojan Generic22.KPM Mal/Generic.L - .vrrg trojan TI Safe Modded Shellcodeexec (w/ VBS 10 - - Script Blocked - - - - - - - - launcher) TI Safe Modded Shellcodeexec (Custom 11 - - - - - Backdoor.Shell.AC - Trojan Generic22.SND - Trojan.Win32/Swrort.A - EXE w/ embedded payload) 12 TI Safe Custom Payload Launcher - - - - - - - - Mal/FakeAV-FS - - Bloodhound.Exploit.21 13 Metasploit PDF (adobe_utilprintf) Exploit.PDF.bk.gen Exploit.JS.Pdfka.cil - HEUR_PDFEXP.B Exploit.PDF-JS.Gen JS:Pdfka-gen Script/Exploit Troj/PDFJs-B Trojan.Win32/Swrort.A JS/Exploit.Pdfka.NOO trojan 3 Metasploit PDF 14 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_SWRORT.SME Bloodhound.PDF.24 Exploit.PDF-Dropper.Gen Win32:SwPatch Exploit.PDF Mal/Swrort-C Trojan.Win32/Swrort.A PDF/Exploit.Pidief.PFW trojan (adobe_pdf_embedded_exe) Metasploit PDF 15 Swrort.f Trojan.Win32.Generic Suspicious File TROJ_PIDIEF.SMEO Bloodhound.PDF.24 Exploit.PDF-Dropper.Gen PDF:Launchr-C Exploit Mal/Swrort-C Trojan.Win32/Swrort.A PDF/Exploit.Pidief.PFT trojan (adobe_pdf_embedded_exe_nojs) 16 Metasploit Java Applet - - - - - - - - - - - FILLED RED BLOCKS = OWNED! www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 23. Test Results AV's can't stop targeted attacks and custom malware. Java-based malware is even tougher to detect. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 24. Test Results Most of the antivirus solutions were unable to detect the threat in memory. Remember: antivirus were developed for home and corporate use, not for automation plants. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 25. Test results: Infections and detections by malware type www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 26. Test results: Detection and Infection rates www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 27. Test results: our final ranking # Antivirus Score F-Secure 2012 1 13 Sophos 7 McAfee Plus 2012 Kaspersky 2012 Avast! Pro 6 Microsoft Security Essentials 2 E-SET NOD32 5 12 3 Panda Pro 2012 11 Norton 2012 4 AVG FREE 2012 9 5 Trend Titanium Maximum Security 8 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 28. Detect behaviours, not patterns Use up-to-date network-based and host-based IDPS Yes, they also use pattern-based signatures but most of them also have behavior detection schemes Some antivirus products are shipped with a Host IDPS to work together. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 29. Whitelisting is better than Blacklisting Photo credit: Codinghorror www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 30. Whitelisting is better than Blacklisting Because you can't relate ALL malicious URLs and/or keywords. Stop your internal dialog! You CAN'T! Get over it :) www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 31. Whitelisting is also not bulletproof “No Tools? No Problem! Building a PowerShell Botnet” Christopher “@obscuresec” Campbell at Shmoocon Firetalks 2013 http://bit.ly/150V4fM www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 32. The defense in depth www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 33. The defense in depth Firewalls, IDPS, Data Locks, cameras etc diodes Segmentation, VLANs, port-mirrored IDS Whitelisting software, HIDPS, central logging WAFs, strong architechture Photo credit: Sentrillion Encryption and access control www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 34. Network Segmentation The zones and conduits model as proposed by ANSI ISA-99 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 35. Educating Users Promote workshops and “security days” to promote awareness. Your users don't really know the impact of using a 3G modem to check their personal email or Facebook wall. Even less that they can ruin plant's processes by clicking on a link sent by that hot girl he's been chatting for weeks. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 36. Never forget what your users means to your security www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 37. Containing an outbreak www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 38. Finding patient zero www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 39. Finding patient zero You´d better have monitoring! Find hosts that are communicating with ports and hosts that shouldn't, performing unusual network noise. Perform forensic analysis on suspected hosts to confirm infection date. Find the first infection point (Mark Zero). Try to determinate how it happened. Close the hole. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 40. Cleaning by dividing & conquering www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 41. Cleaning by dividing & conquering Isolate clean networks from infected ones. Create a clean copy of the infected network structure. Reinstall infected hosts from known-good backups and place them in the clean network copy to avoid reinfection. Destroy and set fire to infected network. (fire actually not needed). www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 42. Closing Comments www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 43. Closing Comments Sophisticated Malware or unknown vulnerabilities (zero-day) easily overcome the protection provides by most antivirus solutions. We can assure that no market anti-virus solution is able to provide complete protection for automation networks. These solutions lead companies to have a "false sense of security". It's absolutely necessary to use complementary controls. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 44. Closing Comments We recommend the following security practices: Segment your network according to the zones and conduits model as specified by the ANSI/ISA-99 standard. Perform periodic reviews of firewalls and IPS rules that protect automation networks, driven by the best practices. Configure your protection software with customized SCADA signature packages (IT rules are almost useless in automation networks). www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 45. Closing Comments We recommend the following security practices: Enforce control over any device that is connected to the SCADA network (third party laptops, removable media, modems, etc.). Perform deep inspection of new software before they are installed can increase the security level and prevent infections. Do not allow the use of e-mail and web access from inside the automation network by any means and, where possible, update critical computer security patches according to vendor's recommendation. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 46. Closing Comments Our experience shows that the disinfection of a contaminated SCADA network is time and resource costly, complex and depends on the cooperation of manufacturers for success, rendering this process slow. We encourage the international community to create a best practices guide for automation network disinfection that will serve as a baseline for companies that are experiencing this problem to regain control over their control networks on a planned and fast way. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 47. Closing Comments Companies should be prepared for the worst and have a contingency plan. It's essential to have automated backup tools installed on servers as well as redundant critical automation network. www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 48. Audience Q&A ??? www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.
  • 49. We can help you! Marcelo.branquinho@tisafe.com Jan.seidl@tisafe.com Rio de Janeiro: +55 (21) 2173-1159 São Paulo: +55 (11) 3040-8656 Twitter: @tisafe Skype: ti-safe Opening first office in Europe Next Q2/2013 www.tisafe.com TI Safe Segurança da Informação LTDA, 2007-2008.Todos os direitos reservados.