SlideShare une entreprise Scribd logo

Hvordan stopper du CryptoLocker?

Télécharger en tant que PPTX, PDF
S
Steinar Aandal-Vanger

Her kan du finne ut hvordan du kan hindre filene dine fra å bli kryptert av kriminelle.

Technologie
1  sur  38
Traps VS. Cryptolocker Steinar Aandal-Vanger Westcon Security
Hvem er vi? Steinar Aandal-Vanger Jobbet med Palo Alto Networks siden 2009 Palo Alto Networks instruktør Holdt Palo Alto kurs de siste 5 årene i Norge og på Island Har jobbet med it-sikkerhetsprodukter siden 1999, herunder Ironport, Check Point, Juniper, RSA Security, TippingPoint, SourceFire...m.fl. Westcon Security - distributør av it-sikkerhetsprodukter i Norge - Palo Alto Networks - Juniper - F5 - Arbor, Infoblox, HP Enterprise m.fl. 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. WestconSecurity
Agenda • Traps – Advanced Endpoint protection • Ransomware • Traps; Exploit and Malware prevention • Prevention Stages
Is Real-Time, Automatic Prevention of Attacks that Exploit Unknown and Zero-Day Vulnerabilities Possible? 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection WildFire Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Traps Prevention Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV
Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV “Next Gen” Anti-Malware Solutions Signature-based AV Palo Alto Networks Traps
1: Infect System with Malware 2: Restrict Access to System/Data 3: Profit! Ransomware, Cryptolocker etc…
User visits compromised website Exploit Kit silently exploits client-side vulnerability System infected, attacker has full access to steal data Drive-by download of malicious payload Via Website
Backdoor Trojan Exploit Document Backdoor Access Spear Phishing Email Attacker Target Via eMail
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
The 3 Core Capabilities of Advanced Endpoint Protection 1. Prevents Exploits Including unknown & zero-day exploits
The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware
The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware 3. Highly-Scalable, Integrated Security Platform For data exchange & cross-organization protection
Prevent Exploits Number of New Variants Each Year Individual Attacks Software Vulnerability Exploits +10,000s Core Techniques Exploitation Techniques < 3 *Source: CVEDetails.com Block the Core Techniques – Not the Individual Attacks
Exploit technique prevention 21 | ©2013, Palo Alto Networks. Confidential and Proprietary. A document is opened by user Traps engines seamlessly inject traps to the software that opens the file Process is protected. Traps perform NO scanning and NO monitoring CPU <0.1% In case of exploitation attempt, the exploit hits a “trap” and fails before any malicious activity initiation Attack is blocked before any malicious activity initiation Safe! Process is terminated Forensic data is collected Useradmin is notified Traps triggers immediate actions
Exploit Techniques - Example Begin Malicious Activity Normal Application Execution Heap Spray ROP Utilizing OS Function Gaps Are Vulnerabilities  Activate key logger  Steal critical data  More… Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
Exploit Techniques Normal Application Execution Heap Spray Traps EPM No Malicious Activity Exploit Attack Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
Exploit Techniques - Unknown Technique Normal Application Execution Unknown Exploit Technique ROP No Malicious Activity Traps EPM Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory. Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 2. If there is a new technique it will succeed but the next one will be blocked, still preventing malicious activity.
Exploit Prevention Case Study Unknown Exploits Utilize Known Techniques DLL Security IE Zero Day CVE-2013-3893 Heap Spray DEP Circumvention UASLR ROP/Utilizing OS Function ROP Mitigation/ DLL Security Adobe Reader CVE-2013-3346 Heap Spray Memory Limit Heap Spray Check and Shellcode Preallocation DEP Circumvention UASLR Utilizing OS Function DLL Security Adobe Flash CVE-2015- 3010/0311 ROP ROP Mitigation JiT Spray J01 Utilizing OS Function DLL Security Memory Limit Heap Spray Check
Prevent Malicious Executables Advanced Execution Control Reduce surface area of attack. Control execution scenarios based on file location, device, child processes, unsigned executables. Local hash control allows for granular system hardening. Dynamic analysis with cloud- based threat intelligence. WildFire Inspection and Analysis Prevent unknown malware with technique-based mitigation. (Example: Thread Injection) Malware Techniques Mitigation
The Right Way to Prevent Malicious Executables User Tries to Open Executable File Restrictions And Executable Rules HASH Checked Against WildFire Malware Technique Prevention Employed WildFire ESM Forensics Collected Unknown? E X E Benign Malicious Examples Examples Child Process? Thread Injection? Restricted Folder or Device? Create Suspend? Execution Stopped Safe!
Utilization of OS functions JIT Heap Spray Child Process Suspend Guard Unsigned Executable Restricted Location Admin Pre-Set Verdicts Wildfire Known Verdict On Demand Inspection Injection Attempts Blockage Traps Malware Protection Example: CryptoLocker Traps Kill-Points Through the Attack Life Cycle Delivery Exploitation Download and Execute Execution Restriction 1 Execution Restriction 2 Execution Restriction 3 Local Verdict Check Wildfire Verdict Check Wildfire Inspection Malicious Thread Injection Intelligence and Emulation Traps Exploit Protection Advanced Execution Control Malicious Behavior Protection Memory Corruption Logic Flaws 4 5 6 78 9 10 Exploitation Technique 1 Exploitation Technique 2 Exploitation Technique 3 1 2 3
Exploit Prevention Notification
End User Alert Wildfire
End User Alert Unsigned Execution
End User Alert Suspend Guard
Traps Prevention Screen on ESM Console.
Traps System Requirements, Footprint, and Coverage Supported Operating Systems Footprint Workstations – Physical and Virtual  Windows XP SP3  Windows Vista SP2  Windows 7  Windows 8 / 8.1  Windows 10 Servers – Physical and Virtual  Windows Server 2003 32 bit  Windows Server 2008 (+R2)  Windows Server 2012 (+R2)  25 MB RAM  0.1% CPU  No Scanning Application Coverage  Default Policy: 100+ processes  Automatically detects new processes  Can extend protection to any application, including in-house developed apps.
Highly-Scalable, Integrated Security Platform Architecture  Scalability  Ease of security administration Operational Capabilities  Footprint  Performance Impact Platform Coverage  Physical systems  Virtual systems Threat Intelligence  Integrated threat intelligence  Threat data sharing
Traps Benefits Prevent Zero Day Vulnerabilities and Unknown Malware Install Patches on Your Own Schedule Protect ANY Application From Exploits Minimal Performance Impact Save Time and Money Signature-less No Frequent Updates Network and Cloud integration
Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
Neste steg 40 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ultimate Test Drive (UTD) Du få praktisk erfaring i bruk av TRAPS i en gruppe på 6-10 personer. Vår instruktør guider deg gjennom ulike konfigurasjonseksempler. Demo i eget nettverk. Hvis du allerede er overbevist om at TRAPS kan være riktig for deg, kan vi komme til deg og installere en live test i ditt eget nettverk. Begge aktiviteter er kostnadsfrie. Ta kontakt på webinar.no@westcon.com for mer informasjon. Legg til Subject: "Jeg vil være med på kostnadsfri UTD" Legg til Subject: "Jeg vil ha kostnadsfri TRAPS-demo i eget nettverk."
Thank you Steinar Aandal-Vanger Westcon Security 47 9189 8832

Recommandé

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-securityVamsee Krishna Kiran
 

Recommandé

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)Network Intelligence India
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-securityVamsee Krishna Kiran
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyYhal Htet Aung
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar sasikalaD3
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Prottを支えるチームと技術
Prottを支えるチームと技術Prottを支えるチームと技術
Prottを支えるチームと技術Sadaaki HIRAI
 
Bus_Rationale[1]
Bus_Rationale[1]Bus_Rationale[1]
Bus_Rationale[1]Pedro L. Gonz
 

Contenu connexe

Tendances

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyYhal Htet Aung
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar sasikalaD3
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 

Tendances (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of service
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 

En vedette

Prottを支えるチームと技術
Prottを支えるチームと技術Prottを支えるチームと技術
Prottを支えるチームと技術Sadaaki HIRAI
 
IFES Presentation
IFES PresentationIFES Presentation
IFES PresentationAhmedHBK
 
HW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowresHW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowresChristopher Kotz
 
Sketch速習会@Wantedly
Sketch速習会@WantedlySketch速習会@Wantedly
Sketch速習会@Wantedly龍 宇佐美
 
юля плющ презентація
юля плющ презентаціяюля плющ презентація
юля плющ презентаціяjuliaplusch
 
20161125 awsサービスアップデート
20161125 awsサービスアップデート20161125 awsサービスアップデート
20161125 awsサービスアップデートGenta Watanabe
 
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016Shuichi Tsutsumi
 
負荷試験入門公開資料 201611
負荷試験入門公開資料 201611負荷試験入門公開資料 201611
負荷試験入門公開資料 201611樽八 仲川
 
Portfolio Doc - The Goons
Portfolio Doc - The GoonsPortfolio Doc - The Goons
Portfolio Doc - The GoonsKeelan Filtness
 

En vedette (14)

Prottを支えるチームと技術
Prottを支えるチームと技術Prottを支えるチームと技術
Prottを支えるチームと技術
 
Bus_Rationale[1]
Bus_Rationale[1]Bus_Rationale[1]
Bus_Rationale[1]
 
Reyes Review R5
Reyes Review R5Reyes Review R5
Reyes Review R5
 
IFES Presentation
IFES PresentationIFES Presentation
IFES Presentation
 
HW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowresHW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowres
 
Edward Deming the Forch
Edward Deming the ForchEdward Deming the Forch
Edward Deming the Forch
 
Sketch速習会@Wantedly
Sketch速習会@WantedlySketch速習会@Wantedly
Sketch速習会@Wantedly
 
Top JavaScript Frameworks Compared
Top JavaScript Frameworks ComparedTop JavaScript Frameworks Compared
Top JavaScript Frameworks Compared
 
юля плющ презентація
юля плющ презентаціяюля плющ презентація
юля плющ презентація
 
20161125 awsサービスアップデート
20161125 awsサービスアップデート20161125 awsサービスアップデート
20161125 awsサービスアップデート
 
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
 
School life
School lifeSchool life
School life
 
負荷試験入門公開資料 201611
負荷試験入門公開資料 201611負荷試験入門公開資料 201611
負荷試験入門公開資料 201611
 
Portfolio Doc - The Goons
Portfolio Doc - The GoonsPortfolio Doc - The Goons
Portfolio Doc - The Goons
 

Similaire à Hvordan stopper du CryptoLocker?

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smartKanha Sahu
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityLumension
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfuzair
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work GuideEduardo Chavarro
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitPR Americas
 
Certified network defenders
Certified network defendersCertified network defenders
Certified network defenderscraw Security
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 

Similaire à Hvordan stopper du CryptoLocker? (20)

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibility
 
What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdf
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Computer security
Computer securityComputer security
Computer security
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
Certified network defenders
Certified network defendersCertified network defenders
Certified network defenders
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Hvordan stopper du CryptoLocker?

  • 2. Hvem er vi? Steinar Aandal-Vanger Jobbet med Palo Alto Networks siden 2009 Palo Alto Networks instruktør Holdt Palo Alto kurs de siste 5 årene i Norge og på Island Har jobbet med it-sikkerhetsprodukter siden 1999, herunder Ironport, Check Point, Juniper, RSA Security, TippingPoint, SourceFire...m.fl. Westcon Security - distributør av it-sikkerhetsprodukter i Norge - Palo Alto Networks - Juniper - F5 - Arbor, Infoblox, HP Enterprise m.fl. 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. WestconSecurity
  • 3. Agenda • Traps – Advanced Endpoint protection • Ransomware • Traps; Exploit and Malware prevention • Prevention Stages
  • 4. Is Real-Time, Automatic Prevention of Attacks that Exploit Unknown and Zero-Day Vulnerabilities Possible? 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
  • 5. Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection WildFire Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
  • 6. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data
  • 7. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
  • 8. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Traps Prevention Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
  • 9. Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV
  • 10. Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV “Next Gen” Anti-Malware Solutions Signature-based AV Palo Alto Networks Traps
  • 11. 1: Infect System with Malware 2: Restrict Access to System/Data 3: Profit! Ransomware, Cryptolocker etc…
  • 12. User visits compromised website Exploit Kit silently exploits client-side vulnerability System infected, attacker has full access to steal data Drive-by download of malicious payload Via Website
  • 13. Backdoor Trojan Exploit Document Backdoor Access Spear Phishing Email Attacker Target Via eMail
  • 14. 15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
  • 15.
  • 16. The 3 Core Capabilities of Advanced Endpoint Protection 1. Prevents Exploits Including unknown & zero-day exploits
  • 17. The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware
  • 18. The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware 3. Highly-Scalable, Integrated Security Platform For data exchange & cross-organization protection
  • 19. Prevent Exploits Number of New Variants Each Year Individual Attacks Software Vulnerability Exploits +10,000s Core Techniques Exploitation Techniques < 3 *Source: CVEDetails.com Block the Core Techniques – Not the Individual Attacks
  • 20. Exploit technique prevention 21 | ©2013, Palo Alto Networks. Confidential and Proprietary. A document is opened by user Traps engines seamlessly inject traps to the software that opens the file Process is protected. Traps perform NO scanning and NO monitoring CPU <0.1% In case of exploitation attempt, the exploit hits a “trap” and fails before any malicious activity initiation Attack is blocked before any malicious activity initiation Safe! Process is terminated Forensic data is collected Useradmin is notified Traps triggers immediate actions
  • 21. Exploit Techniques - Example Begin Malicious Activity Normal Application Execution Heap Spray ROP Utilizing OS Function Gaps Are Vulnerabilities  Activate key logger  Steal critical data  More… Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
  • 22. Exploit Techniques Normal Application Execution Heap Spray Traps EPM No Malicious Activity Exploit Attack Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
  • 23. Exploit Techniques - Unknown Technique Normal Application Execution Unknown Exploit Technique ROP No Malicious Activity Traps EPM Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory. Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 2. If there is a new technique it will succeed but the next one will be blocked, still preventing malicious activity.
  • 24. Exploit Prevention Case Study Unknown Exploits Utilize Known Techniques DLL Security IE Zero Day CVE-2013-3893 Heap Spray DEP Circumvention UASLR ROP/Utilizing OS Function ROP Mitigation/ DLL Security Adobe Reader CVE-2013-3346 Heap Spray Memory Limit Heap Spray Check and Shellcode Preallocation DEP Circumvention UASLR Utilizing OS Function DLL Security Adobe Flash CVE-2015- 3010/0311 ROP ROP Mitigation JiT Spray J01 Utilizing OS Function DLL Security Memory Limit Heap Spray Check
  • 25. Prevent Malicious Executables Advanced Execution Control Reduce surface area of attack. Control execution scenarios based on file location, device, child processes, unsigned executables. Local hash control allows for granular system hardening. Dynamic analysis with cloud- based threat intelligence. WildFire Inspection and Analysis Prevent unknown malware with technique-based mitigation. (Example: Thread Injection) Malware Techniques Mitigation
  • 26. The Right Way to Prevent Malicious Executables User Tries to Open Executable File Restrictions And Executable Rules HASH Checked Against WildFire Malware Technique Prevention Employed WildFire ESM Forensics Collected Unknown? E X E Benign Malicious Examples Examples Child Process? Thread Injection? Restricted Folder or Device? Create Suspend? Execution Stopped Safe!
  • 27. Utilization of OS functions JIT Heap Spray Child Process Suspend Guard Unsigned Executable Restricted Location Admin Pre-Set Verdicts Wildfire Known Verdict On Demand Inspection Injection Attempts Blockage Traps Malware Protection Example: CryptoLocker Traps Kill-Points Through the Attack Life Cycle Delivery Exploitation Download and Execute Execution Restriction 1 Execution Restriction 2 Execution Restriction 3 Local Verdict Check Wildfire Verdict Check Wildfire Inspection Malicious Thread Injection Intelligence and Emulation Traps Exploit Protection Advanced Execution Control Malicious Behavior Protection Memory Corruption Logic Flaws 4 5 6 78 9 10 Exploitation Technique 1 Exploitation Technique 2 Exploitation Technique 3 1 2 3
  • 29. End User Alert Wildfire
  • 30. End User Alert Unsigned Execution
  • 31. End User Alert Suspend Guard
  • 32. Traps Prevention Screen on ESM Console.
  • 33. Traps System Requirements, Footprint, and Coverage Supported Operating Systems Footprint Workstations – Physical and Virtual  Windows XP SP3  Windows Vista SP2  Windows 7  Windows 8 / 8.1  Windows 10 Servers – Physical and Virtual  Windows Server 2003 32 bit  Windows Server 2008 (+R2)  Windows Server 2012 (+R2)  25 MB RAM  0.1% CPU  No Scanning Application Coverage  Default Policy: 100+ processes  Automatically detects new processes  Can extend protection to any application, including in-house developed apps.
  • 34. Highly-Scalable, Integrated Security Platform Architecture  Scalability  Ease of security administration Operational Capabilities  Footprint  Performance Impact Platform Coverage  Physical systems  Virtual systems Threat Intelligence  Integrated threat intelligence  Threat data sharing
  • 35. Traps Benefits Prevent Zero Day Vulnerabilities and Unknown Malware Install Patches on Your Own Schedule Protect ANY Application From Exploits Minimal Performance Impact Save Time and Money Signature-less No Frequent Updates Network and Cloud integration
  • 36. Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
  • 37. Neste steg 40 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ultimate Test Drive (UTD) Du få praktisk erfaring i bruk av TRAPS i en gruppe på 6-10 personer. Vår instruktør guider deg gjennom ulike konfigurasjonseksempler. Demo i eget nettverk. Hvis du allerede er overbevist om at TRAPS kan være riktig for deg, kan vi komme til deg og installere en live test i ditt eget nettverk. Begge aktiviteter er kostnadsfrie. Ta kontakt på webinar.no@westcon.com for mer informasjon. Legg til Subject: "Jeg vil være med på kostnadsfri UTD" Legg til Subject: "Jeg vil ha kostnadsfri TRAPS-demo i eget nettverk."