SlideShare une entreprise Scribd logo

Stopping zero day threats

Zscaler
Zscaler

Companies are struggling to deal with the unstoppable growth of cyber-attacks as hackers get faster, sneakier and more creative. The bad news is - no company is immune, no matter how big or small you are. Without a proper understanding of zero-day threats, companies have no way of exposing the gaps of overhyped security solutions. Zero-day exploit leaves NO opportunity for detection. This presentation will highlight critical insights combating zero-day threats.

Technologie
1  sur  39
Stopping Zero Day Threats Zscaler, Inc.
Defining the “zero-day” (software) threat The term “zero-day” refers to the number of days that the software vendor has known about the hole - ZERO. A security hole in software that is not yet known to the software maker or to Information Security vendors NO PATCH – NO SIGNATURE Code that attackers use to take advantage of a zero-day vulnerability to compromise a system for their benefit DROP - CONTROL - DISABLE Zero-day vulnerability Zero-day exploit
Zero-Day Vulnerability Lifecycle Lifecycle of a zero-day vulnerability New vulnerability discovered “in the wild” Someone informs the vendor about the vulnerability You install patches and update signatures Public is aware of the riskPublic unaware of risk You are safe…You are vulnerable… Patch Gap Most Vulnerable Vendor releases security patches to the public, CVE posted
Kill chain analysis of an advanced threat 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system • Zero-day vulnerabilities • Unpatched vulnerabilities
Example of a zero-day vulnerability ‣ Acrobat Reader - CVE-2014-0512 : Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors ‣ Internet Explorer 9 through 11 Exploit - CVE-2016-0072 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,” ‣ Microsoft Server Service Vulnerability - allowed remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code ‣ Wordpress Cross-Site Scripting Vulnerability - allows attackers to execute arbitrary code or cause a denial of service (memory corruption) ‣ Operation Snowman Exploit - targets IE 10 with Adobe Flash, the vulnerability allows the attacker to modify one byte of memory at an arbitrary address ‣ Microsoft Office - CVE-2016-0052: allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability,"
Sophisticated breaches can go undetected for a long time Data breaches tend to continue for months and even years 18 Days 106 Days 180 Days 246 Days 266 Days
US Office of Personnel Management (OPM) Data Breach - Timeline 2014 2015Jul Aug Sep Oct Nov Dec Jan Initial OPM breach OPM investigates a breach of its computer networks dating back to July 2014. Authorities trace the intrusion to China. Inspector General Report A report by OPM’s Office of the Inspector General on the agency’s compliance with Federal Information Security Management Act finds “significant” deficiencies in the department’s IT security. KeyPoint Initial Detection Feb Mar Apr May Jun KeyPoint, a company that took over background checks for USIS, suffers breach. OPM states that there is “no conclusive evidence to confirm sensitive information was removed from the system.” OPM became aware of an intrusion affecting its systems and data in April 2015 and launched an investigation with its agency partners, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Subsequent Detection OPM became aware of the potential compromise of data related to personnel records for current and former Federal employees Public Disclosure
US OPM Sensitive Personal Information (SPI) Data Breach ‣ Who was affected? • “Current, former, and prospective Federal government employees, and those for whom a Federal background investigation was conducted” • Original est. – 4.2M records, adjusted to 18M ‣ What was stolen? • “Name, SSN, date and place of birth and current and former addresses... could include the type of information you would typically find in a personnel file, such as job assignme nts, training records ‣ Head scratcher • "If there is anyone to blame, it is the perpetrators," OPM Director Katherine Archuleta told members of a Senate panel
Black market White market Gray market Zero-day vulnerabilities = $$$ in the marketplaces • Cybercrime Organizations • Buy and sell exploit code • Goal: break into systems, steal data • Vendor bug bounty programs • Buy and sell vulnerability info • Goal: fix security holes • Military and intelligence agencies • Buy zero-day exploits and vulnerability info • Goal: surveillance and offensive ops
The market for zero-day exploits Forbes: Price List for Zero-Day Exploits – Government Agencies Gray market Black market White market
Zero Day Disclosure - “Rain Forest Puppy” policy • Ethical hackers and researchers often follow the policy and give the vendor five working days to respond • The reporter should help the vendor reproduce the bug • The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for doing so • When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug • If the vendor fails to contact the reporter in those five days, the recommendation is to disclose
Advanced threat trends and behavior
Data Breach Trends • Data breaches are on the rise • 2014-15 saw a significant jump of breaches in the retail and healthcare sectors • Breach disclosure laws have contributed to greater exposure in the mainstream press • There were more identity breach victims, but less money was directly stolen Source: http://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
SecurityAttackersEnterprises Attacks 2006 2016 Why are Advanced Threats so hard to stop? Enterprise security has failed to keep pace with the evolving threat landscape Sedentary Workforce  PCs and laptops  Corporate network  VPN connectivity required for remote employees  Corp. owned devices Dynamic Workforce  Smartphones and tablets  Working from free wifi networks and 3G/4G connections  BYOD Rogue Individuals  Motivated by the challenge  No financial gain Organized Criminals  Well funded  Highly skilled  Criminal organizations  Financial/political gain Loud and Noisy  Server side vulnerabilities  Attacks were obvious and a brief duration  Damage could be costly but easy to clean up Quiet and stealthy  Exploiting client-side vulns and social engineering  Leveraging end users as a catalyst  Goal - data exfiltration • URL filtering • Anti-virus • URL filtering • Anti-virus
Attacks are deeper and more sophisticated than ever before Loading Stage Spam & phishing e-mail Social Networking sites SEO poisoning Compromised websites Malvertising on legitimate sites Landing Stage Identification of client side technologies O/S, browser and plugins versions installed Determine effectiveness of payloads Often requires no user intervention Malware Payload Delivery Anti-VM and Anti-Analysis features Detection of known antivirus drivers Multiple levels of highly obfuscated JavaScript code Dynamic construction of exploit payload URLs only when a vulnerability is found Short lived exploit payload URLs often restricted to one visit per IP address Obfuscated and repackaged exploit/malware payloads
17,412 new advanced threats detected by Zscaler behavioral analysis in just 30 days (Jan 2016) Over 750 billion transactions in one month • 2 billion+ threats blocked • 1,199,188 suspicious objects extracted from traffic and sent to sandboxes • 17,412 new advanced threats detected and blocked for all cloud users simultaneously
Not playing nice in the sandbox 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 50000 Executes massive amount of sleeps in a loop Dropped PE files which have not been started or loaded Contains long sleeps Uploads sensitive system information Checks for kernel debuggers Reads the hosts file Enables driver privileges Queries the volume information Checks free space Looks for software installed Contains strings which match to known bank URLs Requests potentially dangerous permissions Uses a known web browser user agent for HTTP communication Creates mutexes Executes native commands Tries to load missing DLLs Kills processes Tries to detect sandboxes and other dynamic analysis tools Top Malware Behaviors Monitored in Sandbox
Case Study: Chinese APT Group Emissary Panda Chinese APT group “Emissary Panda”, known for stealing Intellectual Property data from target companies Attacks seen on Zscaler Cloud • Investigation started with ABA block on content from a compromised Government site (watering hole) • Attack Chain shows use of Hacking Team’s leaked 0- day exploits • Installs a SSL based Remote Access Trojan (RAT) upon success Multiple Industries Targeted • Energy & Construction • Financial Services Firm • Pharmaceutical More at – research.zscaler.com (Aug ‘15) 210.209.89.162 /rs/ie.html 210.209.89.162 /rs/swfobject.js 210.209.89.162 /rs/out.swf 210.209.89.162 /rs/svchost.exe reis.railnet.gov.in/ APT attack infrastructure Compromised site
Case Study: CryptoWall • Version 3.0 first observed June 2015, version 4.0 Nov 2015 • Binary digitally signed (MDG Advertising) • Uses strong encryption to encrypt all files on HDD, attached devices and network shares • Imagine a domain admin getting infected… • CryptoWall features: • Asymmetric (public-key) encryption to encrypt user documents, making recovery infeasible • Ransom starts at U$500 and increases over time • One file will be decrypted for free… • Ransom collected in bitcoins or as pre-paid cash vouchers / cards • Usage of anonymizing networks like Tor & i2p • New versions even have chat-based support!
Stopping Zero Day Threats
How good are my defenses? Current security controls are not working 93% of organizations had infected computers communicating with C&C servers of malware coming in the network was unknown to antivirus vendors52% 79% of organizations were experiencing data exfiltration Source: KPMG enterprise security, August 2014
Think encryption is going to keep you safe? ‣ SSL traffic is becoming pervasive, but most organizations are blind to it • 40% percent of Internet traffic is now encrypted with SSL, growing to more than 50% in 2016 ‣ The most sophisticated threats are using SSL • 16% of all traffic blocked uses SSL • 54% of advanced threats use SSL ‣ If your policies do not include SSL inspection, all your security tools are half-blind SSL traffic on enterprise networks is growing rapidly & creating security blind spots
Strategies based on alerting are doomed to failure ‣ Alerting allows infections to happen – with no guarantee you’ll notice them ‣ Alerting based strategies lead to SOC overload – which of the 1,000 alerts do you pay attention to? ‣ All threats and violations must be automatically blocked Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It Alert Fatigue
Kill chain analysis of an advanced threat Malicious websites can be blocked – “sometimes” Identify and block outbound data exfiltration Behavioral Analysis can detect malicious behavior By definition, can’t identify zero-day vulnerability Identify and block outbound CnC communications 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system
Best practices for stopping APTs in Internet traffic Defense in depth Inline Antivirus & Anti-spyware Deep Content Inspection Browser and Plugin Vulnerabilities Page-Level Risk Analysis Block Malicious URLs and Files Sandboxing Botnet calls, malicious URLs, data exfiltration, SSL, etc. OUTBOUND TRAFFICINBOUND TRAFFIC Viruses, APTs, Adware, Spyware, Malicious Javascript, Exploits, Malformed Files, XSS, etc Known Threats Unknown ThreatsZero-day threats
Zscaler Advanced Threat Protection Protect – stop infections from happening ‣ Always in-line – can always block ‣ Multiple layers of security with automated in- line SSL inspection ‣ Behavioral analysis for zero day files ‣ File quarantine - first global victim is protected ‣ Instant cloud-wide blocking of new threats ‣ Lock down all ports & protocols with built-in NG firewall
Zscaler Advanced Threat Protection Detect – identify compromised devices ‣ Monitor infection trends ‣ Isolate infected machines ‣ Identify types of attacks ‣ Track users with risky behavior ‣ Show value of the solution to the CxO
Zscaler Advanced Threat Protection Remediate – minimize impact and heal ‣ Stop data exfiltration attempts, including over SSL ‣ Lock down unauthorized ports and protocols ‣ Block botnet CnC communications ‣ Complete visibility, even to cloud applications ‣ Easy to use, detailed forensics ‣ Correlation across users /devices / locations
How Zscaler sandboxing works Block or Allow “known” files: • Malware identified by AV, threat database, or static analysis • Benign files identified by whitelist or file type Unknown files go through Behavioral Analysis : • “Detonate” in a virtual sandbox • Capture and analyze behavior • Identify malware vs benign • Update threat database • Automatically block malware • Automatically pass benign files
Zscaler APT Protection Key Highlights: Behavioral Analysis Report Quarantine – ensures no one gets infected with zero day attack Forensics analysis with key features to make remediation easy: • Screen captures during malware execution • Packet captures for detailed analysis • Detection evading techniques used • Memory and process analysis • Networking level activity
About Zscaler
Backhaul traffic through the data center Slow, complex, & expensive Mobile HQ Remote Offices Too many gateways to buy, deploy & manage Build a perimeter around every office HQ Remote Offices Security appliances: two challenging choices
Exploits APTMalware Public Cloud SaaS Private Cloud Botnets Real-time global visibility (threats, apps, users) Single policy definition point (context) Mobile Employee HQ Remote Offices Full inline inspection (SSL) All ports, all protocols Off Network PAC / Mobile Agent On Network GRE/IPSEC Traffic forwarding Two use cases: Zscaler: putting a perimeter around the Internet So you don’t need to put a perimeter around every office and every device
Web security Advanced threat protection Cloud app visibility & control Cloud Firewall Bandwidth Controls Data loss prevention Context-aware policies Global real-time analytics SSL inspection Threat Correlation Multi-tenant distributed carrier-grade cloud (Peering relationships) Zscaler cloud security platform Cloud Sandbox Purpose-built, integrated services consolidate and simplify the appliance mess
Industry analysts agree… “…on-premises web content security can’t protect digital business…” “…largest global cloud footprint with more than 100 enforcement nodes…”
Zscaler delivers value to all stakeholders CISO: BETTER SECURITY Scan and score every byte (SSL) Always up-to-date Correlation of threat prevention techniques Consistent policies globally Full audit controls- every user, device, & app in all locations CIO/CTO: SIMPLIFICATION No patch management or EOS issues No shipping, staging, updating Checkbox to enable new features No maintenance windows Elastic scale CFO: FASTER ROI Minimize CAPEX investment – no boxes to purchase Reduce OPEX – no boxes to maintain END USER: IMPROVED EXPERIENCE Faster response times Localized Internet content Single admin console Real-time global reports Performance SLA
Consider Three Users… • We must seek security solutions that ensure consistent policy, protection and visibility, regardless of device or location. • Cloud provides the opportunity to level the playing field. Office Coffee Shop Airport Device PC / Laptop Laptop Tablet/ smartphone Protection IDS, IPS, FW, SWG, DLP, etc. Host based AV and firewall Nothing Visibility Location based reporting Nothing Nothing
Next Steps 37 Free Security Health Check Risk free evaluation of your security infrastructure Go to: http://www.zscaler.com/securitypreview Live Product Demos Register here: https://www.zscaler.com/productdemos
Thank you!

Recommandé

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 

Recommandé

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cybersecurity Basics.pptx
Cybersecurity Basics.pptxCybersecurity Basics.pptx
Cybersecurity Basics.pptxLineshiDharamraj1
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 

Contenu connexe

Tendances

Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 

Tendances (20)

Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cybersecurity Basics.pptx
Cybersecurity Basics.pptxCybersecurity Basics.pptx
Cybersecurity Basics.pptx
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 

En vedette

Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 
Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Guinsly Mondesir
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasuresthaidn
 

En vedette (8)

Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
 
spyware
spywarespyware
spyware
 
Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attacks
 
What is a 0 day exploit?
What is a 0 day exploit?What is a 0 day exploit?
What is a 0 day exploit?
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 

Similaire à Stopping zero day threats

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Damir Delija
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial SectorLIFARS
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 

Similaire à Stopping zero day threats (20)

Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
NetWitness
NetWitnessNetWitness
NetWitness
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial Sector
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 

Plus de Zscaler

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinarZscaler
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chZscaler
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly servicesZscaler
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Zscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copyZscaler
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Zscaler
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudZscaler
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trustZscaler
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalZscaler
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experienceZscaler
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsZscaler
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerZscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deploymentZscaler
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud securityZscaler
 

Plus de Zscaler (20)

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

Stopping zero day threats

  • 1. Stopping Zero Day Threats Zscaler, Inc.
  • 2. Defining the “zero-day” (software) threat The term “zero-day” refers to the number of days that the software vendor has known about the hole - ZERO. A security hole in software that is not yet known to the software maker or to Information Security vendors NO PATCH – NO SIGNATURE Code that attackers use to take advantage of a zero-day vulnerability to compromise a system for their benefit DROP - CONTROL - DISABLE Zero-day vulnerability Zero-day exploit
  • 3. Zero-Day Vulnerability Lifecycle Lifecycle of a zero-day vulnerability New vulnerability discovered “in the wild” Someone informs the vendor about the vulnerability You install patches and update signatures Public is aware of the riskPublic unaware of risk You are safe…You are vulnerable… Patch Gap Most Vulnerable Vendor releases security patches to the public, CVE posted
  • 4. Kill chain analysis of an advanced threat 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system • Zero-day vulnerabilities • Unpatched vulnerabilities
  • 5. Example of a zero-day vulnerability ‣ Acrobat Reader - CVE-2014-0512 : Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors ‣ Internet Explorer 9 through 11 Exploit - CVE-2016-0072 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,” ‣ Microsoft Server Service Vulnerability - allowed remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code ‣ Wordpress Cross-Site Scripting Vulnerability - allows attackers to execute arbitrary code or cause a denial of service (memory corruption) ‣ Operation Snowman Exploit - targets IE 10 with Adobe Flash, the vulnerability allows the attacker to modify one byte of memory at an arbitrary address ‣ Microsoft Office - CVE-2016-0052: allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability,"
  • 6. Sophisticated breaches can go undetected for a long time Data breaches tend to continue for months and even years 18 Days 106 Days 180 Days 246 Days 266 Days
  • 7. US Office of Personnel Management (OPM) Data Breach - Timeline 2014 2015Jul Aug Sep Oct Nov Dec Jan Initial OPM breach OPM investigates a breach of its computer networks dating back to July 2014. Authorities trace the intrusion to China. Inspector General Report A report by OPM’s Office of the Inspector General on the agency’s compliance with Federal Information Security Management Act finds “significant” deficiencies in the department’s IT security. KeyPoint Initial Detection Feb Mar Apr May Jun KeyPoint, a company that took over background checks for USIS, suffers breach. OPM states that there is “no conclusive evidence to confirm sensitive information was removed from the system.” OPM became aware of an intrusion affecting its systems and data in April 2015 and launched an investigation with its agency partners, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Subsequent Detection OPM became aware of the potential compromise of data related to personnel records for current and former Federal employees Public Disclosure
  • 8. US OPM Sensitive Personal Information (SPI) Data Breach ‣ Who was affected? • “Current, former, and prospective Federal government employees, and those for whom a Federal background investigation was conducted” • Original est. – 4.2M records, adjusted to 18M ‣ What was stolen? • “Name, SSN, date and place of birth and current and former addresses... could include the type of information you would typically find in a personnel file, such as job assignme nts, training records ‣ Head scratcher • "If there is anyone to blame, it is the perpetrators," OPM Director Katherine Archuleta told members of a Senate panel
  • 9. Black market White market Gray market Zero-day vulnerabilities = $$$ in the marketplaces • Cybercrime Organizations • Buy and sell exploit code • Goal: break into systems, steal data • Vendor bug bounty programs • Buy and sell vulnerability info • Goal: fix security holes • Military and intelligence agencies • Buy zero-day exploits and vulnerability info • Goal: surveillance and offensive ops
  • 10. The market for zero-day exploits Forbes: Price List for Zero-Day Exploits – Government Agencies Gray market Black market White market
  • 11. Zero Day Disclosure - “Rain Forest Puppy” policy • Ethical hackers and researchers often follow the policy and give the vendor five working days to respond • The reporter should help the vendor reproduce the bug • The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for doing so • When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug • If the vendor fails to contact the reporter in those five days, the recommendation is to disclose
  • 12. Advanced threat trends and behavior
  • 13. Data Breach Trends • Data breaches are on the rise • 2014-15 saw a significant jump of breaches in the retail and healthcare sectors • Breach disclosure laws have contributed to greater exposure in the mainstream press • There were more identity breach victims, but less money was directly stolen Source: http://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
  • 14. SecurityAttackersEnterprises Attacks 2006 2016 Why are Advanced Threats so hard to stop? Enterprise security has failed to keep pace with the evolving threat landscape Sedentary Workforce  PCs and laptops  Corporate network  VPN connectivity required for remote employees  Corp. owned devices Dynamic Workforce  Smartphones and tablets  Working from free wifi networks and 3G/4G connections  BYOD Rogue Individuals  Motivated by the challenge  No financial gain Organized Criminals  Well funded  Highly skilled  Criminal organizations  Financial/political gain Loud and Noisy  Server side vulnerabilities  Attacks were obvious and a brief duration  Damage could be costly but easy to clean up Quiet and stealthy  Exploiting client-side vulns and social engineering  Leveraging end users as a catalyst  Goal - data exfiltration • URL filtering • Anti-virus • URL filtering • Anti-virus
  • 15. Attacks are deeper and more sophisticated than ever before Loading Stage Spam & phishing e-mail Social Networking sites SEO poisoning Compromised websites Malvertising on legitimate sites Landing Stage Identification of client side technologies O/S, browser and plugins versions installed Determine effectiveness of payloads Often requires no user intervention Malware Payload Delivery Anti-VM and Anti-Analysis features Detection of known antivirus drivers Multiple levels of highly obfuscated JavaScript code Dynamic construction of exploit payload URLs only when a vulnerability is found Short lived exploit payload URLs often restricted to one visit per IP address Obfuscated and repackaged exploit/malware payloads
  • 16. 17,412 new advanced threats detected by Zscaler behavioral analysis in just 30 days (Jan 2016) Over 750 billion transactions in one month • 2 billion+ threats blocked • 1,199,188 suspicious objects extracted from traffic and sent to sandboxes • 17,412 new advanced threats detected and blocked for all cloud users simultaneously
  • 17. Not playing nice in the sandbox 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 50000 Executes massive amount of sleeps in a loop Dropped PE files which have not been started or loaded Contains long sleeps Uploads sensitive system information Checks for kernel debuggers Reads the hosts file Enables driver privileges Queries the volume information Checks free space Looks for software installed Contains strings which match to known bank URLs Requests potentially dangerous permissions Uses a known web browser user agent for HTTP communication Creates mutexes Executes native commands Tries to load missing DLLs Kills processes Tries to detect sandboxes and other dynamic analysis tools Top Malware Behaviors Monitored in Sandbox
  • 18. Case Study: Chinese APT Group Emissary Panda Chinese APT group “Emissary Panda”, known for stealing Intellectual Property data from target companies Attacks seen on Zscaler Cloud • Investigation started with ABA block on content from a compromised Government site (watering hole) • Attack Chain shows use of Hacking Team’s leaked 0- day exploits • Installs a SSL based Remote Access Trojan (RAT) upon success Multiple Industries Targeted • Energy & Construction • Financial Services Firm • Pharmaceutical More at – research.zscaler.com (Aug ‘15) 210.209.89.162 /rs/ie.html 210.209.89.162 /rs/swfobject.js 210.209.89.162 /rs/out.swf 210.209.89.162 /rs/svchost.exe reis.railnet.gov.in/ APT attack infrastructure Compromised site
  • 19. Case Study: CryptoWall • Version 3.0 first observed June 2015, version 4.0 Nov 2015 • Binary digitally signed (MDG Advertising) • Uses strong encryption to encrypt all files on HDD, attached devices and network shares • Imagine a domain admin getting infected… • CryptoWall features: • Asymmetric (public-key) encryption to encrypt user documents, making recovery infeasible • Ransom starts at U$500 and increases over time • One file will be decrypted for free… • Ransom collected in bitcoins or as pre-paid cash vouchers / cards • Usage of anonymizing networks like Tor & i2p • New versions even have chat-based support!
  • 20. Stopping Zero Day Threats
  • 21. How good are my defenses? Current security controls are not working 93% of organizations had infected computers communicating with C&C servers of malware coming in the network was unknown to antivirus vendors52% 79% of organizations were experiencing data exfiltration Source: KPMG enterprise security, August 2014
  • 22. Think encryption is going to keep you safe? ‣ SSL traffic is becoming pervasive, but most organizations are blind to it • 40% percent of Internet traffic is now encrypted with SSL, growing to more than 50% in 2016 ‣ The most sophisticated threats are using SSL • 16% of all traffic blocked uses SSL • 54% of advanced threats use SSL ‣ If your policies do not include SSL inspection, all your security tools are half-blind SSL traffic on enterprise networks is growing rapidly & creating security blind spots
  • 23. Strategies based on alerting are doomed to failure ‣ Alerting allows infections to happen – with no guarantee you’ll notice them ‣ Alerting based strategies lead to SOC overload – which of the 1,000 alerts do you pay attention to? ‣ All threats and violations must be automatically blocked Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It Alert Fatigue
  • 24. Kill chain analysis of an advanced threat Malicious websites can be blocked – “sometimes” Identify and block outbound data exfiltration Behavioral Analysis can detect malicious behavior By definition, can’t identify zero-day vulnerability Identify and block outbound CnC communications 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system
  • 25. Best practices for stopping APTs in Internet traffic Defense in depth Inline Antivirus & Anti-spyware Deep Content Inspection Browser and Plugin Vulnerabilities Page-Level Risk Analysis Block Malicious URLs and Files Sandboxing Botnet calls, malicious URLs, data exfiltration, SSL, etc. OUTBOUND TRAFFICINBOUND TRAFFIC Viruses, APTs, Adware, Spyware, Malicious Javascript, Exploits, Malformed Files, XSS, etc Known Threats Unknown ThreatsZero-day threats
  • 26. Zscaler Advanced Threat Protection Protect – stop infections from happening ‣ Always in-line – can always block ‣ Multiple layers of security with automated in- line SSL inspection ‣ Behavioral analysis for zero day files ‣ File quarantine - first global victim is protected ‣ Instant cloud-wide blocking of new threats ‣ Lock down all ports & protocols with built-in NG firewall
  • 27. Zscaler Advanced Threat Protection Detect – identify compromised devices ‣ Monitor infection trends ‣ Isolate infected machines ‣ Identify types of attacks ‣ Track users with risky behavior ‣ Show value of the solution to the CxO
  • 28. Zscaler Advanced Threat Protection Remediate – minimize impact and heal ‣ Stop data exfiltration attempts, including over SSL ‣ Lock down unauthorized ports and protocols ‣ Block botnet CnC communications ‣ Complete visibility, even to cloud applications ‣ Easy to use, detailed forensics ‣ Correlation across users /devices / locations
  • 29. How Zscaler sandboxing works Block or Allow “known” files: • Malware identified by AV, threat database, or static analysis • Benign files identified by whitelist or file type Unknown files go through Behavioral Analysis : • “Detonate” in a virtual sandbox • Capture and analyze behavior • Identify malware vs benign • Update threat database • Automatically block malware • Automatically pass benign files
  • 30. Zscaler APT Protection Key Highlights: Behavioral Analysis Report Quarantine – ensures no one gets infected with zero day attack Forensics analysis with key features to make remediation easy: • Screen captures during malware execution • Packet captures for detailed analysis • Detection evading techniques used • Memory and process analysis • Networking level activity
  • 32. Backhaul traffic through the data center Slow, complex, & expensive Mobile HQ Remote Offices Too many gateways to buy, deploy & manage Build a perimeter around every office HQ Remote Offices Security appliances: two challenging choices
  • 33. Exploits APTMalware Public Cloud SaaS Private Cloud Botnets Real-time global visibility (threats, apps, users) Single policy definition point (context) Mobile Employee HQ Remote Offices Full inline inspection (SSL) All ports, all protocols Off Network PAC / Mobile Agent On Network GRE/IPSEC Traffic forwarding Two use cases: Zscaler: putting a perimeter around the Internet So you don’t need to put a perimeter around every office and every device
  • 34. Web security Advanced threat protection Cloud app visibility & control Cloud Firewall Bandwidth Controls Data loss prevention Context-aware policies Global real-time analytics SSL inspection Threat Correlation Multi-tenant distributed carrier-grade cloud (Peering relationships) Zscaler cloud security platform Cloud Sandbox Purpose-built, integrated services consolidate and simplify the appliance mess
  • 35. Industry analysts agree… “…on-premises web content security can’t protect digital business…” “…largest global cloud footprint with more than 100 enforcement nodes…”
  • 36. Zscaler delivers value to all stakeholders CISO: BETTER SECURITY Scan and score every byte (SSL) Always up-to-date Correlation of threat prevention techniques Consistent policies globally Full audit controls- every user, device, & app in all locations CIO/CTO: SIMPLIFICATION No patch management or EOS issues No shipping, staging, updating Checkbox to enable new features No maintenance windows Elastic scale CFO: FASTER ROI Minimize CAPEX investment – no boxes to purchase Reduce OPEX – no boxes to maintain END USER: IMPROVED EXPERIENCE Faster response times Localized Internet content Single admin console Real-time global reports Performance SLA
  • 37. Consider Three Users… • We must seek security solutions that ensure consistent policy, protection and visibility, regardless of device or location. • Cloud provides the opportunity to level the playing field. Office Coffee Shop Airport Device PC / Laptop Laptop Tablet/ smartphone Protection IDS, IPS, FW, SWG, DLP, etc. Host based AV and firewall Nothing Visibility Location based reporting Nothing Nothing
  • 38. Next Steps 37 Free Security Health Check Risk free evaluation of your security infrastructure Go to: http://www.zscaler.com/securitypreview Live Product Demos Register here: https://www.zscaler.com/productdemos