1.
Imunify360 Webinar
Jan 11, 2016

2.
Hosting Industry Survey revealed...
13%
19%
25%
28%
37%
45%
48%
49%
53%
61%
67%
DNS Poisoning
Information disclosure
Privilege escalation
XSS attacks and similar
Comment SPAM
Website Defacement
Code/SQL Injections
Brute force attacks
Remote exploit
Malware infection
DoS/DDoS
Over 60% reported customers worry about
security. Top reported issues:

3.
The state of security in
hosting
 Distributed attacks are on the rise
○ Not only DDoS
○ Distributed brute force attacks
○ Distributed port scans
○ Distributed OS & Application
fingerprinting
○ Distributed vulnerability scans

4.
 Existing tools are not capable to
handle
○ Single server
○ Dumb
• No history
• No behavior analytics
• No heuristics
The state of security in
hosting

5.
 Too many sources of incidents
 Too many decisions to make
 No way to correlate
Too many decisions to make

6.
 Centralized dashboard
 Herd protection
 Sandboxing
 Heuristics
 Machine learning
 All that without re-inventing the wheel
Imunify360

7.
 Firewall ‒ Herd immunity
○ Machine learning
○ 17K+ IPs blocked
automatically
○ Large # of honeypots
○ Better immunity with each
additional server
Protection Vectors ‒ Firewall

8.
 Reduce false positive
○ Use captcha to automatically unblock
○ Train AI to reduce false positives...
Firewall ‒ Protection Layers

9.
 OSSEC for IDS
o ML to decrease false positives
IDS

10.
 Very popular
 More features than Imunify360
 Huge expertise
We will integrate it into Imunify360
Best of both words:
 Same herd immunity
 Same captcha / training
 Same CSF flexibility
Firewall ‒ CSF

11.
 Mod_security
○ OWASP
○ Comodo
○ Atomic
 Herd immunity → Feeds into
correlation engine → firewall
○ Machine learning
○ Most attacks will not reach WAF, will be
blocked at firewall
WAF ‒ Protection Layers

12.
 Maldet protection scanning
○ Automated scans
○ On upload scans
• PHP
o Attack IP detection (ext attributes)
• FTP
• SSH
○ Backup integration / automated
recovery of infected files
Malware scanning ‒
Protection Vectors

13.
 Patch management
○ KernelCare
• Kernel
• OpenSSL (soon)
• GLIBC (soon)
○ HardenedPHP
○ Security configuration / RPM
version scans
Patch Management ‒
Protection Layers

14.
 Covered by WAF
 Covered by Softaculous
 Covered by Patchman
 Main issues:
o plugins, not web apps
o 0-day vulnerabilities
Outdated web apps?
Reliance on knowing more than attacker

15.
Limit what webapps can do:
 Today webapps can do whatever unprivileged linux user can do
○ Does wordpress need to be able same things as strange, gcc or name server?
○ Filter/limit syscalls available
○ Filter/limit filesystem operations/access
Protection layer ‒ Sandboxing
Different approach
No 0-day privilege escalations
No turning a web app into a ‘bot’ part of the botnet.

16.
 AV vendors know that signatures
don’t work
 Sandboxing & heuristics used on
desktop for 10+ years
 Not used on web servers
 Huge improvement in server
security
Sandboxing ‒ because
signatures don’t work

17.
 Train ML on ‘good behaviors’
 Automatically detect bad
behaviors
 Lock down after training
Sandboxing Stage II:
heuristics + AI
Prevent majority of injection & defacement attacks

18.
 Train on each site individually
 Re-train on upgrades
○ User managed lock/unlock
 Use client’s IP ‘reputation’ for
good vs bad
 Use ‘banking style’ notifications
(e-mail, sms, phone) for site
owner
Sandboxing Stage II: AI

19.
Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP]
[+more info on the attack]
Was it you?
‘Bad Action’ Notifications
YES, ALLOW THIS ACTION NO, BLOCK THE ACTION

20.
 Is your IP on any of the
blacklists
○ SPAM
○ Botnet
 Is any of hosted domains on
the blacklists:
○ Malware
○ Phishing
○ SPAM
Reputation management

21.
Why is that important?

22.
Configurable

23.
 Use all related info to detect attacks
 Use machine learning to correlate
information
 Use multiple layers to detect, and defend
against the attacker
 Minimize human involvement
○ Minimize decision making
360° defense

24.
Imunify360 Imunify Sensor
Maximum security with sophisticated attack
detection
Basic security with lightweight attack
detection
Centralized Incident Management
dashboard
Firewall Advanced Firewall with herd immunity Standard Firewall
Smart Intrusion Detection System
IDS/IPS
Patch management
Intelligent Web application sandboxing
KernelCare
HardenedPHP
Complete feature comparison at imunify360.com
Imunify360 vs Imunify Sensor

25.
 Dedicated / VPS
 Shared
 cPanel
 DirectAdmin
 Plesk
Good For Web Servers
Goal: zero
configuration, good
for novice, better
than expert...

26.
Pricing
Imunify360
Retail: $35/month
Service Provider: $9/month
Imunify Sensor
Retail: $9/month
Service Provider: $2/month

27.
Resources:
 Imunify360.com
 Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server-
security-comparison
 Survey: https://www.cloudlinux.com/images/content/resources/Hosting-
Industry-Survey-Results-2016.pdf
Questions?