SlideShare a Scribd company logo

Combating malware threats with whitelisting, behavioral detection and automatic execution

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Malware is a significant threat as it provides a way for an attacker to use your machine for nefarious means or take data from you and those connected to you. Learn how to combat this threat and protect yourself.

Technology
1 of 17
Combating malware threats © 2014 Property of JurInnov Ltd. All Rights Reserved Eric A. Vanderburg, MBA, CISSP Director, Information Systems and Security Computer Forensic and Investigation Services
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Outline • Security model • Malicious software • Countering malware threats – Whitelisting – Behavioral detection – Automatic execution detection 2
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security model • Select security products that provide maximum security without significantly impacting productivity • Have a security model capable of handling direct attack of security solutions present on endpoints – Have a security model with fail-safe protection – Consider security products that use obfuscation – Consider security solutions that are less prominent • Be willing to adapt your security model to address a quickly evolving threat landscape 3
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Malicious software • Malicious software development is a for-profit business • There are more threats today than ever before • Threats today are designed to bypass the most prominent security solutions 4
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security Trade offs • System performance and resource consumption • Impact on end-user productivity • Increased IT administration requirements 5
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved One step ahead • Malicious software developers are familiar with emerging security techniques • Malicious software developers can respond faster than security vendors • Companies are slow to adopt new security solutions 6
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security solution adoption • No need to bypass security solutions that were never installed • Malicious software developers can impede solution adoption • Threats can create false positives that break legitimate software • Threats can increase hassle to administer new security solutions 7
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Opposite of signature-based approach • Unknown executable binaries are considered malicious • Usually has three different modes of operation: Lock- down, Prompt, or Audit • Many threats require launching binaries • Effectively stops unknown binaries from executing • Protects against threats signature-based solutions cannot • Does not detect threats that are present at time of installation 8
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Does not detect threats running inside of approved processes • May not detect malicious scripts • Exploit features designed to increase the usability of whitelisting solutions • File system filter drivers can negatively impact performance • Rarely compatible with other security solutions • End-users may not have the flexibility necessary to perform their jobs • Administering automated installations and updates can be a hassle • Modify legitimate files on disk to get whitelisting solution to prohibit execution • Break the ability to easily install or update software • Degrade system performance 9
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Instead of identifying malicious binaries, identify malicious behaviors • Often used in conjunction with sandboxing, hardware solutions, and cloud security • Uses static and dynamic analysis • Can detect unknown threats signature-based solutions cannot • Can detect infections that are present before installation • Can detect that legitimate applications have been hijacked 10
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Malicious software present before install can block installation • Obfuscation can hide malicious behaviors • Prompting end-users can result in infected computers • Behavioral detection negatively impacts system performance • False positives can result in legitimate software being blocked • End-users may not be able to run legitimate software needed to do their jobs 11
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Administrators must keep up to date whitelist of legitimate applications with malicious behavior • Launch processes designed to decrease system performance • Inject malicious code into legitimate software to prevent it from running • Install components shared by multiple legitimate applications to break legitimate applications • Cloud solutions are vulnerable to distributed denial of service attacks 12
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Malicious software has incentive to persist on the endpoint, so most malicious software attempts to • Prevents malicious software from persisting • Restricts access to key Windows file system and registry locations to prevent automatic execution • Provides protection against known and unknown threats • Does not require reactive updating to address new threats 13
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Allows more end-user flexibility than application whitelisting • Superior performance and security solution compatibility • Like whitelisting, malicious software present at time of install is not detected • In-memory threats that do not attempt to persist are not detected • Threats that replace legitimate files are not always detected 14
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • End-users can optionally be given permission to install persistent software • End-users who need to install persistent software will need IT approval • Administrators need to configure automated installs and updates to proceed unhindered • Tools to minimize administrative impact potentially open up security vulnerabilities 15
© 2014 Property of JurInnov Ltd. All Rights Reserved Questions
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: eric.vanderburg@jurinnov.com • Twitter: @evanderburg • Facebook: www.facebook.com/VanderburgE • Linkedin: www.linkedin.com/in/evanderburg • Youtube: www.youtube.com/user/evanderburg JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115

Recommended

Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Muhammad Talha Zaroon
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer securityPrajktaGN
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computererashmi1234
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 

Recommended

Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Muhammad Talha Zaroon
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer securityPrajktaGN
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computererashmi1234
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergenceCe hv6 module 66 security convergence
Ce hv6 module 66 security convergenceVi Tính Hoàng Nam
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft
 
Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)SURBHI SAROHA
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAKTabsheer Hasan
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Securityankitmehta21
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch managementVi Tính Hoàng Nam
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
Week 12
Week 12Week 12
Week 12Joey Pierce
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for DoctorsPlus91 Technologies Pvt. Ltd.
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Ht r32
Ht r32Ht r32
Ht r32SelectedPresentations
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.finalahmad abdelhafeez
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidentsEdinburgh Napier University
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 

More Related Content

What's hot

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergenceCe hv6 module 66 security convergence
Ce hv6 module 66 security convergenceVi Tính Hoàng Nam
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft
 
Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)SURBHI SAROHA
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Securityankitmehta21
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch managementVi Tính Hoàng Nam
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Chinatu Uzuegbu
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 

What's hot (20)

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergenceCe hv6 module 66 security convergence
Ce hv6 module 66 security convergence
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. Hagar
 
Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
Week 12
Week 12Week 12
Week 12
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for Doctors
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Ht r32
Ht r32Ht r32
Ht r32
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 

Viewers also liked

Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidentsEdinburgh Napier University
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgEric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgEric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVEric Vanderburg
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Eric Vanderburg
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 

Viewers also liked (15)

Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similar to Combating malware threats with whitelisting, behavioral detection and automatic execution

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindImperva
 
Imperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindImperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindBarry Shteiman
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint securitySolarwinds N-able
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesLastline, Inc.
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Mining attackers mind
Mining attackers mindMining attackers mind
Mining attackers mindkeyuradmin
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 

Similar to Combating malware threats with whitelisting, behavioral detection and automatic execution (20)

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd Kind
 
Imperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindImperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kind
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint security
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
spyware
spyware spyware
spyware
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
01 presentation-kenwillen
01 presentation-kenwillen01 presentation-kenwillen
01 presentation-kenwillen
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Mining attackers mind
Mining attackers mindMining attackers mind
Mining attackers mind
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgEric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Combating malware threats with whitelisting, behavioral detection and automatic execution

  • 1. Combating malware threats © 2014 Property of JurInnov Ltd. All Rights Reserved Eric A. Vanderburg, MBA, CISSP Director, Information Systems and Security Computer Forensic and Investigation Services
  • 2. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Outline • Security model • Malicious software • Countering malware threats – Whitelisting – Behavioral detection – Automatic execution detection 2
  • 3. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security model • Select security products that provide maximum security without significantly impacting productivity • Have a security model capable of handling direct attack of security solutions present on endpoints – Have a security model with fail-safe protection – Consider security products that use obfuscation – Consider security solutions that are less prominent • Be willing to adapt your security model to address a quickly evolving threat landscape 3
  • 4. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Malicious software • Malicious software development is a for-profit business • There are more threats today than ever before • Threats today are designed to bypass the most prominent security solutions 4
  • 5. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security Trade offs • System performance and resource consumption • Impact on end-user productivity • Increased IT administration requirements 5
  • 6. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved One step ahead • Malicious software developers are familiar with emerging security techniques • Malicious software developers can respond faster than security vendors • Companies are slow to adopt new security solutions 6
  • 7. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security solution adoption • No need to bypass security solutions that were never installed • Malicious software developers can impede solution adoption • Threats can create false positives that break legitimate software • Threats can increase hassle to administer new security solutions 7
  • 8. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Opposite of signature-based approach • Unknown executable binaries are considered malicious • Usually has three different modes of operation: Lock- down, Prompt, or Audit • Many threats require launching binaries • Effectively stops unknown binaries from executing • Protects against threats signature-based solutions cannot • Does not detect threats that are present at time of installation 8
  • 9. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Does not detect threats running inside of approved processes • May not detect malicious scripts • Exploit features designed to increase the usability of whitelisting solutions • File system filter drivers can negatively impact performance • Rarely compatible with other security solutions • End-users may not have the flexibility necessary to perform their jobs • Administering automated installations and updates can be a hassle • Modify legitimate files on disk to get whitelisting solution to prohibit execution • Break the ability to easily install or update software • Degrade system performance 9
  • 10. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Instead of identifying malicious binaries, identify malicious behaviors • Often used in conjunction with sandboxing, hardware solutions, and cloud security • Uses static and dynamic analysis • Can detect unknown threats signature-based solutions cannot • Can detect infections that are present before installation • Can detect that legitimate applications have been hijacked 10
  • 11. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Malicious software present before install can block installation • Obfuscation can hide malicious behaviors • Prompting end-users can result in infected computers • Behavioral detection negatively impacts system performance • False positives can result in legitimate software being blocked • End-users may not be able to run legitimate software needed to do their jobs 11
  • 12. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Administrators must keep up to date whitelist of legitimate applications with malicious behavior • Launch processes designed to decrease system performance • Inject malicious code into legitimate software to prevent it from running • Install components shared by multiple legitimate applications to break legitimate applications • Cloud solutions are vulnerable to distributed denial of service attacks 12
  • 13. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Malicious software has incentive to persist on the endpoint, so most malicious software attempts to • Prevents malicious software from persisting • Restricts access to key Windows file system and registry locations to prevent automatic execution • Provides protection against known and unknown threats • Does not require reactive updating to address new threats 13
  • 14. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Allows more end-user flexibility than application whitelisting • Superior performance and security solution compatibility • Like whitelisting, malicious software present at time of install is not detected • In-memory threats that do not attempt to persist are not detected • Threats that replace legitimate files are not always detected 14
  • 15. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • End-users can optionally be given permission to install persistent software • End-users who need to install persistent software will need IT approval • Administrators need to configure automated installs and updates to proceed unhindered • Tools to minimize administrative impact potentially open up security vulnerabilities 15
  • 16. © 2014 Property of JurInnov Ltd. All Rights Reserved Questions
  • 17. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: eric.vanderburg@jurinnov.com • Twitter: @evanderburg • Facebook: www.facebook.com/VanderburgE • Linkedin: www.linkedin.com/in/evanderburg • Youtube: www.youtube.com/user/evanderburg JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115