Contenu connexe Similaire à Protecting Against Ransomware (20) Protecting Against Ransomware1. Part 2: Protecting against Ransomware
Jonathan Korba
Systems Engineer
Symantec
5-Part Webinar Series: Endpoint Protection…what really matters?
2. 5-Part Webinar Series: Endpoint Protection…what really matters?
Title: Date:
Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14
Machine Learning January 26, 2017
Part 2 of 5 Block The Risk Of Ransomware February 23, 2017
Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It
March 23, 2017
Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017
Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response
May 18, 2017
https://www.symantec.com/about/webcasts
3. Agenda
3
What is Ransomware and what are the risks?
How does Symantec Endpoint Protection 14 block Ransomware?
Demos: SEP 14 in action
4. Copyright © 2016 Symantec Corporation
Superior Protection and Response Across the Attack Chain
Stop Ransomware Threats with layered protection
INCURSION INFESTATION and EXFILTRATIONINFECTION
ANTIVIRUS
NETWORK
FIREWALL &
INTRUSION
PREVENTION
APPLICATION
AND DEVICE
CONTROL
BEHAVIOR
MONITORING
MEMORY
EXPLOIT
MITIGATION
REPUTATION
ANALYSIS
ADVANCED
MACHINE
LEARNING
EMULATOR
Patented real-time cloud lookup for scanning of suspicious files
NETWORK
FIREWALL &
INTRUSION
PREVENTION
INNOCULATION
POWER ERASER HOST INTEGRITY SYSTEM
LOCKDOWN
SECURE WEB
GATEWAY
INTEGRATION
EDR CONSOLE
(ATP:ENDPOINT)
5. While end-users see Word files as harmless they
can hide macro-viruses
5
Copyright © 2016 Symantec Corporation
9. Ransomware Attack Chain
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption
9
Copyright © 2016 Symantec Corporation
10. SEP 14 Protection across Ransomware Attack Kill Chain
1. Malware Delivery
2. Malware installed 3. Call C&C Server
4. Encryption
Download Insight,
AV: Machine Learning, Emulator
IPS, Memory Exploit Mitigation
IPS
SONAR,
Application Control
10
Copyright © 2016 Symantec Corporation
11. Emulation Capabilities
Fast and accurate detection of hidden malware
Copyright © 2016 Symantec Corporation
11
Packer
Packer
Executable
No Emulation
Emulation
Emulation Environment
Packed, not recognized
Payload
Recognized
Emulation Environment
Unpacking
Executable
Emulates file execution to
cause threats to reveal
themselves
Lightweight solution runs in
milliseconds with high
efficacy
Malware hides
behind custom
polymorphic
packers
Emulator ‘unpacks’
the malware in a
virtual environment
Executable
12. Memory Exploit Mitigation
Blocks zero-day attacks by hardening the operation system
12
Signature-less and works
regardless of the
flaw/bug/vulnerability
Preemptively blocks exploit
techniques, foiling attempts of
attackers to take over a machine
Patch
Released
Patch
Applied
Vulnerability
Discovered
Vulnerability
Disclosed
ZONE OF EXPLOITATION
WEEKS
MONTHS
“Memory Exploit Mitigation”
1. Java Exploit Protection
2. Heap Spray
3. SEHOP
Copyright © 2016 Symantec Corporation
14. Demo: IPS Blocks Outbound Communications from Ransomware
Copyright © 2016 Symantec Corporation
14
16. Protection Against Ransomware
• User Education
• Email/Gateway Security
• OS/App Patching
• Maintain an endpoint security solution
– File reputation analysis
– Static file malware prevention with Machine Learning
– Exploit prevention
– Behavior-based prevention
– Application Control
• Limit end user access to mapped drives – make read only and password protect
• Deploy and secure a comprehensive backup solution
16
Copyright © 2016 Symantec Corporation
18. Thank you!
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by
law. The information in this document is subject to change without notice.
Jonathan Korba
Systems Engineer
Symantec
18