SlideShare une entreprise Scribd logo

Protecting Against Ransomware

Symantec
Symantec

Symantec Webinar: What is Ransomware and what are the risks? How does Symantec Endpoint Protection 14 block Ransomware?

Technologie
1  sur  18
Télécharger pour lire hors ligne
Part 2: Protecting against Ransomware Jonathan Korba Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
5-Part Webinar Series: Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response May 18, 2017 https://www.symantec.com/about/webcasts
Agenda 3 What is Ransomware and what are the risks? How does Symantec Endpoint Protection 14 block Ransomware? Demos: SEP 14 in action
Copyright © 2016 Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Ransomware Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
While end-users see Word files as harmless they can hide macro-viruses 5 Copyright © 2016 Symantec Corporation
6 Copyright © 2016 Symantec Corporation
7
8 Drive-by-Downloads Malicious Email Infection Vectors How is Ransomware getting in?
Ransomware Attack Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption 9 Copyright © 2016 Symantec Corporation
SEP 14 Protection across Ransomware Attack Kill Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption Download Insight, AV: Machine Learning, Emulator IPS, Memory Exploit Mitigation IPS SONAR, Application Control 10 Copyright © 2016 Symantec Corporation
Emulation Capabilities Fast and accurate detection of hidden malware Copyright © 2016 Symantec Corporation 11 Packer Packer Executable No Emulation Emulation Emulation Environment Packed, not recognized Payload Recognized Emulation Environment Unpacking Executable Emulates file execution to cause threats to reveal themselves Lightweight solution runs in milliseconds with high efficacy Malware hides behind custom polymorphic packers Emulator ‘unpacks’ the malware in a virtual environment Executable
Memory Exploit Mitigation Blocks zero-day attacks by hardening the operation system 12 Signature-less and works regardless of the flaw/bug/vulnerability Preemptively blocks exploit techniques, foiling attempts of attackers to take over a machine Patch Released Patch Applied Vulnerability Discovered Vulnerability Disclosed ZONE OF EXPLOITATION WEEKS MONTHS “Memory Exploit Mitigation” 1. Java Exploit Protection 2. Heap Spray 3. SEHOP Copyright © 2016 Symantec Corporation
13
Demo: IPS Blocks Outbound Communications from Ransomware Copyright © 2016 Symantec Corporation 14
Demo: Application Control Blocks Ransomware the uses Office Documents Copyright © 2016 Symantec Corporation 15
Protection Against Ransomware • User Education • Email/Gateway Security • OS/App Patching • Maintain an endpoint security solution – File reputation analysis – Static file malware prevention with Machine Learning – Exploit prevention – Behavior-based prevention – Application Control • Limit end user access to mapped drives – make read only and password protect • Deploy and secure a comprehensive backup solution 16 Copyright © 2016 Symantec Corporation
Q&A 17
Thank you! Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Jonathan Korba Systems Engineer Symantec 18

Recommandé

Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
Osirium Limited
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
Osirium Limited
 
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Storage Switzerland
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
Raghavendra P.V
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 

Recommandé

Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
Osirium Limited
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
Vijay Sarathy Rangayyan
 
Preventing lateral spread of ransomware
Preventing lateral spread of ransomwarePreventing lateral spread of ransomware
Preventing lateral spread of ransomware
Osirium Limited
 
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Storage Switzerland
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
Raghavendra P.V
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
ClickSSL
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
HTS Hosting
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
James Anderson
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
dinCloud Inc.
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
anpapathanasiou
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Quick Heal Technologies Ltd.
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Web App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationWeb App Attacks - Stats & Remediation
Web App Attacks - Stats & Remediation
Qualys
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
F-Secure Corporation
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability Session
Kaseya
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Symantec
 
The New Threat on Campus: Ransomware Locks Down Education
The New Threat on Campus: Ransomware Locks Down EducationThe New Threat on Campus: Ransomware Locks Down Education
The New Threat on Campus: Ransomware Locks Down Education
Code42
 

Contenu connexe

Tendances

How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability Session
Kaseya
 

Tendances (20)

What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Web App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationWeb App Attacks - Stats & Remediation
Web App Attacks - Stats & Remediation
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability Session
 

En vedette

How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
Solarwinds N-able
 
Inteligencia artificial mishelle
Inteligencia artificial mishelleInteligencia artificial mishelle
Inteligencia artificial mishelle
mishelle22
 
Herramientas digitales unidad ii diapositivas rss
Herramientas digitales unidad ii diapositivas rssHerramientas digitales unidad ii diapositivas rss
Herramientas digitales unidad ii diapositivas rss
diegoher16
 

En vedette (20)

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
The New Threat on Campus: Ransomware Locks Down Education
The New Threat on Campus: Ransomware Locks Down EducationThe New Threat on Campus: Ransomware Locks Down Education
The New Threat on Campus: Ransomware Locks Down Education
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, Prevention
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection 13 Ransomware Statistics That Will Make You Rethink Data Protection
13 Ransomware Statistics That Will Make You Rethink Data Protection
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
la computadora
la computadorala computadora
la computadora
 
Inteligencia artificial mishelle
Inteligencia artificial mishelleInteligencia artificial mishelle
Inteligencia artificial mishelle
 
Efe
EfeEfe
Efe
 
Powerrrrrrrrrrrrr (1)
Powerrrrrrrrrrrrr (1)Powerrrrrrrrrrrrr (1)
Powerrrrrrrrrrrrr (1)
 
buscadores de intenet hecho por miguel
buscadores de intenet hecho por miguelbuscadores de intenet hecho por miguel
buscadores de intenet hecho por miguel
 
Las tics
Las ticsLas tics
Las tics
 
RSS
RSSRSS
RSS
 
Steven gallego final
Steven gallego finalSteven gallego final
Steven gallego final
 
SQL Pyme para empresas de alimentación
SQL Pyme para empresas de alimentaciónSQL Pyme para empresas de alimentación
SQL Pyme para empresas de alimentación
 
Redes locales basico
Redes locales basicoRedes locales basico
Redes locales basico
 
Herramientas digitales unidad ii diapositivas rss
Herramientas digitales unidad ii diapositivas rssHerramientas digitales unidad ii diapositivas rss
Herramientas digitales unidad ii diapositivas rss
 
emprendimiento
emprendimientoemprendimiento
emprendimiento
 

Similaire à Protecting Against Ransomware

MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
webhostingguy
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budget
Lumension
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 

Similaire à Protecting Against Ransomware (20)

MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion Techniques
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICESRansomware Response Guide IBM INCIDENT RESPONSE SERVICES
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Ch19
Ch19Ch19
Ch19
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budget
 
Palestra Filipi Pires - Ransomware – Existe proteção para isso?
Palestra Filipi Pires - Ransomware – Existe proteção para isso?Palestra Filipi Pires - Ransomware – Existe proteção para isso?
Palestra Filipi Pires - Ransomware – Existe proteção para isso?
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Raging Ransomware Roadshow May
Raging Ransomware Roadshow MayRaging Ransomware Roadshow May
Raging Ransomware Roadshow May
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 

Plus de Symantec

Plus de Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Dernier (20)

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Protecting Against Ransomware

  • 1. Part 2: Protecting against Ransomware Jonathan Korba Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
  • 2. 5-Part Webinar Series: Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response May 18, 2017 https://www.symantec.com/about/webcasts
  • 3. Agenda 3 What is Ransomware and what are the risks? How does Symantec Endpoint Protection 14 block Ransomware? Demos: SEP 14 in action
  • 4. Copyright © 2016 Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Ransomware Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
  • 5. While end-users see Word files as harmless they can hide macro-viruses 5 Copyright © 2016 Symantec Corporation
  • 6. 6 Copyright © 2016 Symantec Corporation
  • 7. 7
  • 8. 8 Drive-by-Downloads Malicious Email Infection Vectors How is Ransomware getting in?
  • 9. Ransomware Attack Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption 9 Copyright © 2016 Symantec Corporation
  • 10. SEP 14 Protection across Ransomware Attack Kill Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption Download Insight, AV: Machine Learning, Emulator IPS, Memory Exploit Mitigation IPS SONAR, Application Control 10 Copyright © 2016 Symantec Corporation
  • 11. Emulation Capabilities Fast and accurate detection of hidden malware Copyright © 2016 Symantec Corporation 11 Packer Packer Executable No Emulation Emulation Emulation Environment Packed, not recognized Payload Recognized Emulation Environment Unpacking Executable Emulates file execution to cause threats to reveal themselves Lightweight solution runs in milliseconds with high efficacy Malware hides behind custom polymorphic packers Emulator ‘unpacks’ the malware in a virtual environment Executable
  • 12. Memory Exploit Mitigation Blocks zero-day attacks by hardening the operation system 12 Signature-less and works regardless of the flaw/bug/vulnerability Preemptively blocks exploit techniques, foiling attempts of attackers to take over a machine Patch Released Patch Applied Vulnerability Discovered Vulnerability Disclosed ZONE OF EXPLOITATION WEEKS MONTHS “Memory Exploit Mitigation” 1. Java Exploit Protection 2. Heap Spray 3. SEHOP Copyright © 2016 Symantec Corporation
  • 13. 13
  • 14. Demo: IPS Blocks Outbound Communications from Ransomware Copyright © 2016 Symantec Corporation 14
  • 15. Demo: Application Control Blocks Ransomware the uses Office Documents Copyright © 2016 Symantec Corporation 15
  • 16. Protection Against Ransomware • User Education • Email/Gateway Security • OS/App Patching • Maintain an endpoint security solution – File reputation analysis – Static file malware prevention with Machine Learning – Exploit prevention – Behavior-based prevention – Application Control • Limit end user access to mapped drives – make read only and password protect • Deploy and secure a comprehensive backup solution 16 Copyright © 2016 Symantec Corporation
  • 18. Thank you! Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Jonathan Korba Systems Engineer Symantec 18