Adobe’s code-signing infrastructure got hacked and now you have to worry about some really bad software out there that your computers will think are valid, safe applications from Adobe. One of them is pwdump which gets Windows passwords. Ever since Flame, Randy Franklin Smith from Ultimate Windows Security, has been saying that if Microsoft’s update infrastructure got hacked, it was only be a matter of time before another vendor’s did too. And that’s what this is all about. The methods are different, but both boil down to exploiting mistakes Microsoft and Adobe made in their PKI used to sign code. The reason this is so impactful to an organization, is that it allows the bad guys to trick your systems into running malicious code that looks like it came from Adobe – but you get that right? It really stinks though because no matter how good you maintain your systems, you are still at the mercy of the security of your software vendors.
Download this presentation to learn:
• How can you stop this particular threat?
• How can you deploy some strategic technologies and controls to address the risk of compromised code signatures and vendor update infrastructures?
• How can you preemptively control your exposure to the mistakes of your software vendors and/or when they get hacked? (In all fairness no one is safe from getting breached.)
18. Brought to you by
www.lumension.com
Speaker
Russ Ernst – Group Product Manager
19. Defense-in-Depth Strategy
Successful risk mitigation starts
AV with a solid vulnerability manage-
Control the Bad ment foundation, augmented by
Device Control
additional layered defenses which
Control the Flow go beyond the traditional blacklist
approach.
HD and Media Encryption
Control the Data
Application Control
Control the Gray
Patch and Configuration Management
Control the Vulnerability Landscape
19
20. Defense-in-Depth with Intelligent Whitelisting
Known Unknown Unwanted, Application Configuration
Malware Malware Unlicensed, Vulnerabilities Vulnerabilities
Unsupported
applications
AntiVirus X X
Application
X X
Control
Patch &
X X
Remediation
Security
Configuration X
Management
21. More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Application Scanner – discover all the apps http://www.lumension.com/
being used in your network intelligent-whitelisting/buy-now.aspx#7
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Intelligent Whitelisting™
» Online Demo Video:
http://www.lumension.com/Resources/
Demo-Center/Endpoint-Security.aspx
» Free Trial (virtual or download):
http://www.lumension.com/
intelligent-whitelisting/free-trial.aspx
21