SlideShare a Scribd company logo
1 of 52
Modern Malware,[object Object],Nir Zuk,[object Object],Founder and CTO,[object Object]
Modern Malware by Nir Zuk Palo Alto Networks
data breach mythology,[object Object]
we invest in protecting our data centers,[object Object]
rarely the datacenter is attacked directly,[object Object]
no more vulnerability scanning,[object Object]
the new attacker,[object Object]
the attacker is not a bored geek,[object Object]
nation states and organized crime,[object Object]
data breaches in 2011,[object Object]
step one: bait an end-user,[object Object]
step one: bait an end-user,[object Object],spear phishing,[object Object]
step one: bait an end-user,[object Object]
step two: exploit a vulnerability,[object Object]
step three: download a backdoor,[object Object]
step four: establish a back channel,[object Object]
step five: explore and steal,[object Object]
the  state of malware protection,[object Object]
protection is needed at all stages,[object Object],bait,[object Object],exploit,[object Object],download,[object Object],back channel,[object Object],steal,[object Object]
 bait protection,[object Object]
 exploit protection,[object Object],exploits come in thru many applications,[object Object]
 exploit protection,[object Object],many months pass between black-hat discovery, white hat discovery, and protection being available,[object Object]
 download protection,[object Object],targeted attacks mean few instances in the wild,[object Object]
 download protection,[object Object],anti-malware vendors take several days to come upwith a signature,[object Object]
 back channel protection,[object Object],+,[object Object],+,[object Object],not only attacks are targeted and IPS signatures take time to develop, back channels are often encrypted,[object Object]
 explore-and-steal protection,[object Object],minimal internal security means that once inside, an attacker can roam the network freely,[object Object]
blueprint for stopping modern malware,[object Object]
need to protect all applications,[object Object]
response time is key,[object Object]
automation is a must,[object Object]
a sandbox at the core,[object Object]
perform the analysis for all devices centrally,[object Object]
automatically generate multiple signatures,[object Object],[object Object]
 IPS back-channel signatures
 Malware URLs
 IPS signatures for identified new vulnerabilities,[object Object]
stopping modern malware in practice,[object Object]
need to protect at all stages,[object Object],bait,[object Object],exploit,[object Object],download,[object Object],back channel,[object Object],steal,[object Object]
bait protection ,[object Object],[object Object]
 Control file transfers by user, application, and file type
 Block access to Malware URLs,[object Object]
 IPS signature for newly identified vulnerabilities,[object Object]
discovering Adobe Flash vulnerabilities,[object Object],number of vulnerability discoveries credited to each vendor over the last 4 years,[object Object],Source: OSVDB; as of June 15th 2011,[object Object]
download protection ,[object Object],[object Object]
Generic drive-by-download protection for HTTP/S downloads,[object Object]
Use heuristics to detect back channel communication
C&C signatures available for newly discovered malware,[object Object]
Control access to data by user and application,[object Object]
solution has to be enterprise-wide,[object Object]
protection has to be real-time, inline,[object Object]
needs user-based access control,[object Object]
needs high-speed IPS and AV,[object Object]

More Related Content

What's hot

Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirusAshish Gautam
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
information about virus
information about virusinformation about virus
information about virustoshan badiye
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
Malware in penetration testing 1
Malware in penetration testing 1Malware in penetration testing 1
Malware in penetration testing 1Arbab Usmani
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber AttacksRubal Sagwal
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 

What's hot (20)

Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Sandbox Technology in AntiVirus
Sandbox Technology in AntiVirusSandbox Technology in AntiVirus
Sandbox Technology in AntiVirus
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
information about virus
information about virusinformation about virus
information about virus
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
Malware in penetration testing 1
Malware in penetration testing 1Malware in penetration testing 1
Malware in penetration testing 1
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors Seminar
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Ekwik technology
Ekwik technology Ekwik technology
Ekwik technology
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Viewers also liked

Vfm website-projects
Vfm website-projectsVfm website-projects
Vfm website-projectsvfmindia
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180Suresh Kumar
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR -  ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR -  ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Netgear Italia
 
Concepts: Management VLAN
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLANJelmer de Reus
 
TechWiseTV Workshop: Nexus Data Broker
TechWiseTV Workshop: Nexus Data BrokerTechWiseTV Workshop: Nexus Data Broker
TechWiseTV Workshop: Nexus Data BrokerRobb Boyd
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configurationAlberto Rivai
 
User expert forum user-id
User expert forum   user-idUser expert forum   user-id
User expert forum user-idAlberto Rivai
 
Vfm strategic benefits from caching
Vfm strategic benefits from cachingVfm strategic benefits from caching
Vfm strategic benefits from cachingvfmindia
 
Vfm corporate presentation v1
Vfm corporate presentation v1Vfm corporate presentation v1
Vfm corporate presentation v1vfmindia
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Ajeet Singh
 
Palo Alto Networks - Just another Firewall
Palo Alto Networks - Just another FirewallPalo Alto Networks - Just another Firewall
Palo Alto Networks - Just another Firewallpillardata
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortTen Sistemas e Redes
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 

Viewers also liked (20)

PAN Platform Summary
PAN Platform SummaryPAN Platform Summary
PAN Platform Summary
 
NATE-Central-Log
NATE-Central-LogNATE-Central-Log
NATE-Central-Log
 
FlexPod_for_HondaTH
FlexPod_for_HondaTHFlexPod_for_HondaTH
FlexPod_for_HondaTH
 
Vfm website-projects
Vfm website-projectsVfm website-projects
Vfm website-projects
 
Vsphere 4-partner-training180
Vsphere 4-partner-training180Vsphere 4-partner-training180
Vsphere 4-partner-training180
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR -  ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR -  ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
 
Concepts: Management VLAN
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLAN
 
TechWiseTV Workshop: Nexus Data Broker
TechWiseTV Workshop: Nexus Data BrokerTechWiseTV Workshop: Nexus Data Broker
TechWiseTV Workshop: Nexus Data Broker
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configuration
 
User expert forum user-id
User expert forum   user-idUser expert forum   user-id
User expert forum user-id
 
Vfm strategic benefits from caching
Vfm strategic benefits from cachingVfm strategic benefits from caching
Vfm strategic benefits from caching
 
Vfm corporate presentation v1
Vfm corporate presentation v1Vfm corporate presentation v1
Vfm corporate presentation v1
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
 
Palo Alto Networks - Just another Firewall
Palo Alto Networks - Just another FirewallPalo Alto Networks - Just another Firewall
Palo Alto Networks - Just another Firewall
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
Palo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-shortPalo alto networks_customer_overview_november2011-short
Palo alto networks_customer_overview_november2011-short
 
Palo alto networks
Palo alto networksPalo alto networks
Palo alto networks
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 

Similar to Modern Malware by Nir Zuk Palo Alto Networks

Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013- Mark - Fullbright
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tInfographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tSonatype
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlJose Lopez
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by  Dav...apidays LIVE New York 2021 - Playing with FHIR without getting burned by  Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...apidays
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesijcsa
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 

Similar to Modern Malware by Nir Zuk Palo Alto Networks (20)

Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
The Modern Malware Review March 2013
The Modern Malware Review March 2013The Modern Malware Review March 2013
The Modern Malware Review March 2013
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn'tInfographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
 
Research Paper
Research PaperResearch Paper
Research Paper
 
185
185185
185
 
Bitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat ControlBitdefender - Solution Paper - Active Threat Control
Bitdefender - Solution Paper - Active Threat Control
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by  Dav...apidays LIVE New York 2021 - Playing with FHIR without getting burned by  Dav...
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
APT - Project
APT - Project APT - Project
APT - Project
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 

Modern Malware by Nir Zuk Palo Alto Networks

  • 1.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. IPS back-channel signatures
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Control file transfers by user, application, and file type
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46. Use heuristics to detect back channel communication
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.

Editor's Notes

  1. “project aurora”: white-hat discovery was august 2009, fixed late january 2010