SlideShare ist ein Scribd-Unternehmen logo

Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers

Als PPTX, PDF herunterladen
Lumension
Lumension

When it comes to malware we usually think of workstations and laptops because they are the systems rubbing shoulders with the unwashed masses on the Internet. They are the systems in the hands of clueless end-users (aka “losers” by some of my less reverent colleagues). They are the systems running applications that download, parse and process file formats targeted by attackers such as Office documents, PDFs and image files. Conventional wisdom says on the other hand that servers are much more isolated from the Internet. Also, servers are in the hands of security-conscious IT pros who refrain from dangerous activities like web browsing, file downloads or opening email. Even that servers don’t have dangerous applications like Office, Adobe Reader, Flash and other workstation applications installed. But conventional wisdom isn’t accurate. Download this presentation to learn the 4 reasons for why Randy Franklin Smith from UltimateWindowsSecurity says that: My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers The infamous lab system Bot herders love servers because of their high computing power, connectivity and long term availability. Attackers running APT attacks typically target workstations initially but then attempt to move horizontally through the network from one user and/or system to another until they reach their end target: usually a sensitive information cache on some a server. This is true in highly publicized attacks like the one awhile back on RSA SecurID and more recently with Adobe’s code signing server. Learn how how application control is an important defense-in-depth measure that can provide detection and prevention of late-stage APT attacks. Lumension will talk briefly how their endpoint security suite addresses these risks.

Technologie
1 von 31
Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers © 2012 Monterey Technology Group Inc.
Brought to you by www.lumension.com Speaker  Chris Merritt –
Preview of Key Points Malware isn’t just a workstation problem The facts Protecting servers with defense-in-depth © 2012 Monterey Technology Group Inc.
Malware isn’t just a Workstation Problem My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers © 2012 Monterey Technology Group Inc.
My own findings in recent IT audit engagements  Finding servers with “workstation” software  Acrobat  Flash  Adobe Air  Office  Babylon © 2012 Monterey Technology Group Inc.
My own findings in recent IT audit engagements  Finding servers with “workstation” software  Lab systems  Development environments  Un-firewalled systems on internal network © 2012 Monterey Technology Group Inc.
A recent study about DNSChanger Krebs on security http://tinyurl.com/d45q9hj “More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and … at nearly 50 percent of all federal government agencies, new research shows.” This included servers © 2012 Monterey Technology Group Inc.
An underground service that sells RDP access to Fortune 500 computers Service Sells Access to Fortune 500 Firms by Brian Krebs (http://krebsonsecurity.com/2012/10/service- sells-access-to-fortune-500-firms/) Russians selling access to private company servers in just $4 by Mohit Kumar (http://thehackernews.com/2012/10/russians- selling-access-to-private.html) © 2012 Monterey Technology Group Inc.
Fact Malware isn’t just a workstation problem Additional layers of defense are needed beyond just AV © 2012 Monterey Technology Group Inc.
Protecting Servers with Defense-in-Depth © 2012 Monterey Technology Group Inc.
Written policy Acceptable reasons to logon interactively Prohibited activities Browsing internet Downloading files Opening files from Internet except software vetted for that server Installing any software except necessary for server’s role © 2012 Monterey Technology Group Inc.
Use of jump boxes Reduce # of systems that anyone logs onto interactively Set up “jump boxes” Terminal Services All MMC snap-ins Restrict “Logon via remote desktop” user right Firewall Alert on interactive logons • Event ID 4624 with Logon type 10 or 2 © 2012 Monterey Technology Group Inc.
Monitoring New service Event IDs 4697 New process Event IDs 4688 Take into account maintenance windows © 2012 Monterey Technology Group Inc.
Attack surface Vulnerability scan Any unnecessary features installed/activated? Unnecessary apps Firewall rules © 2012 Monterey Technology Group Inc.
Centralized patch management 2 high profile software vendors automatic update infrastructures compromised Microsoft Adobe Don’t allow any systems, especially servers to automatically install software that appears to have come from vendor Control what goes on your systems © 2012 Monterey Technology Group Inc.
Application inventory Find out what is running on your servers Lumension free application scanner Query security log for new process events and normalize logparser "select distinct EXTRACT_TOKEN(Strings, 5, '|') into progs.txt from security where EventID=4688" -i evt -o tsv Important part of attack surface reduction © 2012 Monterey Technology Group Inc.
Application control Take centralized control of what runs on your servers Application whitelisting is the single most direct and effective way to keep unwanted software off trusted systems Especially effective against lateral movement End user workstation -> admin -> server Even more so on systems where preceedings cannot be fully implemented © 2012 Monterey Technology Group Inc.
Application control AppLocker only appropriate for large fleets of 100% identical systems Most workstations don’t fit that profile Definitely not servers Intelligent whitelisting much different than traditional whitelisting like AppLocker © 2012 Monterey Technology Group Inc.
Brought to you by www.lumension.com Speaker  Chris Merritt –
Defense-in-Depth Security Keeps Bot Herders Off Your Servers Chris Merritt Director of Solution Marketing Lumension source: http://commons.wikimedia.org/wiki/File:Botnet.svg
Defense-in-Depth Against Server Threats Known Unknown Unwanted, Application Config. Physical Malware Malware Unlicensed, Vulns Vulns Infiltration Unsupported Applications AntiVirus X X Application Control X X X Patch & Remediation X X Security Configuration X Management Device Control X
Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
Lumension® Endpoint Management and Security Suite Total Endpoint Protection for Servers Server Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Server Operations Server Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations  Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types (Windows, *nix, Apple), native applications, and Lumension® Configuration Mgmt. 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation
Lumension® Content Wizard Cost-Effectively Streamline Endpoint Management Endpoint Operations  Simple, wizard-based policy creation and baseline enforcement – without add’l tools: Endpoint Operations Lumension® Patch and Remediation • Patch Creation Lumension® Content Wizard • Software Installs and Uninstalls Lumension® Configuration Mgmt. • Windows Security Policies Lumension® Power Management • Power Management Policies • NEW! Windows Firewall Policies
Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations  Ensure that endpoint operating systems and applications are securely configured and in compliance Endpoint Operations Lumension® Patch and Remediation with industry best practices and regulatory standards: Lumension® Content Wizard • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Configuration Mgmt. • NIST Validated Solution Lumension® Power Management • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting
Lumension® AntiVirus Multilayered Protection Against Malware  Based on proven technology from industry Endpoint Security leader providing complete protection against known and unknown malware Lumension® AntiVirus Endpoint Security including viruses, worms, Trojans, spyware, Lumension® Application Control adware and more Lumension® Device Control  Includes a breadth of analysis techniques from traditional signature matching to Lumension® Disk Encryption behavioral analysis to effectively protect against zero-day and evolving threats: • Antivirus (AV) protection (full signature matching) • DNA Matching (partial signature matching) • SandBox (behavioral analysis in an emulated environment) • Exploit Detection (find hidden/embedded malware)  VB100 certified by VirusBulletin 2
Lumension® Application Contro Proactive Protection Against Malware and More  Effective Endpoint Security: Block known Endpoint Security and unknown malware without signatures, and prevent exploitation of Lumension® AntiVirus Endpoint Security application / configuration vulnerabilities Lumension® Application Control  Control the Unwanted: Real-time view of Lumension® Device Control all application inventory, ensuring only approved software is allowed to run, and Lumension® Disk Encryption denying / removing all unwanted applications  Control the Unknown: Enforce, log and audit all endpoint application change while controlling end-users with Local Admin rights  Flexible and Easy-To-Use: Unified solution workflow via single console with flexible trusted change management policy
Lumension® Device Control Policy-Based Data Protection and Encryption  Protect Data from Loss or Theft: Endpoint Security Centrally enforce usage policies of all endpoint ports and for all removable Lumension® AntiVirus Endpoint Security devices / media. Lumension® Application Control  Increase Data Security: Define forced Lumension® Device Control encryption policy for data flows onto removable devices / media. Flexible Lumension® Disk Encryption exception management.  Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.  Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.
Next Steps Free Tools  http://www.lumension.com/Resources/Premium-Security-Tools.aspx  Application Scanner – see what applications are running on your servers  Device Scanner – see what removable devices are being used  Vulnerability Scanner – see what your OS / application risks are Whitepapers  Endpoint Management and Security Buyers Guide • http://www.lumension.com/Resources/WhitePapers/ Endpoint-Management-and-Security-Buyers-Guide.aspx Free Evaluation  http://www.lumension.com/ endpoint-management-security-suite/free-trial.aspx 30
Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com

Empfohlen

Ejemplos de Posteos
Ejemplos de PosteosEjemplos de Posteos
Ejemplos de Posteos
Sandra Gonzalez
 
Scrum Overview
Scrum OverviewScrum Overview
Scrum Overview
Constantine Mars
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
Lumension
 

Empfohlen

Ejemplos de Posteos
Ejemplos de PosteosEjemplos de Posteos
Ejemplos de Posteos
Sandra Gonzalez
 
Scrum Overview
Scrum OverviewScrum Overview
Scrum Overview
Constantine Mars
 
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Lumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
Lumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Lumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
Lumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Lumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Lumension
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Lumension
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Lumension
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
Lumension
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
 

Weitere ähnliche Inhalte

Mehr von Lumension

Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Lumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Lumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
Lumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
Lumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
Lumension
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Lumension
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Lumension
 

Mehr von Lumension (20)

Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-VirusDefending Your Corporate Endpoints How to Go Beyond Anti-Virus
Defending Your Corporate Endpoints How to Go Beyond Anti-Virus
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportGreatest IT Security Risks of 2013: Annual State of the Endpoint Report
Greatest IT Security Risks of 2013: Annual State of the Endpoint Report
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You. Sensational Headlines or Real Threats? What New Attacks Mean For You.
Sensational Headlines or Real Threats? What New Attacks Mean For You.
 
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater InsanityStopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Kürzlich hochgeladen (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers

  • 1. Keeping Bot Herders off Your Servers and Breaking the Lateral Kill Chain of Today’s Attackers © 2012 Monterey Technology Group Inc.
  • 2. Brought to you by www.lumension.com Speaker  Chris Merritt –
  • 3. Preview of Key Points Malware isn’t just a workstation problem The facts Protecting servers with defense-in-depth © 2012 Monterey Technology Group Inc.
  • 4. Malware isn’t just a Workstation Problem My own findings in recent IT audit engagements A recent study about DNSChanger An underground service that sells RDP access to Fortune 500 computers © 2012 Monterey Technology Group Inc.
  • 5. My own findings in recent IT audit engagements  Finding servers with “workstation” software  Acrobat  Flash  Adobe Air  Office  Babylon © 2012 Monterey Technology Group Inc.
  • 6. My own findings in recent IT audit engagements  Finding servers with “workstation” software  Lab systems  Development environments  Un-firewalled systems on internal network © 2012 Monterey Technology Group Inc.
  • 7. A recent study about DNSChanger Krebs on security http://tinyurl.com/d45q9hj “More than two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and … at nearly 50 percent of all federal government agencies, new research shows.” This included servers © 2012 Monterey Technology Group Inc.
  • 8. An underground service that sells RDP access to Fortune 500 computers Service Sells Access to Fortune 500 Firms by Brian Krebs (http://krebsonsecurity.com/2012/10/service- sells-access-to-fortune-500-firms/) Russians selling access to private company servers in just $4 by Mohit Kumar (http://thehackernews.com/2012/10/russians- selling-access-to-private.html) © 2012 Monterey Technology Group Inc.
  • 9. Fact Malware isn’t just a workstation problem Additional layers of defense are needed beyond just AV © 2012 Monterey Technology Group Inc.
  • 10. Protecting Servers with Defense-in-Depth © 2012 Monterey Technology Group Inc.
  • 11. Written policy Acceptable reasons to logon interactively Prohibited activities Browsing internet Downloading files Opening files from Internet except software vetted for that server Installing any software except necessary for server’s role © 2012 Monterey Technology Group Inc.
  • 12. Use of jump boxes Reduce # of systems that anyone logs onto interactively Set up “jump boxes” Terminal Services All MMC snap-ins Restrict “Logon via remote desktop” user right Firewall Alert on interactive logons • Event ID 4624 with Logon type 10 or 2 © 2012 Monterey Technology Group Inc.
  • 13. Monitoring New service Event IDs 4697 New process Event IDs 4688 Take into account maintenance windows © 2012 Monterey Technology Group Inc.
  • 14. Attack surface Vulnerability scan Any unnecessary features installed/activated? Unnecessary apps Firewall rules © 2012 Monterey Technology Group Inc.
  • 15. Centralized patch management 2 high profile software vendors automatic update infrastructures compromised Microsoft Adobe Don’t allow any systems, especially servers to automatically install software that appears to have come from vendor Control what goes on your systems © 2012 Monterey Technology Group Inc.
  • 16. Application inventory Find out what is running on your servers Lumension free application scanner Query security log for new process events and normalize logparser "select distinct EXTRACT_TOKEN(Strings, 5, '|') into progs.txt from security where EventID=4688" -i evt -o tsv Important part of attack surface reduction © 2012 Monterey Technology Group Inc.
  • 17. Application control Take centralized control of what runs on your servers Application whitelisting is the single most direct and effective way to keep unwanted software off trusted systems Especially effective against lateral movement End user workstation -> admin -> server Even more so on systems where preceedings cannot be fully implemented © 2012 Monterey Technology Group Inc.
  • 18. Application control AppLocker only appropriate for large fleets of 100% identical systems Most workstations don’t fit that profile Definitely not servers Intelligent whitelisting much different than traditional whitelisting like AppLocker © 2012 Monterey Technology Group Inc.
  • 19. Brought to you by www.lumension.com Speaker  Chris Merritt –
  • 20. Defense-in-Depth Security Keeps Bot Herders Off Your Servers Chris Merritt Director of Solution Marketing Lumension source: http://commons.wikimedia.org/wiki/File:Botnet.svg
  • 21. Defense-in-Depth Against Server Threats Known Unknown Unwanted, Application Config. Physical Malware Malware Unlicensed, Vulns Vulns Infiltration Unsupported Applications AntiVirus X X Application Control X X X Patch & Remediation X X Security Configuration X Management Device Control X
  • 22. Lumension® Endpoint Management and Security Suite Total Endpoint Protection Endpoint Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Endpoint Operations Endpoint Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Power Management Lumension® Disk Encryption Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
  • 23. Lumension® Endpoint Management and Security Suite Total Endpoint Protection for Servers Server Reporting Services Lumension® Patch and Remediation Lumension® AntiVirus Server Operations Server Security Lumension® Content Wizard Lumension® Application Control Lumension® Configuration Mgmt. Lumension® Device Control Lumension® Endpoint Management Platform Single Server | Single Console | Scalable Architecture | Single, Modular Agent
  • 24. Lumension® Patch and Remediation Comprehensive and Secure Patch Management Endpoint Operations  Provides rapid, accurate and secure patch and configuration management for applications and Endpoint Operations Lumension® Patch and Remediation operating systems: Lumension® Content Wizard • Comprehensive support for multiple OS types (Windows, *nix, Apple), native applications, and Lumension® Configuration Mgmt. 3rd party applications Lumension® Power Management • Streamline and centralize management of heterogeneous environments • Visibility and control of all online or offline endpoints • Elevate security posture and proactively reduce risk • Save time and cost through automation
  • 25. Lumension® Content Wizard Cost-Effectively Streamline Endpoint Management Endpoint Operations  Simple, wizard-based policy creation and baseline enforcement – without add’l tools: Endpoint Operations Lumension® Patch and Remediation • Patch Creation Lumension® Content Wizard • Software Installs and Uninstalls Lumension® Configuration Mgmt. • Windows Security Policies Lumension® Power Management • Power Management Policies • NEW! Windows Firewall Policies
  • 26. Lumension® Security Configuration Mgmt. Prevent Configuration Drift and Ensure Policy Compliance Endpoint Operations  Ensure that endpoint operating systems and applications are securely configured and in compliance Endpoint Operations Lumension® Patch and Remediation with industry best practices and regulatory standards: Lumension® Content Wizard • Security Configuration Management • Out-of-the-box Checklist Templates Lumension® Configuration Mgmt. • NIST Validated Solution Lumension® Power Management • Continuous Policy Assessment and Enforcement • Based on Open Standards for Easy Customization • Security Configuration and Posture Reporting
  • 27. Lumension® AntiVirus Multilayered Protection Against Malware  Based on proven technology from industry Endpoint Security leader providing complete protection against known and unknown malware Lumension® AntiVirus Endpoint Security including viruses, worms, Trojans, spyware, Lumension® Application Control adware and more Lumension® Device Control  Includes a breadth of analysis techniques from traditional signature matching to Lumension® Disk Encryption behavioral analysis to effectively protect against zero-day and evolving threats: • Antivirus (AV) protection (full signature matching) • DNA Matching (partial signature matching) • SandBox (behavioral analysis in an emulated environment) • Exploit Detection (find hidden/embedded malware)  VB100 certified by VirusBulletin 2
  • 28. Lumension® Application Contro Proactive Protection Against Malware and More  Effective Endpoint Security: Block known Endpoint Security and unknown malware without signatures, and prevent exploitation of Lumension® AntiVirus Endpoint Security application / configuration vulnerabilities Lumension® Application Control  Control the Unwanted: Real-time view of Lumension® Device Control all application inventory, ensuring only approved software is allowed to run, and Lumension® Disk Encryption denying / removing all unwanted applications  Control the Unknown: Enforce, log and audit all endpoint application change while controlling end-users with Local Admin rights  Flexible and Easy-To-Use: Unified solution workflow via single console with flexible trusted change management policy
  • 29. Lumension® Device Control Policy-Based Data Protection and Encryption  Protect Data from Loss or Theft: Endpoint Security Centrally enforce usage policies of all endpoint ports and for all removable Lumension® AntiVirus Endpoint Security devices / media. Lumension® Application Control  Increase Data Security: Define forced Lumension® Device Control encryption policy for data flows onto removable devices / media. Flexible Lumension® Disk Encryption exception management.  Improve Compliance: Centrally encrypt removable devices / media to ensure data cannot be accessed if they are lost or stolen.  Continuous Audit Readiness: Monitor all device usage and data transfers. Track all transferred files and content. Report on all data policy compliance and violations.
  • 30. Next Steps Free Tools  http://www.lumension.com/Resources/Premium-Security-Tools.aspx  Application Scanner – see what applications are running on your servers  Device Scanner – see what removable devices are being used  Vulnerability Scanner – see what your OS / application risks are Whitepapers  Endpoint Management and Security Buyers Guide • http://www.lumension.com/Resources/WhitePapers/ Endpoint-Management-and-Security-Buyers-Guide.aspx Free Evaluation  http://www.lumension.com/ endpoint-management-security-suite/free-trial.aspx 30
  • 31. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com