Presentation is loading. Please wait.

Presentation is loading. Please wait.

Endpoint and DataCenter Security

Published byThomasina Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Endpoint and DataCenter Security"— Presentation transcript:

1 Endpoint and DataCenter Security
February 8th, 2017 Endpoint and DataCenter Security

2 The Security Market Today

3 Cyber Attacks on the Rise
2016 ransomware attacks increased by 16% over the previous year.* Today’s exploit kits simplify cyber attacks for even inexperienced hackers. The top 10 known vulnerabilities account for 85 percent of successful exploits.* Many vulnerabilities remain open because security patches were never implemented. Threat 2016 2015 Increase Malware 52% 43% 9% Phishing 51% 44% 7% Attacks to steal financial information 45% 33% 12% Attacks to steal intellectual property/data 42% 30% EY Global Information Security Survey *Verizon 2016 DBIR Ransomware has evolved from a simple scary hack to enterprise-grade, nearly unbeatable malware that holds computers hostage and locks down entire systems. And this imminent threat to organizations shows no signs of slowing down. According to FBI estimates, criminals collected $209 million in revenue in the first quarter of 2016, and that number could exceed $1 billion by year end. (Source: And the Verizon RISK team found that ransomware attacks increased by 16 percent over 2015 findings. (Source: Verizon 2016 Data Breach Investigations Report [DBIR].) All top cybersecurity threats, including malware, phishing, and cyber attacks to steal financial information and intellectual property or data, are on the rise. (Source: the EY’s Global Information Security Survey ) In the U.S. alone, there were a total of 501 publicly disclosed data breaches in 2016—nearly twice that of the 266 recorded in (Source: Privacy Rights Clearinghouse.) The uptick is in no small part due to how much easier it is to take up the mantle of cyber attacker. Today’s exploit kits, for example, simplify cyber attacks for even inexperienced hackers. These malicious toolkits come with pre-written exploit code and require no knowledge of how it works. Often a simple web interface allows licensed users to log in and view active victims and statistics. These kits may even include a support period and updates, much like legal commercial software. Many existing vulnerabilities remain open primarily because security patches that have long been available were never implemented. In 2015 the Verizon RISK team found that many of those vulnerabilities could be traced to (Source: 2015 DBIR.) The top 10 known vulnerabilities account for 85 percent of successful exploits. (Source: 2016 DBIR.)

4 User-Targeted Attacks
30% Up from 23% and 11%, respectively, in 2015 of recipients open phishing messages, and 12% click on attachments. Verizon 2016 Data Breach Investigations Report Users with their many devices are falling victim to phishing and other user-targeted attacks at alarming rates. According to the Verizon RISK team, 30 percent of phishing messages were opened—up from 23 percent in 2015—and in 12 percent of those events users clicked to open the malicious attachment or nefarious link. (Source: Verizon 2016 DBIR.) The 2016 DBIR highlights the rise of a three-pronged phishing attack: The user receives a phishing with a malicious attachment or a link pointing to a malicious website. The user downloads malware, which attackers can use to look for secrets and internal information, steal credentials to multiple applications through key logging, or encrypt files for ransom. Attackers can also use stolen credentials for further attacks: for example, to log into third-party websites like banking or retail sites.

5 Love this comic. Really hits home on the reality of end users being the weakest link.
Phishing is all about social engineering. Attackers can get off the shelf exploits and even exploits as a service (Ransomware as a Service as an example). Getting into a company is really more of a simple math problem at that point. No matter how many users will not fall prey to phishing scams you will, inevitably, find one who does fall prey. Based on the stats from the previous page 1 in 10 users are pretty much guranteed to click on the attachment in a phishing scam. This means I need 10 addresses for your company and I am guaranteed a 90% or better chance of launching my malicious payload.

6 User-Targeted Attacks
91% Of Cyberattacks Start With A Phishing PhishMe 2016 Enterprise Phishing Susceptibility and Resiliency Report Users with their many devices are falling victim to phishing and other user-targeted attacks at alarming rates. According to the Verizon RISK team, 30 percent of phishing messages were opened—up from 23 percent in 2015—and in 12 percent of those events users clicked to open the malicious attachment or nefarious link. (Source: Verizon 2016 DBIR.) The 2016 DBIR highlights the rise of a three-pronged phishing attack: The user receives a phishing with a malicious attachment or a link pointing to a malicious website. The user downloads malware, which attackers can use to look for secrets and internal information, steal credentials to multiple applications through key logging, or encrypt files for ransom. Attackers can also use stolen credentials for further attacks: for example, to log into third-party websites like banking or retail sites.

7 50% of vulnerabilities exploited occur within 2-4 weeks of release of an update
90% of vulnerabilities exploited occur by days of software release The average enterprise can take up to 120 days to deploy vendor updates Breaches are on an exponential growth curve. POS Breaches Timeline from OpenDNS Security Labs According to the Verizon 2015 Breach Report, 50 percent of vulnerabilities that will be exploited are exploited in two–four weeks of release of an update from the vendor. One of the contributors to the Verizon Breach Report, Kenna Security, released an additional report that goes further out and shows that 90 percent of vulnerabilities that will be exploited are exploited within 40–60 days of an update being made available from the vendor. They go on to discuss that many enterprises struggle to release updates within 120 days. Off-the-shelf exploit kits are a competitive product market in today’s dark web hacking services markets and the number of products and increase in features they provide coincide with the drastic increase in breaches we have seen since 2012.

8 his template uses the same color palette as the most recent Master Deck, enabling you to copy slides directly from the Master Deck. IBM was #1 on the list for They fell down to #7 in 2015. So this all started with speculation that Windows 10 was contributing to the increase in Microsoft spike in vulnerabilities for the year. Well Windows 10 was only at a count of 53 for the year. Compared to the other Windows OSs it is falling in pretty close to where you would expect which is a 1/3rd to ½ the count since it came out a little more than half way through the year. The Edge browser had only 29, which with the promise that it is more secure make sense. Much of what makes IE vulnerable has been stripped out or locked down tight in Edge. So theory disproved.

9 Vendor 2016 place CVE Count 2015 Place CVE Count
Oracle Google Adobe Microsoft Novell IBM Cisco Apple Debian Canonical Redhat Linux Mozilla Fedora HP

10 Top Vulnerable Products 2016
Android OS Debian Ubuntu Flash Player Leap Opensuse Acrobat Reader DC 227 Acrobat DC Linux Kernel 216 Mac OS X Product place cve count 2015 place cve count Android OS Debian Linux Ubuntu Linux Flash Player Leap Opensuse Acrobat Reader DC Acrobat DC Acrobat Linux Kernel Mac OS X Acrobat Reader Windows Chrome iPhone OS

11 Top Vulnerable Browsers 2016
Chrome Edge Firefox Internet Explorer 129 Safari Browser 2016 Place CVE Count 2015 Place CVE Count Chrome Edge Firefox Internet Explorer Safari

12 Going Phishing like its 1999!
I've been hacking into our customers' networks for 16 years, and I have a dirty little secret to share with you: To break into an enterprise network today, you can still follow the exact same process as you did in 1999. CEO of ACROS Security Find a public exploit for a vulnerability that is less than four months old; Tailor the exploit to work with your remote administration tool; Mutate the exploit until VirusTotal doesn't recognize it (mind you, there was no VirusTotal in 1999, so you had to install antivirus locally); and Phish users in the enterprise until you're in. The surface attack area has expanded, the network boundaries have broken down, we have relaxed security controls to enable end users, which as a result has seen an increase in malware, ransomware, breaches, and more.

13 Fileless attacks are all the rage!
33% In Q4 of 2016, there was a rise in severe non-malware attacks compared to Q1. “EPP buyers should look for vendors that focus on memory exploit protection, script analysis and behavior indicators of compromise.” Gartner EPP MQ, Jan 2017 Fileless attacks - Stat taken from Carbon Black

14 Definition: User Targeted
The weakest link Definition: User Targeted A vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability. The end user is the easiest and quickest way to get into any corporate network. An attacker would rather have someone open the door for them rather than find a way to pick the lock, so to speak. The diagram shows Microsoft releases for 2016, total bulletins released each month and how many addressed vulnerabilities that could target an end user. You need patching to plug the vulnerabilities you can to reduce the surface attack area. Application control capabilities compliment this by defending against zero days, fileless attacks, memory injection, and for vulnerabilities you could not patch because of an exception or limitation of the environment.

15 Privilege Management Reduces Impact:
Mitigate Impact Privilege Management Reduces Impact: A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. We live in a day and age where enabling the end user is required. This has caused an unhealthy shift toward granting users full admin rights on their systems allowing them to do anything they want\need to get their job done. This also opens up more potential for the attacker. The diagram here shows 2016 total bulletins from Microsoft and those that if the user were running less than full admin, could have reduced impact if exploited. This means that nearly 1\3rd of bulletins could reduce or slow the attackers ability to pivot and move on to the next system if we could reduce the user access to less than a full admin.

16 Ivanti Security Strategy

17 Critical Security Controls (CSC)
The Center for Internet Security Critical Security Controls ensure a more secure environment. Prioritized list of focused actions Compliant with all industry and government security requirements Based on experience with actual attacks Block initial compromises and detect compromised devices Many security frameworks and if you cross reference what they are all recommending you come back to many of the basic security controls we have had for years. So what makes these frameworks so important and if these security controls have been around for years, why have they not been effective?

18 Unfocused security strategies lead to Expense in Depth.
Using frameworks like these lets you focus your security strategy to ensure Defense in Depth rather Expense in Depth. If you go to security shows like RSA you find many new companies every year and a lot of products focused almost entirely on a single thing. Building a strategy on these single feature silver bullet technologies can get costly very quick. Using a framework and finding solutions that can address many of the requirements then filling in with point solutions where you see the greatest threats will help you reduce costs while getting the Defense in Depth strategy you desire. Unified Threat Management Data Loss Prevention Two-factor Authentication Next-Generation Firewall Intrusion Prevention System Containerization Configuration Management Web Proxy Wireless Intrusion Detection System Passive Vulnerability Scanner Network Analysis and Visibility Software Inventory Tools Encryption Mobile Device Management Malware Analysis Automated Asset Inventory Discovery Tool Antivirus Blacklisting Configuration Auditing SIM Microvisor Security Application Control Endpoint Analysis File Integrity Monitoring Predictive Threat Modeling Secure File Transfer Threat Intelligence Wireless Intrusion Prevention Whitebox Testing Endpoint Visibility Host Intrusion Prevention Application White Listing Firewall Application Wrapping Data Execution Prevention Just Enough Administration JIT Administration Intrusion Detection Systems Database Activity Monitoring DDoS Mitigation Forensics Continuous Vulnerability Assessment Network Intrusion Prevention Web Application Firewall Network Access Control Antispyware Proxy Vulnerability Scanner Privileged User Monitoring Network Encryption File Activity Monitoring Digital Rights Management Big Data Analytics Sandboxing Patch Management Blockbox Testing Systems Hardening

19 The first 5 controls Inventory of authorized and unauthorized devices
CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly reduce security threats. Inventory of authorized and unauthorized devices Inventory of authorized and unauthorized software Secure configuration Controlled use of administration privileges Continuous vulnerability assessment and remediation The CIS framework has 20 sections. Much of what you do in Cyber Security is an 80/20 effort. You can get 80% of what you need by doing 20% of the framework. As you try to nail down the remaining 20% of risk and exposure you begin spending a lot more time, effort, and money. The CIS framework is built much the same way. The top 5 (or what has been called the Fast 5) delivers layers of defense that, when implemented effectively, can mitigate or eliminate more than 80% of cyber threats.

20 Endpoint Security Vision
Our vision is to operationalize Endpoint Security. By bringing together Security and IT Operations we will create the only closed loop security solution in the market. The most secure user is a well managed user. Protect Detect Respond Understand Challenges: Without good Asset Mgmt there is no single source of truth No Change History Chance of false positives No ability to change the endpoint IT Ops not seeing or understanding Security priorities Slow to respond to threats and security breaches Threats go un noticed Root Cause or troubleshooting not possible Solution Must start with a good foundation Requires a closed-loop solution Must understand the environment and user context Need to protect by hardening the assets Ability to monitor and maintain the user and assets Rapid and automated response to isolate and remediate compromised endpoints Insight and Intelligence across the lifecycle

21 Ecosystem of Security Security Program Management Secure Management
Provide Insight Compliance by Xtraction Active Remediation Take Action Application & Privilege Control Patch & Vulnerability Management Discover Simple Discovery, Pain-free discovery, Ease of use Discovery is the base of everything we do. With security if you don’t know about it you cannot secure it. Provide Insight is another important element to everything we do. If you cannot report on something, if you cannot measure you success you don’t know if it is effective. Take Action is another critical piece of everything we do. If we tell you that you have a million problems it is good to know. If we help you solve those problems as well, that is where the real value is. In blue we start to get into the solutions we provide. Patch Management is the base of our security model. It is often one of the quicker controls to implement and gets you a lot of value very quickly. By patching the OS and Applications you can start to significantly reduce the surface attack area of your environment from the endpoints to the data center. Application Control and Privilege Management start to layer on additional defenses. These security controls are traditionally difficult to implement and high cost to maintain, but along with the traditional whitelisting we provide a variety of dynamic whitelisting capabilities like our Trusted Owner and Trusted Vendor polices and we can provide the ability to reduce a user to less than an admin and elevate the critical applications and tasks they need or take a full admin and restrict the items that they should not have access to. Just in Time and Just Enough Administration. The Secure Management tier is our EndPoint Security solutions. Along with our industry leading preventative measures we can provide a full EPP suite including integration with leading Threat vendors such as Kaspersky and Bitdefender, memory injection protection, Device Control and much more. Finally, Secure Program Management is where we span into other Ivanti disciplines like our Service Management and Asset Management solutions to provide security as a discipline across the organization.

22 Security Controls\Security Disciplines
Security Program Management CSC CIS Controls, Secure Incident Management, Change Management (GRC/Oversight), Secure Event Management, Risk Management, Problem Management, Information System Inventory, Plan of Action Security Management Endpoint security, Insider threat program, Threat Awareness, Media Protection, Remote Control, Security Diagnostics Compliance by Xtraction Provide Insight Active Remediation Take Action Application & Privilege Control DevOps Orchestration, 85% of vulnerabilities can be prevented, ransomware, Locked down kiosk modes, Just in time administration, just enough administration, Whitelisting, Blacklisting, Trusted ownership, app reputation, Software Restriction Policies (SRP), What do we do when you can’t patch? Patch & Vulnerability Management Zero-Day Patch, Preventative Maintenance, #1 Attack Vector, Cyber-threats, Preventative Cyber maintenance, 3rd Party Vulnerability risk, Agentless, Virtualization, Vulnerability integration, Cumulative update patch problem. Discover Simple Discovery, Pain-free discovery, Ease of use Value and capabilities at each tier

23 Our defense-in-depth solutions
Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Patch and secure the Operating Systems and third-party apps that patching can secure and manage. Prevent all other apps from running while practicing the principles of least privilege. Add advanced anti-malware and next-generation AV capabilities, device control, and global policy for all devices. Marry security capabilities with workflows and asset management processes to complete a secure lifecycle. Patch management Vulnerability management Application control Privilege management Device control Anti-malware Threat alerting Asset management Service management Secure configuration management

24 Our defense-in-depth products
Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Ivanti Patch for Endpoints Ivanti Patch for Servers Ivanti Patch for SCCM Ivanti Application Control for Endpoints Ivanti Application Control for Servers Ivanti Application control for SCCM Ivanti Endpoint Security Ivanti Server Security Ivanti Service Manager Ivanti Asset Manager

25 Thank you

Download ppt "Endpoint and DataCenter Security"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.

Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Why SIEM – Why Security Intelligence??

Why SIEM – Why Security Intelligence??
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Common System Exploits Tom Chothia Computer Security, Lecture 17.

Common System Exploits Tom Chothia Computer Security, Lecture 17.
Endpoint and DataCenter Security

Endpoint and DataCenter Security
Protect your Digital Enterprise

Protect your Digital Enterprise
Your Partner for Superior Cybersecurity

Your Partner for Superior Cybersecurity
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
Your Partner for Superior Cybersecurity

Your Partner for Superior Cybersecurity

Similar presentations

Ads by Google