Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patching 3rd Party Apps in SCCM & Much More!

Published byAnnice Annabella Craig Modified over 6 years ago

Similar presentations

Presentation on theme: "Patching 3rd Party Apps in SCCM & Much More!"— Presentation transcript:

1 Patching 3rd Party Apps in SCCM & Much More!
Defeating Ransomware Patching 3rd Party Apps in SCCM & Much More! Duncan McAlynn Sr. Solution Specialist HEAT Software

2 Duncan McAlynn HEAT Software Twitter Handle dmc_heat
Awards, accomplishments, etc. 6x MVP, CISSP, MCSE, MCSA, MCITP Experience 20yrs SMS/SCCM Consulting Favorite something; e.g., food Guns, BBQ, Kayaking & Photography @dmc_heat

3 Advisory from MMS Staff:
“Start off with a splash if you can.  Hit a demo as early on or show an exciting end-state as an enticement if you can” @dmc_heat

4 Need a hashtag? #makes_IThappen! @dmc_heat

5 Randsomware An introduction @dmc_heat

6 Randsomware is not new! Trivia question:
When did we see the first ransomware? @dmc_heat

7 Randsomware is not new! Trivia question:
When did we see the first ransomware? Answer: AIDS/PC Cyborg 1989! @dmc_heat

8

9 @dmc_heat

10 Ransom32 Cryptowall Cryptolocker JIGSAW SAMSAM MAKTUB Locker Tox
Reveton Maktu Blocker Dogstectus JIGSAW CERBER Rokku KeRanger Cryptowall Petya Tesla Crypt Locky Radamant Samas @dmc_heat

11 Ransomware Delivery Channels & Mechanics @dmc_heat

12 Drive-By Delivery Channel Example
User visits a website using Internet Explorer (user agent string) User has a vulnerable plug-in installed like Adobe Flash or MSFT Silverlight Infected website (or ad network) uses Angler to deliver ransomware and execute it on the user’s machine Not opening malicious files Not falling for phishing attacks The user has simply visited a website! ALL IT REQUIRES IS HAVING A VULNERABLE PLUG-IN ON THE MACHINE! @dmc_heat

13 Example: Adobe Security Advisory
@dmc_heat

14 Ransomware The Impact @dmc_heat

15 Tweksbury, MA Police Department
“The cyberattack on Tewksbury police proved so sophisticated that specialists from federal and state law enforcement agencies — plus two private Internet security firms — could not unscramble the corrupted files. After five days of desperate efforts to unlock it, Tewksbury police decided to pay the anonymous hacker the $500.” – Boston Globe @dmc_heat

16 Hollywood Presbyterian Medical Center
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” [Chief Executive Allen Stefanek] said. “In the best interest of restoring normal operations, we did this.” – Los Angeles Times @dmc_heat

17 Ransomware Defensive Measures @dmc_heat

18 Defensive Measures Backups & Recovery
What if you backup encrypted files? Backups can be overwritten by encrypted files Version backups and rotation strategy How many do you have? How long will it take? Can you restore to normal? Can you retrieve the one that is pre- ransomware? Be cautious of VSS/Veeam backups Disconnect USB-based devices after backup @dmc_heat

19 Defensive Measures Anti-Virus Required but not the magic bullet
Vendors are always playing catch up Easy to change signature But becoming more behavioral-based Use recommended exclusions list for Microsoft server products: contents/articles/953.microsoft-anti- virus-exclusion-list.aspx EICAR Test File @dmc_heat

20 Defensive Measures Other approaches Application whitelisting
Device control Advanced Windows features @dmc_heat

21 Defensive Measures (Con’t)
Use Least Required Privileges Limit Network Drive Access Keep OS, Office, IE up-to-date with Windows Update or SCCM/WSUS Include 3rd Party Updates without Exception

22 Defensive Measures (Con’t)
Use Least Required Privileges Limit Network Drive Access Keep OS, Office, IE up-to-date with Windows Update or SCCM/WSUS Include 3rd Party Updates without Exception

23 MS Security Bulletins (Comparative)
Missing the Forest for the Trees Microsoft vulnerability share: 15.31% 2015 6.43% 2014 9.83% 2013

24 What’s The Solution? Frankly, there isn’t one. But, let’s
#makes*IThappen anyhow!

25 Just like Defense-in-Depth… Multi-Pronged Approach

26 Combine Native, MSFT/Community Add-Ons with 3rd Party Solutions

27 SCCM, Microsoft Security Compliance Manager, & HEAT Software PatchLink
(With a couple tidbits thrown in for good measure!)

28 Summary

29 And Then …

30

Download ppt "Patching 3rd Party Apps in SCCM & Much More!"

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
The Strickland Group Founded in 2001 25 employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.

The Strickland Group Founded in employees Information Technology consulting – Software Development – HelpDesk Support – Network Infrastructure.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.

A Growing Threat Debbie Russ 1/28/2015. What is Ransomware? A type of malware which restricts access to the computer system that it infects, and demands.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
Vulnerabilities in Operating Systems Michael Gaydeski COSC 432 8 December 2008.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Www.spiceworks.com. www.gntsolutions.com R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING EMAIL CAMPAIGNS,

R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Presented by Martin Šimek Ransomware, Internet of Things and Botnets vs. Control.

Presented by Martin Šimek Ransomware, Internet of Things and Botnets vs. Control.
Understanding and breaking the cyber kill chain

Understanding and breaking the cyber kill chain
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC

Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Windows Tutorial 5 Protecting Your Computer

Windows Tutorial 5 Protecting Your Computer
UNM Encryption Services in Development

UNM Encryption Services in Development
Chapter 40 Internet Security.

Chapter 40 Internet Security.
WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware
Ransomware Guidance For Health Centers

Ransomware Guidance For Health Centers
Security Threats in the Information Age

Security Threats in the Information Age

Similar presentations

Ads by Google