Trusteer Apex: Advanced Malware Protection
|
|
- Thomas Gallagher
- 7 years ago
- Views:
Transcription
1 Trusteer Apex: Advanced Malware Protection Technical White Paper
2 Table of Contents Executive Summary 3 Trusteer Apex: Next Generation Advanced Malware Protection 4 Stateful Application Control: Validating the Application State 4 Stopping Zero-Day Application Exploits 4 Stopping Data Exfiltration 6 Protecting Enterprise Credentials from Compromise and Theft 8 Anti-Keylogging 8 Phishing Protection 8 Enterprise Credentials Reuse Prevention in Public/Consumer Websites 8 Transparent With No Impact on End User Experience or Productivity 9 Simplified Management with Minimal IT Overhead 10 Automated Application State Whitelist Management 10 Ad-Hoc Security Content Updates 10 Web-Based Management Application 10 Flexible Deployment Options 11 Enterprise Controlled Deployment for Managed Devices 11 On-Demand Deployment for Unmanaged Devices 11 Conclusion 12 Appendix A: The RSA Breach: Anatomy of a Targeted Attack 13 Appendix B: The Challenge of Stopping APTs, Targeted Attacks and Advanced Malware 14 Application Vulnerabilities Persist 14 Unmanaged Endpoints Enter the Enterprise 14 Blacklisting Technologies Can t Keep Up with New Malware Strains 14 Application Control and Whitelisting is Difficult to Deploy and Manage 14 Trusteer Apex: Advanced Malware Protection 2
3 Executive Summary Information is the new currency of the 21 st century. From trade information and financial data to new product designs and government secrets; it s being relentlessly pursued by cybercriminals and nation states. To enable information-stealing attacks, cybercriminals focus on a serious weakness in the enterprise defenses: unpatched or zero-day endpoint application vulnerabilities. Attackers use weaponized documents and malicious web content to exploit vulnerabilities in widely-deployed Internet-facing applications like the browsers, Acrobat Reader, Adobe Flash, Java and Microsoft Office products. By exploiting application vulnerabilities, cybercriminals can infect employee endpoints with malware and establish a foothold in the enterprise network 1. To address the inability of blacklisting solutions (like Anti-Virus) to address zero-day attacks, a new approach has emerged: Application Control that doesn t rely on detecting specific threats. Instead it 2 restricts file execution by either allowing only good application files to execute, or by sandboxing untrusted applications in runtime. However, managing the full list of all trusted files has proven very difficult. Restricting application execution to a sandbox can cause usability problems and impact end user productivity. As a result, the deployment of Application Control is often limited to 2 a small subset of static endpoints, exposing unprotected endpoints to the risk of compromise. Trusteer Apex introduces a new approach: Stateful Application Control. This approach delivers the stopping power of application control with no management overhead and no impact to the end user experience. By analyzing what the application is doing (a sensitive operation) and why it is doing it (application state), Trusteer Apex can automatically and accurately determine if an application action is legitimate or malicious. This transparent, automated protection enables customers to rapidly deploy Trusteer Apex, at scale, to protect all enterprise endpoints. This document discusses Stateful Application Control, the technology at the core of Trusteer Apex - how it is automatically sustained by Trusteer and the deployment options available for managed and unmanaged devices. 1 See Appendix A: the story of the 2011 RSA Breach 2 See Appendix B: The Challenge of Stopping APTs, Targeted Attacks and Advanced malware for an overview of trends, risk factors and technology gaps that impact enterprise ability to address these emerging threats. Trusteer Apex: Advanced Malware Protection 3
4 Trusteer Apex: Next Generation Advanced Malware Protection Stateful Application Control: Validating the Application State Trusteer Apex introduces Stateful Application Control - its next-generation malware protection approach for stopping advanced malware. Stateful Application Control. By analyzing what the application is doing (operation) and why it is doing it (the context can be analyzed from the application state), Trusteer Apex can automatically and accurately determine if an application action is legitimate or malicious. Trusteer s Stateful Application Control enables automated enterprise malware protection that maximizes security while simplifying deployment and minimizing management overhead. Trusteer Apex monitors the state of the application the memory state and other kernel level processes at the time the application performs a sensitive operation, like writing a file to the file system, or opening an external communication channel. Validates the application state against approved legitimate application states. Trusteer created a map of legitimate application states, based on research performed on tens of millions of protected endpoints. Trusteer s research group has analyzed these endpoints platforms and targeted applications, and concluded that when an application executes a legitimate sensitive operation (like writing a file to the file system) its state is consistent. By examining the Application State at the time a sensitive operation is executed, it is possible to understand the context in which the application is operating and determine if the sensitive operation is legitimate or not. Stopping Zero-Day Application Exploits Cybercriminals target vulnerabilities in widely-deployed, Internet-facing applications that process external content such as web pages and documents. Such applications include: Browsers that render HTML pages and execute Javascript code Adobe Acrobat Reader that renders PDF files which often embed executable code Adobe Flash that runs ActionScript code Java virtual machine that executes Java applets Microsoft Office applications like Excel, Word and PowerPoint that run macros In order to infect the endpoint with malware, an attacker will create weaponized content (a malicious PDF, Web page etc.) that contains an exploit: a piece of embedded code that takes advantage of a vulnerability in order to cause unintended application behavior. The weaponized content can be delivered to the user by attaching it to a spear-phishing (a specially crafted designed to target the user), including a link to a site that contains the exploit in an or Instant Messenger (IM) or even by placing it as an advertisement on a trusted site. Trusteer Apex: Advanced Malware Protection 4
5 When the user requests to view the content, the targeted application processes the weaponized content and the embedded exploit uses the vulnerability to alter the application s behavior and download a malicious file (dropper or malware) to the file system. Distinguishing between a legitimate application file download (for example, as a result of a user-initiated save-as ) and a malicious exploitation process file download is download is extremely difficult. Trusteer Apex protects targeted applications from exploitation by validating the application state at the time the file is downloaded and executed. A legitimate application state is created by known authorized application operations. Figure 1: Allow application operations with a legitimate application state Trusteer Apex executes at the kernel level and is triggered to analyze the application memory state when sensitive operations take place. If the application registers a file to the file system under a legitimate state the file will be allowed to execute. However, if the file is registered as a result of an exploit, creating an unknown application state, the operation will be considered out-of-context. In this case the downloaded file will not be allowed to execute on the endpoint. Because Trusteer Apex uses Stateful Application Control, it doesn t matter if the exploit code is new or if it exploits a known or unknown, zero-day vulnerability. Nor does it matter how the exploit is delivered: through a drive-by download or a weaponized document. As soon as the exploit tries to execute, Trusteer Apex will identify the unknown application state, preventing a downloaded dropper or malware from executing. Trusteer Apex: Advanced Malware Protection 5
6 Figure 2: Stop application actions with unknown state Unlike whitelisting solutions which list all trusted files, Trusteer Apex uses legitimate application states of Internet-facing exploited applications. Because these applications have very few legitimate states in which they are allowed to perform sensitive operations, and these states are fairly static (do not change often, not even when the application is patched or upgraded to a new version), managing the Application State updates is a task that is owned by Trusteer. Trusteer manages the updates for all of its customers. When a new legitimate state is created, Trusteer automatically adds the new application state and sends the update to all protected endpoints. Stopping Data Exfiltration By stopping application exploits, Trusteer Apex prevents the majority of malware infections. But infections can also occur through means other than application exploits. Once advanced information-stealing malware establishes a foothold on the end user machine, it attempts to communicate with a command and control center (C&C) to register and receive further instructions from its operator. While it is possible for the malware to open a direct communication channel to connect to the Internet, this type of communication channel is highly visible and easily detected by endpoint security controls (personal firewalls, proxies, etc.). To evade detection by endpoint security controls, advanced malware will try to hide the communication in other legitimate communication channels, making it look as if it is coming from an application process that is allowed to generate network traffic (for example, a browser process). The malware will compromise the legitimate process and use it as a container for the malicious code. To do that, the malware will start a new legitimate process like an Internet Explorer browser process on the system. At launch, the malware suspends the process, injects code into the process, Trusteer Apex: Advanced Malware Protection 6
7 replacing the legitimate code with malicious code, and then resumes the process. The malware uses this compromised process to hide its communication channel and register with the C&C server. To the operating system this still looks like an Internet Explorer process is opening a legitimate communication channel. You can even see this compromised Internet Explorer process in the Windows Task Manager and it appears normal. However, if you look at the employee s desktop you will see that there is no user interface for this browser process. Trusteer Apex prevents malware from opening direct external communication channels, and from compromising other processes to hide its external communications. To do this, Trusteer Apex applies a set of rules to determine that an executable is suspicious. These rules take into account various file heuristics, including, but not limited to, the file s author, location in the file system, age, entropy level and more. Trusteer Apex monitors sensitive operations at the kernel level. If it detects that a suspicious file is attempting to execute a sensitive operation, like opening a direct communication channel, or attempting to compromise another process, it will block these operations. In rare cases, Trusteer Apex may determine that an unknown legitimate file is suspicious and prevent it from using external communication channels. This can happen, for example, when an organization develops custom applications which need to communicate with external sources. To eliminate false-positives, administrators can apply exception handling for such applications, enabling them to execute on the endpoint and open communication channels. This unusual situation is typically discovered and addressed during product evaluation. Figure 3: Blocking a suspicious executable that creates an unapproved data exfiltration state Trusteer Apex: Advanced Malware Protection 7
8 Protecting Enterprise Credentials from Compromise and Theft Cybercriminals are using phishing schemes and malware to steal credentials that would enable them to access enterprise systems and networks. Trusteer Apex includes specific measures to protect enterprise credentials: Anti-Keylogging Keylogging malware captures the user keystrokes when the user enters his/her credentials to log into corporate web applications like SSL VPN, Outlook Web Access, CRM and more. If compromised, such credentials can allow cybercriminals to access enterprise networks and data without being detected. To prevent keylogging malware from capturing user credentials, Trusteer Apex encrypts the user keystrokes at the keyboard driver and decrypts them as they are fed into the application input field. This makes the captured keystrokes unreadable and unusable. Phishing Protection Cybercriminals use spear-phishing s to manipulate users to surrender credentials and other sensitive information on fraudulent websites (a.k.a. phishing sites). Such an is designed to look as if it was sent by a trusted source, and typically requests the user to log into a fake corporate web application in order to verify his/her information or approve a request. The webpage will appear legitimate as well, but in fact, it is not. Cybercriminals will collect the credentials entered by the user and use them to access enterprise applications and networks. Trusteer Apex stops phishing attacks by validating that users are entering enterprise credentials only to pre-approved enterprise web applications. Trusteer validates that the webpage URL is in fact a corporate web application. If the URL is not pre-approved, Trusteer Apex will not allow the user to submit his/her credentials. Enterprise Credentials Reuse Prevention in Public/Consumer Websites Many people like to reuse passwords because it makes their life easier with less passwords to remember. However, password reuse across public and enterprise websites represents a significant risk to enterprises. In recent years cybercriminals have hacked into many public websites extracting the complete user database, including user credentials. They have then used these stolen credentials to log into other websites and applications. Stolen credentials were used, for example, to log into Best Buy accounts that keep a credit card on file and steal hundreds of dollars in gift cards. If enterprise passwords are exposed by such hacks, they can provide cybercriminals access to enterprise applications and networks. Trusteer Apex: Advanced Malware Protection 8
9 To prevent users from reusing enterprise passwords 3 on public (non-enterprise) websites, Trusteer Apex validates that enterprise passwords are used only for logging into approved enterprise application login pages. If the user attempts to submit the same credentials to other sites, Trusteer Apex will alert IT security or block the access. Figure 4: Protecting enterprise credentials Transparent With No Impact on End User Experience or Productivity Trusteer Apex is designed to transparently prevent application exploitation and data exfiltration. It is extensively tested in over millions of endpoints to ensure compatibility with business applications and enterprise security software products. Trusteer Apex protections are conclusive and deterministic, so the user isn t prompted to make decisions (such as allowing/denying access to specific resources) that could create security exposure. 3 Trusteer uses a one-way hash of enterprise passwords which is kept on the endpoint to verify that the password is in fact an enterprise password. This enables protection while preventing password exposure. Trusteer Apex: Advanced Malware Protection 9
10 Simplified Management with Minimal IT Overhead Trusteer Apex Stateful Application Control is designed to maximize security while minimizing IT overhead. It includes several features to enable this: Automated Solution Trusteer Apex Stateful Application Control Engine is easy to manage and maintain because it is based on legitimate application states which are few in number and stable. Trusteer s Stateful Application Control is focused on exploited applications, and maintains a list of legitimate states only for those applications. This makes the list shorter and easier to manage. In addition, research performed on a network of over 30 million protected endpoints has confirmed that these applications rarely change, even when an application is patched or upgraded. When a new legitimate state is detected, Trusteer has an automated process that adds it to the solution. Trusteer manages the Application State updates for all customers, eliminating the need to have specialized IT professionals supporting the creation of custom application states. Ad-Hoc Security Content Updates Trusteer provides automated security content updates based on threat research. Security content updates are special configuration instructions to the Trusteer Apex Stateful Application Control Engine that includes new legitimate application states (for example, when a protected application has a new legitimate way to execute a file in the file system). Content updates are completely transparent and do not cause end-user disruption. The update process requires minimal IT involvement, allowing IT staff to focus on supporting business needs. Web-Based Management Application Trusteer Management Application (TMA) is a secured, web-based reporting and configuration console for Trusteer Apex customers. The TMA allows configuration of multiple security policies that define protection layer settings for enterprise endpoints and applications. IT security staff use the TMA to manage all Trusteer Apex clients and gain insight into the threat landscape. The TMA enables organizations to monitor and manage actionable alerts on malware and phishing attacks as well as monitor endpoint security health. The TMA provides customizable out-of-the-box reports and trend analysis views. Trusteer Apex: Advanced Malware Protection 10
11 Flexible Deployment Options Enterprise Controlled Deployment for Managed Devices Trusteer Apex clients can be deployed on PC, Mac and Remote/Virtual Desktops (e.g. Citrix) using software delivery tools (e.g. Microsoft SMS/SCCM, HP CM). Code updates can be controlled by IT security. Enterprise Pre-deploy with software distribution tools On-demand Deployment for Unmanaged Devices The on-demand deployment option is offered to enforce Trusteer Apex clients on unmanaged devices (BYOC, roaming managed devices and home computers) accessing enterprise resources. When the user accesses a protected web site (such as SSL VPN web page), a code snippet placed on the page during deployment detects the presence of Trusteer Apex on the user s endpoint. If Trusteer Apex isn t present, a splash message offers the user a link to download the Trusteer Apex agent. Following a quick deployment process, the user can proceed to login to the enterprise resource in a secure fashion. BYOC Apex Detection Snippet Customer Web App/Gateway SSL VPN Page, Cloud App Corporate portal, Internal Apps Trusteer Apex: Advanced Malware Protection 11
12 Conclusion Exploitation of endpoint application vulnerabilities will continue to be the main vector for introducing advanced, information-stealing malware into enterprise environments. Compromising employees endpoints is the biggest enabler of APTs and targeted attacks. The steady increase in attack sophistication enables cybercriminals to exploit zero-day vulnerabilities and bypass blacklisting controls. The stealthy nature of the attacks results in successful infiltration into the organization and on-going information exfiltration without the hacked organization knowing the attack is taking place. By stopping exploitation of zero-day and unpatched vulnerabilities, Trusteer Apex prevents endpoint compromise and reduces the risk of APTs and targeted attacks. Stateful Application Control updates and management are Trusteer s way of eliminating the need for the customer to detect, analyze and approve changes to the solution. This addresses the primary inhibitor to application control deployment. Beyond automated management, organizations can easily deploy Trusteer Apex on both managed and unmanaged endpoints (BYOC, remote access) used for accessing enterprise networks and resources. About Trusteer Boston-based Trusteer, an IBM company, is the leading provider of endpoint cybercrime prevention solutions that protect organizations against financial fraud and data breaches. Hundreds of organizations and millions of end users rely on Trusteer to protect their managed and unmanaged endpoints from online threats and advanced information-stealing malware. For more information please visit: Trusteer Apex: Advanced Malware Protection 12
13 Appendix A: The RSA Breach: Anatomy of a Targeted Attack In 2011, a human resources department employee at RSA received an titled 2011 Recruitment Plan. Attached to the was an Excel spreadsheet with a Flash object embedded in it. When the employee opened the spreadsheet, the flash object exploited an Adobe Flash zero-day vulnerability (CVE ) and installed a commercial Remote Access Trojan (RAT) called Poison Ivy on the endpoint. The attackers then harvested credentials and obtained privileged access to the targeted system: an internal database that included the seeds to RSA s two-factor authentication system SecurID, used for strong authentication by many organizations. The stolen information was later used to create the one-time-passwords to gain access and attack defense contractor Lockheed-Martin. The RSA attack and virtually all highly publicized attacks that followed, demonstrate the primary vector for compromising employee endpoints: exploitation of application vulnerabilities. Today, the majority of malware infections are a direct result of known and zero-day vulnerability exploits. Cybercriminals continuously develop new exploits that take advantage of application vulnerabilities to introduce malware and compromise endpoints. Once compromised, cybercriminals gain full control over the endpoint, which enables them to get further access to enterprise data and network resources. Because application exploits are not visible to the endpoint user, it is a very popular method to infect endpoint machines with malware and gain a foothold in the network. Cybercriminals can also use other methods that do not require an application exploit to introduce malware to enterprise endpoints. They can manipulate the user to directly install malware on the endpoint by downloading an executable file from the Internet. It is very difficult to prevent the user from installing untrusted files without restricting all file installations. Solutions which have attempted to do that are hard to manage and maintain in a dynamic environment, and they have significant IT overhead. However, in order to gain control over the endpoint and exfiltrate data, the malware must first open a communication channel with a remote attacker or a command and control server (C&C). The battle against advanced targeted attacks should, therefore, focus on preventing zero-day exploits and data exfiltration. Trusteer Apex: Advanced Malware Protection 13
14 Appendix B: The Challenge of Stopping APTs, Targeted Attacks and Advanced Malware Application Vulnerabilities Persist Despite the growing awareness of the need to develop secure applications, we continuously discover new application vulnerabilities. Attackers are quickly exploiting these unpatched vulnerabilities. There are several challenges that complicate enterprise patch management and as a result, endpoint application patching is always behind. The big investment in education programs trying to teach users how to avoid clicking on untrusted links, or opening malicious attachments, has failed to prevent such incidents. Unmanaged Endpoints Enter the Enterprise The increase in unmanaged endpoint devices driven by BYOC and remote access initiatives has created additional challenges. Because IT can t control software installation on unmanaged endpoints, enforce configuration policies or ensure that the latest patches are deployed, these endpoints pose a significant risk to the enterprise. Blacklisting Technologies Can t Keep Up with New Malware Strains Endpoint controls based on blacklisting technologies that focus on detecting malicious files and behaviors, are by-design a step behind the latest threats. Network controls that try to detect the threat en route to the endpoint, by testing its execution in a virtual sandbox, look for known malicious behaviors and fail to prevent zero-day attacks. And, cybercriminals continue to develop sophisticated evasion techniques that allow malware to bypass security controls and evade detection. Application Control and Whitelisting is Difficult to Deploy and Manage Since blacklisting controls fall short, a new approach has emerged: Application Control, a.k.a. Application Whitelisting, does not rely on detecting known signatures or behaviors. Instead they restrict file execution by either allowing only good application files to execute, or by sandboxing untrusted applications in runtime. The Application Control approach is considered a strong proactive security measure. However, existing Application Control solutions have been operationally challenging. Managing the full list of all known good or trusted files has proven very difficult. Application sandboxing limits end user productivity because data has to eventually leave the sandbox. This requires IT security to define multiple exception policies which are error-prone and could lead to security exposure. As a result, Application Control is being applied to only a subset of endpoints that are relatively static. The deployment requirements have prevented deployment within dynamic, Internet-facing environments, exposing vulnerable endpoints to the risk of potential compromise. A better approach is clearly needed. A next-gen malware protection solution must combine effective security, zero management and simplified deployment that enables organizations to protect both managed and unmanaged devices. Trusteer Apex: Advanced Malware Protection 14
Stepping Up the Battle Against Advanced Threats
Stepping Up the Battle Against Advanced Threats White Paper Table of Contents Introduction 3 Targeting the End Users 4 Phishing and Spear-phishing 4 Watering Hole Attacks 4 The Three Lost Battles 5 User
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationSecuring Your Business s Bank Account
Commercial Banking Customers Securing Your Business s Bank Account Trusteer Rapport Resource Guide For Business Banking January 2014 Table of Contents 1. Introduction 3 Who is Trusteer? 3 2. What is Trusteer
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationEndpoint Business Products Testing Report. Performed by AV-Test GmbH
Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationMeeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationThe evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions
The evolution of virtual endpoint security Comparing vsentry with traditional endpoint virtualization security solutions Executive Summary First generation endpoint virtualization based security solutions
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationThe Next Generation IPS
The Next Generation IPS Comprehensive Defense Against Advanced Persistent Threats Contents Introduction.............................................. 1 What Are Advanced Persistent Threats?.............................
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationAdvanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management
A Websense Brief By Patrick Murray, Senior Director of Product Management Advanced Persistent Threats: From FUD to Facts With Websense, you can stay a step ahead of the threats. From our roots in web filtering,
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationInvincea Advanced Endpoint Protection
SOLUTION OVERVIEW Invincea Advanced Endpoint Protection A next-generation endpoint security solution to defend against advanced threats combining breach prevention, detection, and response The battle to
More informationUnderstanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled
Understanding the Advanced Threat Landscape an MSPs Guide IT Security: Enabled 1.0 Cutting through the APT hype to help your clients prevent, detect and mitigate advanced threats Sophisticated cyber-espionage
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows
ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows Products Details ESET Endpoint Security 6 protects company devices against most current threats. It proactively looks for suspicious activity
More informationCompliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme
Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration
More informationTrusteer Rapport. User Guide. Version 3.5.1307 April 2014
Trusteer Rapport User Guide Version 3.5.1307 April 2014 Contents About this Guide 1 Need More Information about Trusteer Rapport? 1 Sending us Feedback 1 1. What is Trusteer Rapport? 3 Antivirus: A False
More informationSelecting the right cybercrime-prevention solution
IBM Software Thought Leadership White Paper Selecting the right cybercrime-prevention solution Key considerations and best practices for achieving effective, sustainable cybercrime prevention Contents
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationAdvanced Persistent Threats
Advanced Persistent Threats George R Magee~ FCNSA, FCNSP, Fortinet Larry Cushing~ CEO, Unified Technologies Visit us at Booth #11 1 May 27, 2014 2 Threat landscape An Internet Minute 7 7 Fortinet Confidential
More informationPROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: WORKSTATIONS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationSecurity Evaluation CLX.Sentinel
Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationFSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationKeystroke Encryption Technology Explained
Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption
More informationDATA SHEET. What Darktrace Finds
DATA SHEET What Darktrace Finds Darktrace finds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules,
More informationBuyers Guide to Web Protection
Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationPractical Threat Intelligence. with Bromium LAVA
Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationThe Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director sfrei@secunia.com
The Fundamental Failures of End-Point Security Stefan Frei Research Analyst Director sfrei@secunia.com Agenda The Changing Threat Environment Malware Tools & Services Why Cybercriminals Need No 0-Days
More informationKeylogging Identity The Defense System TM. Whitepaper. Legal Club of America 7771 W. Oakland Park Blvd. #217 Sunrise, Florida 33351 www.legalclub.
Keylogging Identity The Defense System TM Whitepaper Legal Club of America 7771 W. Oakland Park Blvd. #217 Sunrise, Florida 33351 www.legalclub.com Summary Keyloggers are a serious security threat that
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationOnline Cash Manager Security Guide
Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More information