IBM Security re-defines enterprise endpoint protection against advanced malware

Transcription

1 IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex Advanced Malware Protection effectively prevents user endpoints from becoming the infiltration point into your organization. Advanced Persistent Threats (APTs) and targeted attacks pose significant risk to enterprise organizations. Adversaries leverage multiple attack vectors to infiltrate the network and gain access to resources and data. These include exploitation of application vulnerabilities to silently infect computers; malicious Java applications which bypass existing security and exploit prevention controls; advanced malware that enables remote access and control of corporate computers; and access to corporate resources using stolen credentials obtained through spear phishing schemes or through third-party breach. To protect against these attacks, organizations are implementing advanced endpoint controls to complement legacy security solutions. However, current advanced controls are point solutions focused on a single threat vector, leaving the organization exposed to other attacks. As a result, organizations are left with the inconvenient choice between accepting significant security gaps and implementing multiple standalone endpoint clients, an operationally untenable option. In addition to these challenges, IT Security organizations face operational challenges which result from the limited availability of highly skilled security professionals needed for implementing and maintaining complex security controls. There is a pressing need for a single enterprise endpoint protection solution that provides multilayered defenses to effectively mitigate the threat vectors, but is also easy to deploy, manage and maintain, and has a low impact on the business.

2 Breaking the cyber attack chain at strategic chokepoints Trusteer Apex Advanced Malware Protection follows the threat lifecycle, applying integrated multi-layered defense to break the cyber attack chain. Through extensive research, IBM has identified specific stages of the cyber attack chain where the attacker has relatively few execution options, which we have termed strategic chokepoints. By tightly controlling these chokepoints at the operating system level, Trusteer Apex breaks the attack chain and effectively prevents the attack. The solution leverages in-depth technical expertise and distinct low level visibility into application execution paths, to apply accurate and effective controls on strategic chokepoints and effectively prevent malicious code execution. This enables Trusteer Apex to provide distinct and powerful protection against both unknown, zero-day threats and known malware, without impacting user productivity. In addition, Trusteer Apex combines defense layers that address other attack stages, strengthening the overall cyber attack chain approach and optimizing the ability to preempt attempts to compromise user endpoints with advanced malware or steal user credentials. Credentials protection Corporate credentials are very valuable to cyber attackers as they provide access to corporate systems. Credentials phishing schemes, which manipulate users to submit their credentials on fake websites have been on the rise. Credentials have also been stolen from breached third-party databases. Trusteer Apex effectively prevents users from exposing their corporate credentials on phishing websites. In addition, the solution helps enterprises enforce corporate password reuse policies by preventing employees from reusing their corporate credentials on non-corporate websites including consumer sites, social networks and more. IBM research shows that 62 percent of exploits target vulnerabilities that have been known for 12 months or longer. 1 Credential Protection Alert and prevent phishing and reuse on non-corporate sites Threat and Risk Reporting Threat central for vulnerability mapping and critical event reporting Advanced Threat Analysis and Turnkey Service Exploit Chain Disruption Prevent infections via exploits Zero-day defense by controlling exploitchain choke point Malware Detection and Mitigation Detection and mitigation of massively distributed APT malware Cloud-based file inspection for detection of legacy threats Lockdown for Java Prevent high-risk actions by malicious Java applications Malicious Communication Prevention Block malware communication Disrupt C&C control Prevent data exfiltration Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud Figure 1: Trusteer Apex multi-layered defense architecture 2

3 Exploit chain disruption Strategic Chokepoint! Exploits, pieces of content embedded in weaponized documents and compromised websites, are designed to exploit vulnerabilities in end user applications, like Java, browsers, document viewers, media players and more. The exploit chain enables the attacker to eventually infect the user endpoint with malware and compromise it. According to the Verizon DBIR , 52 percent of infections result from exploits. IBM Security research mapped out the exploitation and malware delivery flow as a strategic chokepoint. Therefore, by disrupting the exploit chain, Trusteer Apex effectively prevents these stealthy infection attempts. Because this defense layer is not dependent on advanced information about the exploit, the targeted vulnerability, or the malware it is attempting to download, it effectively protects against zero-day exploits as well as exploitation of known, yet unpatched vulnerabilities. Malware detection and mitigation Massively distributed malwares, originally designed for financial fraud, are now used to target non-financial organizations in an APT-style attack. Malware developers have extended the capabilities of malware families like Zeus, SpyEye and Citadel, turning them into sophisticated APT tools which can be used to target organizations. Other legacy threats are still infecting enterprise machines, exposing them to risk. Traditional security controls are no longer enough to protect against these threats. Trusteer Apex provides extensive protection against massively distributed APT malware families and legacy threats: Prevention and mitigation for massively distributed APT malware: Trusteer Apex effectively detects, mitigates and remediates massively distributed malware infections by identifying new and existing installations and removing the threat from the machine. Cloud-based file inspection: Trusteer Apex uses consolidated information from more than 20 antivirus engines to provide legacy protection and prevent known malicious files from executing and compromising the machine. This provides maximal efficacy and operational simplicity, without requiring lengthy signature file update processes that impact network and user productivity. 4% 13% 15% 22% 50% Oracle Java Adobe Reader Browsers Others 96% Applicative exploits Native exploits Figure 2: Exploitation of application vulnerabilities (from survey of 1 million Trusteer customers, December 2013) 5 Figure 3: Total Oracle Java exploits, 2012 to

4 Lockdown for Java Strategic Chokepoint! Java exposes organizations to significant risk as it is among the most targeted software platforms. According to research conducted by Trusteer and IBM X-Force, 50 percent of exploits target Java vulnerabilities. 3 Of these, 96 percent are malicious Java applications that manage to break Java s internal security mechanisms and gain elevated privileges (these are also known as applicative exploits ). 4 Because they operate maliciously inside the Java virtual machine, these attacks easily bypass OS-level controls such as Microsoft EMET, which are blind to such manipulations. Trusteer Apex s Lockdown for Java feature enables the safe use of Java applications while preventing untrusted Java applications from executing high risk actions, such as writing to the file system or making changes to the registry. This helps ensure that legitimate business applications and virtually any Java application which performs non-risky action (such as displays functions) will not be disrupted, while malicious applications will be blocked from causing harm. Malicious communication prevention Strategic Chokepoint! To compromise the endpoint, gain control and exfiltrate data, advanced malware must communicate with the attacker, often through a Command and Control server. Trusteer Apex effectively prevents untrusted files from establishing communication channels outside of the corporate network. As a result, malware cannot register with the Command and Control server or get commands from its operator and, therefore, cannot compromise the machine or enable access to enterprise resources. Endpoint vulnerability report Vulnerable unpatched end user applications expose the enterprise to exploitation risk. The continuous need to apply application patches, in many cases urgent critical patches, puts organizations in a never-ending rat race. And even that is not enough to prevent exploitation of zero-day vulnerabilities for which a patch does not exist. Trusteer Apex s endpoint vulnerability report provides visibility into the enterprise risk posture resulting from vulnerable applications. The report lists installations of vulnerable applications like Java and Adobe Acrobat, describes known vulnerabilities associated with them, and provides further details about each vulnerability. The report enables security professionals to make informed decisions to either patch or remove vulnerable applications (if it is possible to patch or remove them). Turnkey service for optimum security and limited IT overhead Trusteer Apex installs as a software client on user endpoints. The client leverages in-depth visibility to monitor and analyze application behavior at strategic chokepoints and achieve exceptional precision. This results in highly accurate defenses, which significantly reduce operational distractions both to the user and IT help-desk teams. Figure 4: Trusteer Apex s vulnerability report and drill down capabilities 4

5 Trusteer Apex deployments are backed by IBM s security services, which provide ongoing support to customers. IBM s security services help customers deal with emerging threats and security incidents, dramatically boosting the customer s ability to face advanced threats and targeted attacks. Global threat research and dynamic intelligence IBM s research labs and expert team of malware researchers work in cooperation with the IBM X-force team to continuously analyze the latest security threats and targeted attacks. Threat research and intelligence data is based on dynamic security feeds provided by over 100 million protected endpoints around the world. The combined vulnerability database is one of the largest in the industry with over seventy thousand vulnerabilities categorized. Threat research and intelligence is translated into security updates that are automatically sent to protected endpoints. Integration with the wide enterprise security ecosystem Trusteer Apex fills critical gaps in the enterprise security ecosystem, protecting employee endpoints and preventing attackers from infiltrating enterprise networks and resources through compromised user endpoints. As a strategic component of the enterprise security ecosystem, Trusteer Apex is fully integrated with other enterprise security solutions, empowering organizations to streamline security operations, event correlation and forensic analysis efforts. Trusteer Apex offers fully tested integrations with the following solutions: SIEM Integration: Trusteer Apex integrates with leading SIEM solutions, including IBM QRadar, for providing cross-organizations security intelligence and incident forensics. IBM Endpoint Manager: the integration streamlines endpoint security management Palo Alto Networks WildFire: optimize visibility and protection by correlating information about malicious files found on the network with endpoint security events. Why IBM? IBM Security solutions are trusted by organizations worldwide for fraud prevention and identity and access management. The proven technologies enable organizations to protect their customers, employees, and business-critical resources from the latest security threats. As new threats emerge, IBM can help organizations build on their core security infrastructure with a full portfolio of products, services and business partner solutions. IBM empowers organizations to reduce their security vulnerabilities and focus on the success of their strategic initiatives. For more information To learn more about Security Trusteer solutions and IBM Trusteer Apex Advanced Malware Protection, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/security About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world s broadest security research, development and delivery organizations, monitors 15 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost- effective and strategic way possible. We ll partner with credit- qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/ financing 5

6 Copyright IBM Corporation 2014 IBM Corporation Software Group Route 100 Somers, NY Produced in the United States of America August 2014 IBM, the IBM logo, ibm.com, and X- Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/ legal/ copytrade.shtml Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statements regarding IBM s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. 1 Dana Tamir, Underground Cybercrime: Exploits for Sale, April 25, 2014, 2 Verizon 2014 Data Investigations Report, com/dbir/2014/?gclid=cp2nkocvzl4cfvjnogod1nsayw 3 IBM X-Force Threat Intelligence Quarterly Q1 2014, ibm.com/common/ssi/ecm/en/wgl03045usen/wgl03045usen.pdf 4 Ibid, IBM X-Force Threat Intelligence Quarterly Q1 2013, ibm.com/security/xforce/ 6 Ibid, 2012 to 2013, Trusteer was acquired by IBM in August of Please Recycle WGD03029-USEN-02