Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect

Similar documents

IBM Protocol Analysis Module

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Anti-exploit tools: The next wave of enterprise security

Secure Your Mobile Workplace

Spyware Linkages to Malware and its Affects A Multi-Layered Approach to Stopping Information Theft

IBM Internet Security Systems

Section 12 MUST BE COMPLETED BY: 4/22

IBM Advanced Threat Protection Solution

What Do You Mean My Cloud Data Isn t Secure?

2009 IBM ISS X-Force Mid-Year Trend & Risk Report

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Common Cyber Threats. Common cyber threats include:

Security Trends X-Force

Introduction (Contd )

Top five strategies for combating modern threats Is anti-virus dead?

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Cyber-threat Landscape in 1H 2010

Trends in Zero-Day Kernel Exploits and Protection 2015

Integrated Protection for Systems. João Batista Territory Manager

Defining the Rules for Preemptive Host Protection: Internet Security Systems Multi-Layered Strategy

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

IBM Global Technology Services Preemptive security products and services

End to End Security do Endpoint ao Datacenter

A Systems Engineering Approach to Developing Cyber Security Professionals

Sicurezza Data Center 22 giugno Fabio Paravani Regional Account Manager

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

IBM Internet Security Systems products and services

Types of cyber-attacks. And how to prevent them

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

13 Ways Through A Firewall What you don t know will hurt you

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Next Generation IPS and Reputation Services

agenda 5 IBM ISS security consulting solutions 6 Reduzca costos y la complejidad de la seguridad en su negocio

13 Ways Through A Firewall

Xerox Next Generation Security: Partnering with McAfee White Paper

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Cyber Exploits: Improving Defenses Against Penetration Attempts

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Beyond Aurora s Veil: A Vulnerable Tale

Introducing IBM s Advanced Threat Protection Platform

IBM Security Strategy

Computer Security DD2395

Simple Steps to Securing Your SSL VPN

IBM Security X-Force Threat Intelligence

Information leakage from PC by P2P file-sharing application, Phishing and Spy ware

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Chapter 9 Firewalls and Intrusion Prevention Systems

Deep Security Vulnerability Protection Summary

IBM Security Intrusion Prevention Solutions

Society for Information Management

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Managed Security Services Portfolio

What is Web Security? Motivation

THE EASY WAY TO SECURITY AND SIMPLICITY. Business Suite

Web site security issues White paper November Maintaining trust: protecting your Web site users from malware.

Spyware: Securing gateway and endpoint against data theft

Netzwerkvirtualisierung? Aber mit Sicherheit!

Existing Antivirus Security Technology Is Fundamentally Flawed

Hands-on Hacking Unlimited

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Firewall and UTM Solutions Guide

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

External Supplier Control Requirements

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

How To Protect Your Network From Attack From A Hacker (For A Fee)

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Seamless ICT Infrastructure Security.

Defending Against Data Beaches: Internal Controls for Cybersecurity

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

Certified Cyber Security Expert V Web Application Development

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Network Incident Report

EndUser Protection. Peter Skondro. Sophos

SCADA / Smart Grid Security Who is really in control of our Control Systems?

INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Certified Ethical Hacker (CEH)

Web Application Worms & Browser Insecurity

DTR Business Systems, Inc. Rene Beltran

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

Defensible Strategy To. Cyber Incident Response

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Transcription:

Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti Sr. IT Security Architect

Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 2

The mission of the IBM Internet Security Systems X-Force research and development team is to: Research and evaluate threat and protection issues Develop assessment and countermeasure technology Educate the media and user communities 3

4 X-Force

Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 5

Vulnerability Highlights Overall number of disclosed vulnerabilities increased in comparison to previous years 5% increase over the first half of year 2007 6

Patch Availability Date Y-Axis gg tra la patch e l annuncio della vulnerabilità X-Axis Data di annuncio della vulnerabilità Data 1,551 patches 15% Prima dell annuncio 54% All annuncio 31% Dopo l annuncio Courtesy: Stefan Frei, ETH Zurich http://www.techzoom.net/risk/

Exploit Availability Date Exploit Availability Date Y-Axis Giorni trascorsi tra l annuncio della vulnerabilità e l exploit X-Axis Data di annuncio della vulnerabilità Data 3,428 exploits 23% disp. prima dell annuncio 58% disp. all annuncio 19% disp. dopo l annuncio Courtesy: Stefan Frei, ETH Zurich http://www.techzoom.net/risk/

Browser Vulnerabilities Memory corruption is the main vulnerability. No substantial difference. 9

Primary Exploit Target: Browser Plug-Ins The majority of publicly released exploits are for browser plug-ins The top five most exploited browser vulnerabilities all target plug-ins Although most active exploitation focuses on older vulnerabilities, newer attack tools have automatic methods to incorporate the most recent exploits 10

Web Server Application Vulnerabilities Three newcomers to the top ten vendor list were web server application software vendors Web server application vulnerabilities account for 54% of all 2008 H1 disclosures and 51% since 2006 11

Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 12

ISS Preemptive Protection

Vulnerability Focused Protection

Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 15

How do you get owned these days? The Attach Lifecycle The initial culprits in owning a system can be as innocent as an email from Mom or as malicious as a hacker set to steal valuable information. 16

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. 17

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability 18

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability 19

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 20

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution Malcode, such as a trojan or rootkit is executed to wreak havoc on the system A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 21

The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution Malcode, such as a trojan or rootkit is executed to wreak havoc on the system A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 22

X-Force Protection Engines Cobion Cobion e-mail and content filtering technology has analyzed over 8.7B URLs and images and 1B unique spam messages. Over 100k web/700k spams analyzed daily. Shellcode Heuristics This engine uses generic shellcode detection to block shellcode payloads, one of the most prevalent method of infecting non-binary files like html, docs, and images. BOEP Buffer Overflow Exploit Prevention (BOEP) blocks execution payloads delivered through buffer overflow exploits, providing 0-day protection for this class of threats. PAM The Protocol Analysis Module (PAM) is the network IPS component in IBM ISS desktop, server, and network products. PAM uses behavioral and vulnerability-centric methods to detect and block network-based exploits affecting more than 7,400 vulnerabilities. VPS The Virus Prevention System (VPS) is a behavioral anti-virus technology that can stop not only new malware variants, but also new malware families. VPS uses pre-execution behavioral analysis to stop malware before it can run and do damage. 23

Conclusions The costs of data loss are significant but hard to calculate: the whole company is at risk. Collaboration brings complexity and with it many new risks. Statistics are showing how the endpoint and the data are targeted. A complete solutions must entail intrusion and extrusion prevention, as well as proper Authentication, Authorization and Accounting. 24

Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 25

GRAZIE! Domande? Simone Riccetti simone.riccetti@it.ibm.com