Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities



Similar documents
IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

How To Fix A Web Application Security Vulnerability

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

PCI Data Security Standards (DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Carbon Black and Palo Alto Networks

Host-based Protection for ATM's

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

A Decision Maker s Guide to Securing an IT Infrastructure

Protecting Your Organisation from Targeted Cyber Intrusion

Anti-exploit tools: The next wave of enterprise security

Securing OS Legacy Systems Alexander Rau

Host/Platform Security. Module 11

Breaking the Cyber Attack Lifecycle

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Advanced Endpoint Protection Overview

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Seven Things To Consider When Evaluating Privileged Account Security Solutions

WEB ATTACKS AND COUNTERMEASURES

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Top five strategies for combating modern threats Is anti-virus dead?

Web Plus Security Features and Recommendations

Agenda , Palo Alto Networks. Confidential and Proprietary.

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Cisco Advanced Malware Protection

IBM Security Strategy

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

How To Protect A Web Application From Attack From A Trusted Environment

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Where every interaction matters.

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

What Do You Mean My Cloud Data Isn t Secure?

Networking for Caribbean Development

The Hillstone and Trend Micro Joint Solution

24/7 Visibility into Advanced Malware on Networks and Endpoints

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Rational AppScan & Ounce Products

WildFire. Preparing for Modern Network Attacks

A Case for Managed Security

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

CYBERTRON NETWORK SOLUTIONS

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

GFI White Paper PCI-DSS compliance and GFI Software products

74% 96 Action Items. Compliance

10 Things Every Web Application Firewall Should Provide Share this ebook

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Introduction: 1. Daily 360 Website Scanning for Malware

Security Controls Implementation Plan

5 Steps to Advanced Threat Protection

Achieving PCI-Compliance through Cyberoam

VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation

End to End Security do Endpoint ao Datacenter

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

Cybersecurity and internal audit. August 15, 2014

Host-based Intrusion Prevention System (HIPS)

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The New PCI Requirement: Application Firewall vs. Code Review

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Trend Micro OfficeScan Best Practice Guide for Malware

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Cyber Security Management

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Best Practice Configurations for OfficeScan (OSCE) 10.6

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

How To Secure Your System From Cyber Attacks

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Building A Secure Microsoft Exchange Continuity Appliance

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Fighting Advanced Threats

Chapter 4 Application, Data and Host Security

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Seven for 7: Best practices for implementing Windows 7

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Persistence Mechanisms as Indicators of Compromise

Infinity Acute Care System monitoring system

Transcription:

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure with both customer and partner portals. The infrastructure typically employs a mix of databases, in-house applications, third-party applications and web services, running in a heterogeneous OS environment and is constantly changing as technology advances and new business applications are added. To ensure a base level of security and compliance, IT installs antivirus and uses a complex series of static network zones to protect the infrastructure. This approach makes it difficult and slow to deploy new business applications and only provides protection from a casual attacker. The architecture becomes more complex as more applications and business services are introduced. Increasing IT infrastructure complexity also exacerbates existing challenges in protecting the environment from zero-day threats and from malicious actors eager to take advantage of newly discovered vulnerabilities. Zero-day Attacks and New Vulnerabilities Recent security breaches highlight the growing threat surface and the increasing sophistication of the cyber attacks that organizations like the Retailer face today, including: i. Sophisticated malware toolkits to enable customized spying - An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. Symantec believes that the threat is installed through a Web browser or by exploiting an application.

ii. Watering hole attacks - A watering hole attack is a method of targeting sites that are likely to be visited by targets of interest. The attacker will compromise the site and inject JavaScript or HTML to redirect victims to additional malicious code. The compromised site is then left waiting to infect the profiled victim with a zero-day exploit, just like a lion waiting at a watering hole. Symantec has published research on watering hole attacks (The Elderwood Project) that details targets, growing trends and attack platforms seen since 2009. iii. Cross-site injection attacks - Cross-site scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. Cross-Site Scripting (XSS) attacks occur when: (1) Data enters a web application through an untrusted source, most frequently a web request. (2) The data is included in dynamic content that is sent to a web user without being validated for malicious content. The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user s machine under the guise of the vulnerable site. New vulnerabilities and zero-day attacks demand more proactive security monitoring and hardening approaches that take advantage of software-defined capabilities.

Symantec Data Center: Server Advanced Protects the IT Infrastructure Against Zero-day Threats and New Vulnerabilities Customers, like the Major Retailer, are using Symantec Data Center Security: Server Advanced to protect its web infrastructure against recent vulnerabilities. These threats include: Bash Vulnerability (also known as Shellshock ) affects most versions of the Linux and Unix operating systems. This vulnerability allows an attacker to gain control over a targeted computer if exploited successfully Sandworm, which affects Windows OS and allows attackers to embed Object Linking and Embedding (OLE) files from external locations. Malicious hackers can exploit this vulnerability to download and install malware onto the target s computer. Regin, a multi-staged Trojan, in which each stage is hidden and encrypted. Regin has been used in systematic spying campaigns against a range of international targets since at least 2008. The Retailer is using Symantec Data Center Security: Server Advanced to proactively secure and harden its web infrastructure. With this approach, IT enables the web infrastructure to keep up with the business and maintain its service levels, yet still protect the environment against zero-day threats and new vulnerabilities.

The Retailer is taking advantage of the following Symantec Data Center Security: Server Advanced capabilities to execute its objectives: IPS/IDS (Intrusion Prevention/Detection Systems) Full Application Control and Sandboxing Enhanced Limitations on the Root User Microsegmentation IPS/IDS Turning on Symantec Data Center Security: Server Advanced IPS capabilities provide a first-line defense against zero-day vulnerabilities. Protecting Windows Systems Using the most basic intrusion prevention policy, Symantec Data Center Security: Server Advanced protects the online Retailer s Windows systems against Sandworm by automatically preventing Sandworm from entering the data center, by protecting critical Windows control points such as the runonce registry key in this case. Symantec Data Center Security: Server Advanced prevention ensures protection even if IT has not yet applied the Windows Sandworm security patch, and even before security research knows the vulnerability exists.

Protecting Unix/Linux Systems In scenarios similar to the Bash vulnerability, which attacks Linux and Unix systems, customers can set IPS to monitoring mode in order to alert the customer to activities that it would normally restrict or block. This enables the customer to quickly detect and set alerts for unusual and suspicious activity without taxing application performance. The customer can also set prevention policies so that the configuration files of both the *NIX OS and common Daemons/Applications, such as Apache, remain read only and when Apache runs Bash it is limited to Apache and cannot read and or modify anything else on the system. IT can also use the standard IDS Unix Baseline policy to monitor and run important checks such as Privileged Command, Bash History Monitor and System Hardening Monitor. These checks help IT detect potentially unwanted activity. Protecting the Infrastructure from Exposed Hosts For exposed hosts, IT can also adjust policy settings with Symantec Data Center Security: Server Advanced so that vital files are made read only to any user or process (including ROOT), and changes are limited to specific management applications, hosts or IP addresses. Customers can tie policies to their change control procedures. Policy Management Customers can also run checks to help detect potentially unwanted activity. To minimize the potential impact of IDS checks on performance, customers will have to do some fine-tuning to remove all check options and reduce event traffic. Policies can be tied into a customer s Change Control Procedures so that the first and more secure version of this policy is live 99 percent of the time. When changes are necessary or threats subside, the second version can then be applied if desired.

Full Application Control and Sandboxing IT can use Symantec Data Center Security: Server Advanced to perform full application control and address vulnerabilities such as Bash, Sandworm and Mimikatz. Symantec Data Center Security: Server Advanced protects web servers against malware that uses the common gateway interface (CGI) to launch attacks by limiting processes in the affected servers to only perform their required functions or by preventing CGI from running altogether. IT can also utilize Symantec Data Center Security: Server Advanced to prevent attacks like Regin from running on unprotected platforms by using the published Regin hash signature (MD5) to create blacklists. Symantec Data Center Security: Server Advanced provides out-of-the-box protection for Apache. However, customers are advised to ensure they have properly configured the sandbox for their environment. Customers have to properly configure the file resource lists so that only Apache has access to the web content. In many instances Apache web services are installed by default, but not used. In this scenario, IT can configure Symantec Data Center Security: Server Advanced to block these unused Apache web services. Limiting the Root User Symantec Data Center Security: Server Advanced can be used by customers to limit the root user s capabilities on Unix systems. Customers are advised to tune their Unix Prevention policy to ensure that the root user limits can be enforced even when the vulnerability is installed, thus preventing accidental exposures. Microsegmentation When the web infrastructure is compromised, the kill chain prescribed for zero-day and advanced threats depends on the hard shell, chewy center of the traditional perimeter-enforced physical networks. With Symantec Data Center Security: Server Advanced, customers can manually create micro-segments (asset groups) of security containers per application instance and apply the right policies to the asset groups.

Customers that have both VMware NSX and Data Center Security: Server Advanced can replace their rigid perimeter-centric security zones and predominantly manual processes with policy-based, automated, application-specific security models. Customers can use this integration to orchestrate security settings across Server, Server Advanced and third-party tools that are registered with VMware Service Composer, starting with Palo Alto Networks firewalls. Customers that utilize microsegmentation will realize faster and more dynamic response times to advanced threats, and can stop the malware from accessing critical applications, even within the compromised physical hosts. Protect Your Web Infrastructure with Symantec Data Center Security: Server Advanced Symantec Data Center Security: Server Advanced will help customers protect their customer facing web infrastructure so that they can: Protect the corporate brand by delivering secure business services to customers and business partners. Provide faster response times to detect, monitor and protect its web infrastructure against zero-day attacks and new vulnerabilities. Maintain compliance with security standards and fulfill regulatory obligations such as PCI-DSS. Symantec Data Center Security: Server Advanced offers the following capabilities: Application Whitelisting and Protected Whitelisting Targeted Prevention Policies Granular Intrusion Prevention Policies File, System, and Admin Lockdown File Integrity Monitoring Configuration Monitoring

In addition to delivering protection against zero-day threats and new vulnerabilities, IT can use Symantec Data Center Security: Server Advanced to: Harden and secure critical applications running on legacy systems (such as your Windows 2003 Servers). Quickly enable security for newly provisioned physical and virtual assets. With Symantec Data Center Security: Server Advanced, customers can ensure their IT infrastructure is secure and compliant regardless of where they are in the life cycle of their software-defined data center. Click for more information on Symantec Data Center Security: Server Advanced.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information