HEAT Endpoint Security Umfassender Schutz vor Hacker-Angriffen Mario Schwalm HEAT Endpoint Security 20.04.2016
2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 18
Produkt Portfolio Definition - Ransomware Ransomware ist Schadsoftware, die den Zugriff oder die Nutzung eines Systems verhindert und ein Lösegeld für die Wiederherstellung fordert. 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 3
Ransomware Example: Locky Warum Locky : Verbreitung war auffällig schnell Teilweise bis zu 5000 infizierte Endpunkte pro Stunde allein in Deutschland Große AV-Hersteller haben Reaktionszeiten von mehreren Stunden! 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 4
Produkt Portfolio Infection Locky 1. Versand häufig via E-Mail mit Dateianhang (Troj/DocDl-BCF) 2. Das Dokument ist nicht klar lesbar 3. Es wird empfohlen, Macros zu aktivieren 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 5
Produkt Portfolio Infection Locky 4. Wenn die Macros aktiviert sind, wird der erste Teil auf das System geschrieben 5. Es handelt sich um einen Downloader (Troj/Ransom-CGX) welcher die finale Payload vom C&C Server auf das System holt 6. Locky (Troj/Ransom-CGW) ist auf dem System einsatzbereit 7. Verschlüsselung aller erreichbaren Dateien startet (RSA-2048 und AES-128) Lösegeldforderung zur Entschlüsselung (1 Bitcoin = ca. 390 )* *dies entschlüsselt nur einen Endpunkt 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 6
THE ENDPOINT IS THE TARGET
Scenario 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 18
Scenario 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 18
Configuration Management Patch & Remediation Firewall AntiVirus Device / Port Control Practical Defense-in-Depth NETWORK ACCESS PHYSICAL ACCESS Data Encryption 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential
Endpoint Security Challenge Malware Volume is Growing 2015: 40M / mo. Malware is more: Sophisticated Targeted 2007: 250k / mo. No Longer Just a Microsoft World Protecting Against Known and Unknown Risk Over 90% of cyber attacks exploit known security flaws for which a remediation is available Gartner 90% of your risk is eliminated by proactively managing your vulnerabilities
HEMSS Heat Endpoint Management and Security Suite
HEAT Endpoint Protection Threat Protection Threat Protection Vulnerability Management Data Security o Intelligent Whitelisting: Combining Patch Management, Application Control and Anti Virus Vulnerability Management o Agent based assessment & remediation Data Security o Device Control o Disk Encryption
Core Capabilities of E.M.S.S Platform o o o o o o Single, Modular, Extensible Architecture Single Workflow-based Console Asset Discovery and Agent Deployment AD Integration and Synchronization Role-based Access Control Reporting and Notification
No Longer Just a Microsoft World
Annual Reported Vulnerabilities, 2000-2015 (est.)
99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED. http://www.verizonenterprise.com/dbir/2015/
Most Prevalent and Targeted Apps HEAT Software supports all of the vulnerable applications in the top-50 http://secunia.com/vulnerability-review/ Application CVES MOZILLA FIREFOX 270 GOOGLE CHROME 245 ORACLE JAVA JRE 181 MICROSOFT INTERNET EXPLORER 126 ADOBE READER 67 APPLE ITUNES 66 ADOBE FLASH PLAYER 56 ADOBE AIR 34 MICROSOFT.NET FRAMEWORK 18 MICROSOFT WORD 17 APPLE QUICKTIME 12 MICROSOFT PUBLISHER 11 ADOBE SHOCKWAVE PLAYER 10 MICROSOFT SILVERLIGHT 9 VLC MEDIA PLAYER 7 MICROSOFT EXCEL 6 MICROSOFT ACCESS 3 SKYPE FOR WINDOWS 3 MICROSOFT XML CORE SERVICES (MSXML) 2 MICROSOFT OUTLOOK 1 MICROSOFT WINDOWS MEDIA PLAYER 1 MICROSOFT WINDOWS DEFENDER 1 MICROSOFT POWERPOINT 1 MICROSOFT VISIO VIEWER 1
Broadest Range of 3 rd Party Content
Broadest Range of 3 rd Party Content Adobe o Acrobat o AIR o Flash Player o Flash Player (ESR) o Illustrator o InDesign o Photoshop o Reader o RoboHelp o Shockwave Player RealVNC o RealVNC Server o RealVNC Viewer VideoLAN VLC media player Inkscape Team Inkscape Foxit Corporation o Enterprise Reader o Reader Stefan Kung TortoiseSVN Apple o Bonjour o icloud o itunes o Mobile Device Support o QuickTime o Safari Google o Chrome o Earth Ultra VNC o Ultra VNC Server o Ultra VNC Viewer Tim Kosse o FileZilla Client o FileZilla Server Oracle Java SE Runtime (JRE) Yahoo! Yahoo! Messenger Apache OpenOffice VMware o Player o Workstation Microsoft o Skype o Skype (Business) Don Ho Notepad ++ Citrix Systems o Online Plug-In o Online Plug-In Web o Presentation Server o Receiver o Receiver (Enterprise) o XenApp Riverbed Tech WinPcap TeamViewer TeamViewer The GIMP Dev Team GIMP Igor Pavlov 7-Zip Mozilla o Firefox o Firefox ESR Real Networks RealPlayer WinZip WinZip Audacity Team Audacity Lightning UK ImgBurn Wireshark Wireshark dotpdn Paint.NET Document Fdn LibreOffice Martin Prikryl WinSCP
How it works 1. Discover 5. Report 2. Assess 4. Remediate 3. Prioritize 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 21
Centralized Visibility & Control Manage remote, local and Internet connected endpoints Automated discovery and agent deployment Distributed caching and enhanced Wake on LAN Mobile Endpoints Internet Corporate HQ WAN Remote Offices & Subsidiaries 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 22
Agent based (near real time) assessment
Key Capabilities: Application Control o Automated application discovery o Cloud based application verification o Quickly deny unwanted applications o Granular trust engine Trusted Updater Trusted Publisher Trusted Path Trusted User o Easy lockdown capability with local and central whitelist options 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 24
How about In Memory Attacks? o Memory-based attacks commonly used in targeted attacks / APTs o Not detected nor stopped by traditional endpoint security 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 25
Key Capabilities: Anti Virus o Best in class detection of both know and zero day virus and malware files o Unprecedented performance VS market leading point solutions Smart Scan technology o Both signature and behavioural detection o Scheduled and on demand scanning o Central reporting and alerting of detected threats 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 26
Anti-Virus Policies o Anti-Virus provides two policy types to implement such protection: Recurring Virus and Malware Scan Real-time Monitoring Policy o You can also initiate a Scan Now from the HEAT EMSS Console, or from the endpoint UI 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 27
Effective device control? 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential
Effective Device Control with HEMSS >1) Anforderungsaufnahme >2) Sicherheitsimplikationen >2) Operationelle Implikationen > Vertrieb Nutzen von Memory Keys Wireless Verbindung Nur verschlüsselt Nur 15 MB / day Mit shadowing Nur offline Nur Typ Lexar > REGELWERK > Standard Regel für den Vertrieb zu Nutzung von Lexar Sticks mit dezentraler Verschlüsselung > Offline Regel für den Vertrieb zur Nutzung von Wireless 29
Data Security: Device Control o Whitelist based approach simply define what's allowed o Set policy by device type, make/ model or even unique device o Integrated policy with AD user groups o Provide read, or red/write access o Control file types and enforce copy limits o Block USB key logger devices o Provide temporary or scheduled access to devices 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 30
Data Security: Encryption o Flexible encryption for USB removable media Allow access to data only on network once encrypted Optionally allow data to be accessed on non corporate systems via easy exchange capability Integrated password reset capabilities o Force encryption of data written to optical media Including easy exchange technology o Integrated disk encryption Powered by Sophos, the HEAT platform offers the ability to deploy whole disk encryption and policy and report on compliance 2015 HEAT Software. All Rights Reserved. Proprietary and Confidential 31
HEAT EMSS Console
Built in reporting
Mit HEAT EMSS wird Endpunkt Sicherheit über alle Systeme neu definiert.
Thank You Follow us: @HEAT_Software Visit us: heatsoftware.com