PREVENTING SECURITY BREACHES ON THE ENDPOINT. Davide Rivolta System Engineer Exclusive Networks Walter Doria - System Engineer Palo Alto Networks

Similar documents
Advanced Endpoint Protection Overview

Breaking the Cyber Attack Lifecycle

How Attackers are Targeting Your Mobile Devices. Wade Williamson

FROM PRODUCT TO PLATFORM

Advanced Endpoint Protection

Cisco Advanced Malware Protection for Endpoints

Check Point: Sandblast Zero-Day protection

End-user Security Analytics Strengthens Protection with ArcSight

Defending Against Cyber Attacks with SessionLevel Network Security

Persistence Mechanisms as Indicators of Compromise

Next Generation Enterprise Network Security Platform

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Anti-exploit tools: The next wave of enterprise security

Endpoint protection for physical and virtual desktops

THREAT INTELLIGENCE CLOUD

McAfee Network Security Platform

Windows XP End-of-Life Handbook for Upgrade Latecomers

IBM Security re-defines enterprise endpoint protection against advanced malware

Invincea Advanced Endpoint Protection

Endpoint Threat Detection without the Pain

Cisco Advanced Malware Protection for Endpoints

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Agenda , Palo Alto Networks. Confidential and Proprietary.

A Modern Framework for Network Security in Government

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Endpoint protection for physical and virtual desktops

Protecting Your Organisation from Targeted Cyber Intrusion

Hope is not a strategy. Jérôme Bei

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Information Security for the Rest of Us

Palo Alto Networks. October 6

WildFire Reporting. WildFire Administrator s Guide. Version 6.1

IBM Endpoint Manager for Core Protection

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

WildFire. Preparing for Modern Network Attacks

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

What is Next Generation Endpoint Protection?

Analyzing HTTP/HTTPS Traffic Logs

What Do You Mean My Cloud Data Isn t Secure?

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Cloud Services Prevent Zero-day and Targeted Attacks

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

How To Build Security By Silo

The SIEM Evaluator s Guide

5 Steps to Advanced Threat Protection

Enterprise Cybersecurity: Building an Effective Defense

AppGuard. Defeats Malware

Moving Beyond Proxies

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation

Evolving Threat Landscape

GOING BEYOND BLOCKING AN ATTACK

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

We Prevent Breaches (and surprises) Intelligent Prevention

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

24/7 Visibility into Advanced Malware on Networks and Endpoints

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Cloud App Security. Tiberio Molino Sales Engineer

Trend Micro. Advanced Security Built for the Cloud

Carbon Black and Palo Alto Networks

Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals

Whitepaper. Advanced Threat Hunting with Carbon Black

Modular Network Security. Tyler Carter, McAfee Network Security

Penetration Testing Report Client: Business Solutions June 15 th 2015

Streamlining Web and Security

Perspectives on Cybersecurity in Healthcare June 2015

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Enterprise Security Platform for Government

Manage Traps in a VDI Environment. Traps Administrator s Guide. Version 3.3. Copyright Palo Alto Networks

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

IBM Endpoint Manager Product Introduction and Overview

Virtualization System Security

Symantec Endpoint Protection Datasheet

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Unified Security, ATP and more

Redefining SIEM to Real Time Security Intelligence

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

IBM Security IBM Corporation IBM Corporation

Advanced Threats: The New World Order

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Devising a Server Protection Strategy with Trend Micro

Incident Response. Six Best Practices for Managing Cyber Breaches.

Security Analytics The Beginning of the End(Point)

BeyondInsight Version 5.6 New and Updated Features

Transcription:

Traps PREVENTING SECURITY BREACHES ON THE ENDPOINT Davide Rivolta System Engineer Exclusive Networks Walter Doria - System Engineer Palo Alto Networks

Delivering the Next-Generation Security Platform THREAT INTELLIGENCE CLOUD AUTOMATED Palo Alto Networks We are leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Because of our deep expertise, commitment to innovation and game-changing security platform, thousands of customers have chosen us and we are the fastest growing security company in the market. NATIVELY INTEGRATED EXTENSIBLE Traps Advanced Endpoint Protection Palo Alto Networks developed a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities. Prevent all exploits Prevent all malware Forensics of attempted attack Scalable, lightweight and user friendly Integrate with network and cloud security NEXT-GENERATION FIREWALL ADVANCED ENDPOINT PROTECTION

The Anatomy of a Targeted Attack Conduct Reconnaissance Compromise Endpoint Establish Control Channel Steal Data/ Achieve Objective The Right Time to Prevent a Security Breach is Before an Attacker Compromises an Endpoint to Gain a Foothold in Your Environment.

Exploits = Weaponized Data Files & Content Subvert Normal Applications Malware Executable Programs Carry Out Malicious Activity

Coverage Two Primary Methods for Compromising Endpoints Exploit Software Vulnerabilities Execute Malicious Programs Compromise Endpoint Traditional Next-Gen AV AV and is HIPS More Cannot Efficient Protect but Against Attacks Not More That Effective. Haven t Been Seen Before. Host IPS Next Gen AV Traditional AV Next Gen AV

Current endpoint security solutions fall short Too easy to bypass current antivirus products Over 60% of new malware is undetected by existing AV vendors Traditional approach to endpoint security requires prior knowledge of attack Patching and HIPS can t keep up with exploit activity Solutions that leverage multiple techniques for detection and prevention are required

What is Advanced Endpoint Protection Advanced Endpoint Protection is a category of security products that provide the following three core capabilities: Integrated into a Security Platform 3. 1. Prevent Exploits Known, Unknown/Zero-Day 2. Prevent Malware Known, Unknown

Traps Blocks Core Exploit Techniques, Not Individual Attacks All Software and Applications Contain Vulnerabilities 5,307 New Software Vulnerabilities in 2015 * Individual Attacks 1,000s That Exploit New or Unpatched Software Vulnerabilities Core Techniques 10-15 Exploitation Techniques Used in Attacks *Source: CVEDetails.com

Total Number To Prevent Exploits, Aim at the Root of the Attempt Patching Requires Prior Knowledge, Proactive Application Signature / Behavior Requires Prior Knowledge of Weaponized Exploits Time Traps Requires No Patching, No Prior Knowledge of Vulnerabilities, and No Signatures 9 2016, Palo Alto Networks. Confidential and Proprietary.

Exploit Technique Prevention Traps Forensic Data is Collected P D F PDF Process is Terminated User/Admin is Notified Infected document opened by unsuspecting user (Exploit evades Anti-Virus) Traps is seamlessly injected into processes Exploit technique is attempted and blocked by Traps before any malicious activity is initiated Traps reports the event and collects detailed forensics When an Exploitation Attempt is Made, the Exploit Hits a Trap and Fails before Any Malicious Activity is Initiated

Exploits Subvert Authorized Applications Vulnerabilities Vendor Patches ROP Heap Spray Utilizing OS Function Begin Malicious Activity Authorized Application Download malware Steal critical data Encrypt hard drive Destroy data More 11 2016, Palo Alto Networks. Confidential and Proprietary.

Vendor Patch ROP Heap Spray Utilizing OS Function Begin Malicious Activity Authorized Application Activate key logger Steal critical data Encrypt hard drive Destroy data More

Traps Blocks Exploit Techniques No Malicious Activity Heap Spray Authorized Application Traps EPM 13 2016, Palo Alto Networks. Confidential and Proprietary.

Traps Blocks Exploits That Use Unknown Techniques ROP No Malicious Activity Unknown Exploit Technique Authorized Application Traps EPM 14 2016, Palo Alto Networks. Confidential and Proprietary.

Traps Blocks Zero-Day Exploits Actual Zero-Day Exploits That Traps EPMs Block CVE-2013-3893 1 Heap Spray Memory Limit Heap Spray Check ROP ROP Mitigation/ UASLR Utilizing OS Function DLL Security CVE-2013-3346 2 Heap Spray Memory Limit Heap Spray Check / Shellcode Preallocation DEP Circumvention UASLR Utilizing OS Function DLL Security ROP ROP Mitigation JIT Spray JIT Mitigation Utilizing OS Function DLL Security DLL Security CVE-2015-3010 3 Preventing One Technique in the Chain will Block the Entire Attack 1 Operation Deputy Dog (CVE-2013-3893) 2 Turla/Snake Campaign (CVE-2013-3346) 3 Forbes Cyber-Espionage Campaign (CVE-2015-0310/0311) 15 2016, Palo Alto Networks. Confidential and Proprietary.

Case Study: Banking Industry Customer TIMELINE Traps Version 2.3.6 Released Vulnerability Discovered in Adobe Flash Player (CVE-2015-0359) Attackers Attempted to Exploit Vulnerability. Traps Blocked the Attempt. Traps v2.3.6 Traps Prevents Unknown and Zero-Day Exploits Without the Benefit of Hindsight. No Updates or Patches Since Installation

Traps vs. Top 10 Zero-Day Exploits of 2015 Discovery Date Application Exploit Identifier Did Traps Block Zero-Day Exploit? January 23, 2015 Flash CVE-2015-0311 March 13, 2015 Flash CVE-2015-0336 April 14, 2015 Flash CVE-2015-3043 June 23, 2015 Flash CVE-2015-3113 July 8, 2015 Flash CVE-2015-5119 July 14, 2015 Office CVE-2015-2424 July 14, 2015 Flash CVE-2015-5122 September 8, 2015 Office CVE-2015-2545 October 15, 2015 Flash CVE-2015-7645 December 28, 2015 Flash CVE-2015-8651 17 2015, Palo Alto Networks. Confidential and Proprietary.

Malware Prevention Engine Policy-Based Restrictions Limit surface area of attack control source of file installation WildFire Inspection Prevent known malware with cloud-based integration Malware Techniques Mitigation Prevent unknown malware with technique-based mitigation

Quarantine Program Block Restricted Malicious Malicious User Attempts to Execute a Program Check Hash Against Override Policies No Match No Match Unknown Check Against List of Trusted Publishers Check Hash with WildFire Conduct Static Analysis Submit Program to WildFire for Analysis Allowed Trusted Benign Benign Check Execution Restrictions Restricted Allowed Block Run 19 2015, Palo Alto Networks. Confidential and Proprietary.

WildFire Demonstrates the Shortcomings of Legacy AV 71.9M Just 37.5% 5.3M 2.0M Of the malware files seen by WildFire each month are detected by the top 6 enterprise AV vendors *. All Files Malicious Detected by AV *Average monthly values as of January 2016. Source: Palo Alto Networks WildFire and Multi-Scanner 20 2016, Palo Alto Networks. Confidential and Proprietary.

Network Layout

Comm. Server Policy Database Admin Console Endpoints Endpoint Security Manager (ESM) Traps Endpoint Security Manager Architecture 22 2016, Palo Alto Networks. Confidential and Proprietary.

A. Scalable Architecture Traps Architecture Leverages a Scalable Endpoint Security Manager (ESM) Endpoint Security Manager (ESM) 3-Tier Management Structure @ SMTP Alerting ESM Console Database ESM Servers (each supports 10,000 endpoints & scales horizontally) SIEM / External Logging Forensic Folder(s) ESM Server(s) WildFire Threat Intelligence Cloud Off Premise On Premise Endpoints Running Traps 23 2016, Palo Alto Networks. Confidential and Proprietary.

Platform Management Footprint Applications Flexible, Scalable, with Minimal Footprint 0.1% CPU Load 50 MB RAM 250 MB HD No scanning Out-of-the-Box protection for common applications Extensible to any application Physical & Virtual All major Windows editions Protects systems after end-of-support Central policy management Full SIEM integration support Role Based Access Control 24 2016, Palo Alto Networks. Confidential and Proprietary.

Flexible Platform Coverage Workstations Windows XP * (32-bit, SP3 or later) Windows Vista (32-bit, 64-bit, SP1 or later; FIPS mode) Windows 7 (32-bit, 64-bit, RTM and SP1; FIPS mode; all editions except Home) Windows Embedded 7 (Standard and POSReady) Windows 8 * (32-bit, 64-bit) Windows 8.1 (32-bit, 64-bit; FIPS mode) Windows Embedded 8.1 Pro Windows 10 Pro (32-bit and 64-bit) Windows 10 Enterprise LTSB Servers Windows Server 2003 * (32-bit, SP2 or later) Windows Server 2003 R2 (32-bit, SP2 or later) Windows Server 2008 (32-bit, 64-bit; FIPS mode) Windows Server 2008 R2 (32-bit, 64-bit; FIPS mode) Windows Server 2012 (all editions; FIPS mode) Windows Server 2012 R2 (all editions; FIPS mode) Virtual Environments VMware ESX Citrix XenServer Oracle Virtualbox Microsoft Hyper-V * Microsoft no longer supports this operating system. 25 2016, Palo Alto Networks. Confidential and Proprietary.

Partners Keypoints

Why both endpoint and network prevention Network-based prevention provides: Broad, fast coverage for whole environment Significant reduction in surface area of attack Endpoint-based prevention provides: Coverage for attacks that cannot be prevented in the network Don t enter through the network, traffic that must be allowed by can t be decrypted, or delivered over multiple disassociated connections Coverage when disconnected from network-based security stack Most importantly: immediate prevention of unknown malware and zero-day exploits

Summary: Traps Benefits Prevent Zero-Day Vulnerabilities and Unknown Malware Install Patches on Your Own Schedule Protect Any Application from Exploits Signatureless, No Frequent Updates Network and Cloud integration Minimal Performance Impact Avoid Remediation Costs 28 2016, Palo Alto Networks. Confidential and Proprietary.

Where to get Further Information? The PANW Web: Resources / Features / Technology / Initiatives https://www.paloaltonetworks.com/products/secure-the-endpoint/traps The Partner Portal: Help Me Sell Help Me Market 29 2015, Palo Alto Networks. Confidential and Proprietary.

hank You

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information