1. Malware Defense-in-Depth 2.0A practical approach to secure your enterprise against viruses, worms and rootkits Aa’edAlqarta
2. The Problem Security defenses can’t keep up with latest threats Malware is penetrating the network and infecting computers Antivirus software is not a silver bullet for all threats We are losing the war against malware
3.
4. What is a Malware? According to NIST, “Malware (NIST, 2005) refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.” NIST: National Institute of Standards and Technology 4
7. Attack Anatomy Attackers discover vulnerabilities and write exploits for them (e.x JS) They infect web sites to attack visitors A visitor browse the site and immediately get infected A virus will be installed in the background and infect the client software Infected computers will attack internal clean machines (Workstations/Servers)
8. Web URL Filtering Enable AV scanning for malicious files/URLs Block access to malicious categories (Porn/Hacking/Downloads/Video/P2P/Torrent/Blogs/Infected Hosts/IM) Block downloads of executables (exe/dll/com) Inspect SSL traffic for malicious traffic
9. Application Control (Whitelisting) Allow business approved applications only Office, Accounting, Finance, …etc Protect critical system files from modifications Block any unapproved applications (including malwares) The ability to block zero-day malware if AV is not detecting it Monitoring of all applications usage in the net
10.
11.
12. FW Best Practices No “Any Any” rules Out-bound SMTP for Exchange servers only HTTP/HTTPS/FTP are a good start for end user Block Infected computers Enabled outbound denied logging
13. Case Study: Conficker/Downadup Windows Server service vulnerability (MS08-067) W32.Downadup A, B, C, E Propagates through network file shares, flash disks Disables User Accounts in AD Blocks access to security sites and MS updates Stops security tools and softwares “self-protection”
14.
15. Summary Use a good antivirus which has a high detection rate Patch OS + 3rd party applications Use Application Whitelisting + Device Control Block access to malicious, media, downloads, and blogs Network segmentations Web content filtering policy
16. Thank You E-mail me: a.qarta@gmail.com http://extremesecurity.blogspot.com