SlideShare una empresa de Scribd logo

Malware Defense-in-Depth 2.0

Descargar como PPTX, PDF
A
Ayed Al Qartah
Tecnología
1 de 16
Malware Defense-in-Depth 2.0A practical  approach to secure your enterprise against viruses,  worms and rootkits Aa’edAlqarta
The Problem Security defenses can’t keep up with latest threats Malware is penetrating the network and infecting computers Antivirus software is not a silver bullet for all threats We are losing the war against malware
What is a Malware? According to NIST, “Malware (NIST, 2005) refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.” NIST: National Institute of Standards and Technology 4
Types of Malwares Viruses Worms Backdoors Spywares Bots “Botnets” Rootkits Ransomware
Top Malware Targets
Attack Anatomy Attackers discover vulnerabilities and write exploits for them (e.x JS) They infect web sites to attack visitors A visitor browse the site and immediately get infected A virus will be installed in the background and infect the client software Infected computers will attack internal clean machines (Workstations/Servers)
Web URL Filtering Enable AV scanning for malicious files/URLs Block access to malicious categories (Porn/Hacking/Downloads/Video/P2P/Torrent/Blogs/Infected Hosts/IM) Block downloads of executables (exe/dll/com) Inspect SSL traffic for malicious traffic
Application Control (Whitelisting) Allow business approved applications only Office, Accounting, Finance, …etc Protect critical system files from modifications Block any unapproved applications (including malwares) The ability to block zero-day malware if AV is not detecting it Monitoring of all applications usage in the net
Device Control Block the usage of removable drives (Flash / IPod / H.D / Camera) If you should allow Flash drives in the network: ,[object Object]
Disable “Autorun” and block exe/Autorun.inf,[object Object]
FW Best Practices No “Any Any” rules Out-bound SMTP for Exchange servers only HTTP/HTTPS/FTP are a good start for end user Block Infected computers Enabled outbound denied logging
Case Study: Conficker/Downadup Windows Server service vulnerability (MS08-067) W32.Downadup A, B, C, E Propagates through network file shares, flash disks Disables User Accounts in AD Blocks access to security sites and MS updates Stops security tools and softwares “self-protection”
Summary Use a good antivirus which has a high detection rate Patch OS + 3rd party applications Use Application Whitelisting + Device Control Block access to malicious, media, downloads, and blogs Network segmentations Web content filtering policy
Thank You E-mail me: a.qarta@gmail.com http://extremesecurity.blogspot.com

Recomendados

Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Computer virus
Computer virusComputer virus
Computer virusSeethaDinesh
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Worm
WormWorm
WormS.M. Towhidul Islam
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 

Recomendados

Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Computer virus
Computer virusComputer virus
Computer virusSeethaDinesh
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Worm
WormWorm
WormS.M. Towhidul Islam
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 
Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!amoY91
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2maranan_zyra
 
Chap 2 lab 2
Chap 2 lab 2Chap 2 lab 2
Chap 2 lab 2Elma Valdehueza
 
Anti virus
Anti virusAnti virus
Anti virusMarlon San Luis
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagarNitish Nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02hiiraa
 
Ekwik technology
Ekwik technology Ekwik technology
Ekwik technology roman reigns
 
Pahdi yadav antivirus
Pahdi yadav antivirusPahdi yadav antivirus
Pahdi yadav antivirusfernando_bruaj
 
Lab 2
Lab 2Lab 2
Lab 2novelinbabate2
 
Computer virus
Computer virusComputer virus
Computer virusvazhichal12
 
system Security
system Security system Security
system Security Gaurav Mishra
 
R esearch report with footnote
R esearch report with footnoteR esearch report with footnote
R esearch report with footnoteGuevarra Institute of Technology
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Anti virus
Anti virusAnti virus
Anti virusMuhammad Sohaib Afzaal
 
Mjtanasas1
Mjtanasas1Mjtanasas1
Mjtanasas1mj tanasas
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2ricky098
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2zamayla143
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dollsmastermind07
 
llagas j.
llagas j.llagas j.
llagas j.jenevie_llagas
 
Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXDilip Jaiswal
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareFFRI, Inc.
 

Más contenido relacionado

La actualidad más candente

Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!amoY91
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2maranan_zyra
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagarNitish Nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02hiiraa
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2ricky098
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2zamayla143
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dollsmastermind07
 

La actualidad más candente (20)

Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2
 
Chap 2 lab 2
Chap 2 lab 2Chap 2 lab 2
Chap 2 lab 2
 
Anti virus
Anti virusAnti virus
Anti virus
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02
 
Ekwik technology
Ekwik technology Ekwik technology
Ekwik technology
 
Pahdi yadav antivirus
Pahdi yadav antivirusPahdi yadav antivirus
Pahdi yadav antivirus
 
Lab 2
Lab 2Lab 2
Lab 2
 
Computer virus
Computer virusComputer virus
Computer virus
 
system Security
system Security system Security
system Security
 
R esearch report with footnote
R esearch report with footnoteR esearch report with footnote
R esearch report with footnote
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Anti virus
Anti virusAnti virus
Anti virus
 
Mjtanasas1
Mjtanasas1Mjtanasas1
Mjtanasas1
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dolls
 
llagas j.
llagas j.llagas j.
llagas j.
 

Destacado

Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXDilip Jaiswal
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareFFRI, Inc.
 
defense_in_depth_version_12
defense_in_depth_version_12defense_in_depth_version_12
defense_in_depth_version_12Alen Schulze
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoNetwork Performance Channel GmbH
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockThreat Stack
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 

Destacado (10)

Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUX
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux Malware
 
defense_in_depth_version_12
defense_in_depth_version_12defense_in_depth_version_12
defense_in_depth_version_12
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux Malware
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 

Similar a Malware Defense-in-Depth 2.0

Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewallsJay Shah
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part Onebackdoor
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programsAnuj Pawar
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...eLiberatica
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antivirusesSanguine_Eva
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Issues and precautions related to ict
Issues and precautions related to ictIssues and precautions related to ict
Issues and precautions related to ictmakanaya
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaILAKIA
 

Similar a Malware Defense-in-Depth 2.0 (20)

Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewalls
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Technical Report Writing Presentation
Technical Report Writing PresentationTechnical Report Writing Presentation
Technical Report Writing Presentation
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programs
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
 
Issues and precautions related to ict
Issues and precautions related to ictIssues and precautions related to ict
Issues and precautions related to ict
 
Firewall
FirewallFirewall
Firewall
 
Mitppt
MitpptMitppt
Mitppt
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by Ilakia
 

Último

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Malware Defense-in-Depth 2.0

  • 1. Malware Defense-in-Depth 2.0A practical  approach to secure your enterprise against viruses,  worms and rootkits Aa’edAlqarta
  • 2. The Problem Security defenses can’t keep up with latest threats Malware is penetrating the network and infecting computers Antivirus software is not a silver bullet for all threats We are losing the war against malware
  • 3.
  • 4. What is a Malware? According to NIST, “Malware (NIST, 2005) refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.” NIST: National Institute of Standards and Technology 4
  • 5. Types of Malwares Viruses Worms Backdoors Spywares Bots “Botnets” Rootkits Ransomware
  • 7. Attack Anatomy Attackers discover vulnerabilities and write exploits for them (e.x JS) They infect web sites to attack visitors A visitor browse the site and immediately get infected A virus will be installed in the background and infect the client software Infected computers will attack internal clean machines (Workstations/Servers)
  • 8. Web URL Filtering Enable AV scanning for malicious files/URLs Block access to malicious categories (Porn/Hacking/Downloads/Video/P2P/Torrent/Blogs/Infected Hosts/IM) Block downloads of executables (exe/dll/com) Inspect SSL traffic for malicious traffic
  • 9. Application Control (Whitelisting) Allow business approved applications only Office, Accounting, Finance, …etc Protect critical system files from modifications Block any unapproved applications (including malwares) The ability to block zero-day malware if AV is not detecting it Monitoring of all applications usage in the net
  • 10.
  • 11.
  • 12. FW Best Practices No “Any Any” rules Out-bound SMTP for Exchange servers only HTTP/HTTPS/FTP are a good start for end user Block Infected computers Enabled outbound denied logging
  • 13. Case Study: Conficker/Downadup Windows Server service vulnerability (MS08-067) W32.Downadup A, B, C, E Propagates through network file shares, flash disks Disables User Accounts in AD Blocks access to security sites and MS updates Stops security tools and softwares “self-protection”
  • 14.
  • 15. Summary Use a good antivirus which has a high detection rate Patch OS + 3rd party applications Use Application Whitelisting + Device Control Block access to malicious, media, downloads, and blogs Network segmentations Web content filtering policy
  • 16. Thank You E-mail me: a.qarta@gmail.com http://extremesecurity.blogspot.com