SlideShare a Scribd company logo

Countering malware threats - Eric Vanderburg

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Malware is a significant threat as it provides a way for an attacker to use your machine for nefarious means or take data from you and those connected to you. Learn how to combat this threat and protect yourself.

Technology
1 of 17
Combating malware threats © 2014 Property of JurInnov Ltd. All Rights Reserved Eric A. Vanderburg, MBA, CISSP Director, Information Systems and Security Computer Forensic and Investigation Services
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Outline • Security model • Malicious software • Countering malware threats – Whitelisting – Behavioral detection – Automatic execution detection 2
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security model • Select security products that provide maximum security without significantly impacting productivity • Have a security model capable of handling direct attack of security solutions present on endpoints – Have a security model with fail-safe protection – Consider security products that use obfuscation – Consider security solutions that are less prominent • Be willing to adapt your security model to address a quickly evolving threat landscape 3
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Malicious software • Malicious software development is a for-profit business • There are more threats today than ever before • Threats today are designed to bypass the most prominent security solutions 4
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security Trade offs • System performance and resource consumption • Impact on end-user productivity • Increased IT administration requirements 5
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved One step ahead • Malicious software developers are familiar with emerging security techniques • Malicious software developers can respond faster than security vendors • Companies are slow to adopt new security solutions 6
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security solution adoption • No need to bypass security solutions that were never installed • Malicious software developers can impede solution adoption • Threats can create false positives that break legitimate software • Threats can increase hassle to administer new security solutions 7
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Opposite of signature-based approach • Unknown executable binaries are considered malicious • Usually has three different modes of operation: Lock- down, Prompt, or Audit • Many threats require launching binaries • Effectively stops unknown binaries from executing • Protects against threats signature-based solutions cannot • Does not detect threats that are present at time of installation 8
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Does not detect threats running inside of approved processes • May not detect malicious scripts • Exploit features designed to increase the usability of whitelisting solutions • File system filter drivers can negatively impact performance • Rarely compatible with other security solutions • End-users may not have the flexibility necessary to perform their jobs • Administering automated installations and updates can be a hassle • Modify legitimate files on disk to get whitelisting solution to prohibit execution • Break the ability to easily install or update software • Degrade system performance 9
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Instead of identifying malicious binaries, identify malicious behaviors • Often used in conjunction with sandboxing, hardware solutions, and cloud security • Uses static and dynamic analysis • Can detect unknown threats signature-based solutions cannot • Can detect infections that are present before installation • Can detect that legitimate applications have been hijacked 10
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Malicious software present before install can block installation • Obfuscation can hide malicious behaviors • Prompting end-users can result in infected computers • Behavioral detection negatively impacts system performance • False positives can result in legitimate software being blocked • End-users may not be able to run legitimate software needed to do their jobs 11
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Administrators must keep up to date whitelist of legitimate applications with malicious behavior • Launch processes designed to decrease system performance • Inject malicious code into legitimate software to prevent it from running • Install components shared by multiple legitimate applications to break legitimate applications • Cloud solutions are vulnerable to distributed denial of service attacks 12
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Malicious software has incentive to persist on the endpoint, so most malicious software attempts to • Prevents malicious software from persisting • Restricts access to key Windows file system and registry locations to prevent automatic execution • Provides protection against known and unknown threats • Does not require reactive updating to address new threats 13
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Allows more end-user flexibility than application whitelisting • Superior performance and security solution compatibility • Like whitelisting, malicious software present at time of install is not detected • In-memory threats that do not attempt to persist are not detected • Threats that replace legitimate files are not always detected 14
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • End-users can optionally be given permission to install persistent software • End-users who need to install persistent software will need IT approval • Administrators need to configure automated installs and updates to proceed unhindered • Tools to minimize administrative impact potentially open up security vulnerabilities 15
© 2014 Property of JurInnov Ltd. All Rights Reserved Questions
© 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: eric.vanderburg@jurinnov.com • Twitter: @evanderburg • Facebook: www.facebook.com/VanderburgE • Linkedin: www.linkedin.com/in/evanderburg • Youtube: www.youtube.com/user/evanderburg JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115

Recommended

Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3
Muhammad Talha Zaroon
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer security
PrajktaGN
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
aissa benyahya
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
rashmi1234
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
 

Recommended

Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3Viruses (Lecture) IT Slides # 3
Viruses (Lecture) IT Slides # 3
Muhammad Talha Zaroon
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer security
PrajktaGN
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
aissa benyahya
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
rashmi1234
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergenceCe hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Vi Tính Hoàng Nam
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft
 
Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)
SURBHI SAROHA
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
Tabsheer Hasan
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
ankitmehta21
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
Naor Penso
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
Vi Tính Hoàng Nam
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
Chinatu Uzuegbu
 
Week 12
Week 12Week 12
Week 12
Joey Pierce
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
Ashley Deuble
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
Dilum Bandara
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for Doctors
Plus91 Technologies Pvt. Ltd.
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
arun alfie
 
Ht r32
Ht r32Ht r32
Ht r32
SelectedPresentations
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
Edinburgh Napier University
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 

More Related Content

What's hot

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
ankitmehta21
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 

What's hot (20)

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergenceCe hv6 module 66 security convergence
Ce hv6 module 66 security convergence
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. Hagar
 
Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)Confidentiality policies UNIT 2 (CSS)
Confidentiality policies UNIT 2 (CSS)
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Ce hv6 module 65 patch management
Ce hv6 module 65 patch managementCe hv6 module 65 patch management
Ce hv6 module 65 patch management
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
Week 12
Week 12Week 12
Week 12
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for Doctors
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Ht r32
Ht r32Ht r32
Ht r32
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 

Viewers also liked

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

Viewers also liked (15)

Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidents
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similar to Countering malware threats - Eric Vanderburg

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Imperva
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
Seculert
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Denim Group
 

Similar to Countering malware threats - Eric Vanderburg (20)

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd Kind
 
Imperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindImperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kind
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint security
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail BusinessesA Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
A Profile of the Backoff PoS Malware that Hit 1000+ Retail Businesses
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
spyware
spyware spyware
spyware
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
01 presentation-kenwillen
01 presentation-kenwillen01 presentation-kenwillen
01 presentation-kenwillen
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Mining attackers mind
Mining attackers mindMining attackers mind
Mining attackers mind
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 

More from Eric Vanderburg

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Countering malware threats - Eric Vanderburg

  • 1. Combating malware threats © 2014 Property of JurInnov Ltd. All Rights Reserved Eric A. Vanderburg, MBA, CISSP Director, Information Systems and Security Computer Forensic and Investigation Services
  • 2. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Outline • Security model • Malicious software • Countering malware threats – Whitelisting – Behavioral detection – Automatic execution detection 2
  • 3. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security model • Select security products that provide maximum security without significantly impacting productivity • Have a security model capable of handling direct attack of security solutions present on endpoints – Have a security model with fail-safe protection – Consider security products that use obfuscation – Consider security solutions that are less prominent • Be willing to adapt your security model to address a quickly evolving threat landscape 3
  • 4. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Malicious software • Malicious software development is a for-profit business • There are more threats today than ever before • Threats today are designed to bypass the most prominent security solutions 4
  • 5. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security Trade offs • System performance and resource consumption • Impact on end-user productivity • Increased IT administration requirements 5
  • 6. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved One step ahead • Malicious software developers are familiar with emerging security techniques • Malicious software developers can respond faster than security vendors • Companies are slow to adopt new security solutions 6
  • 7. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Security solution adoption • No need to bypass security solutions that were never installed • Malicious software developers can impede solution adoption • Threats can create false positives that break legitimate software • Threats can increase hassle to administer new security solutions 7
  • 8. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Opposite of signature-based approach • Unknown executable binaries are considered malicious • Usually has three different modes of operation: Lock- down, Prompt, or Audit • Many threats require launching binaries • Effectively stops unknown binaries from executing • Protects against threats signature-based solutions cannot • Does not detect threats that are present at time of installation 8
  • 9. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Application whitelisting • Does not detect threats running inside of approved processes • May not detect malicious scripts • Exploit features designed to increase the usability of whitelisting solutions • File system filter drivers can negatively impact performance • Rarely compatible with other security solutions • End-users may not have the flexibility necessary to perform their jobs • Administering automated installations and updates can be a hassle • Modify legitimate files on disk to get whitelisting solution to prohibit execution • Break the ability to easily install or update software • Degrade system performance 9
  • 10. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Instead of identifying malicious binaries, identify malicious behaviors • Often used in conjunction with sandboxing, hardware solutions, and cloud security • Uses static and dynamic analysis • Can detect unknown threats signature-based solutions cannot • Can detect infections that are present before installation • Can detect that legitimate applications have been hijacked 10
  • 11. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Malicious software present before install can block installation • Obfuscation can hide malicious behaviors • Prompting end-users can result in infected computers • Behavioral detection negatively impacts system performance • False positives can result in legitimate software being blocked • End-users may not be able to run legitimate software needed to do their jobs 11
  • 12. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Behavioral detection • Administrators must keep up to date whitelist of legitimate applications with malicious behavior • Launch processes designed to decrease system performance • Inject malicious code into legitimate software to prevent it from running • Install components shared by multiple legitimate applications to break legitimate applications • Cloud solutions are vulnerable to distributed denial of service attacks 12
  • 13. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Malicious software has incentive to persist on the endpoint, so most malicious software attempts to • Prevents malicious software from persisting • Restricts access to key Windows file system and registry locations to prevent automatic execution • Provides protection against known and unknown threats • Does not require reactive updating to address new threats 13
  • 14. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • Allows more end-user flexibility than application whitelisting • Superior performance and security solution compatibility • Like whitelisting, malicious software present at time of install is not detected • In-memory threats that do not attempt to persist are not detected • Threats that replace legitimate files are not always detected 14
  • 15. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved Automatic execution detection • End-users can optionally be given permission to install persistent software • End-users who need to install persistent software will need IT approval • Administrators need to configure automated installs and updates to proceed unhindered • Tools to minimize administrative impact potentially open up security vulnerabilities 15
  • 16. © 2014 Property of JurInnov Ltd. All Rights Reserved Questions
  • 17. © 2014 Property of JurInnov Ltd. All Rights Reserved© 2014 Property of JurInnov Ltd. All Rights Reserved For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: eric.vanderburg@jurinnov.com • Twitter: @evanderburg • Facebook: www.facebook.com/VanderburgE • Linkedin: www.linkedin.com/in/evanderburg • Youtube: www.youtube.com/user/evanderburg JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115