SlideShare una empresa de Scribd logo

Re-defining Endpoint Protection: Preventing Compromise in the Face of Advanced Attacks

Descargar como PPT, PDF
IBM Security
IBM Security

Traditional endpoint protection solutions have become the punching bag of security. And for good reason. Traditional solutions, including blacklisting and signature-based antivirus, have not kept pace in combating advanced threats and zero-day attacks. Organizations are left defenseless. A new approach is needed that understands the lifecycle of today’s advanced attacks, providing capabilities to assess devices, prevent attacks, detect compromise, investigate the incident and finally remediate the environment. View the full on-demand webcast: https://www.youtube.com/watch?v=Xyw-SV9v9dg

TecnologíaEmpresariales
1 de 36
© 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation Re-defining Endpoint Protection Mike Rothman, Securosis Andy Land, IBM
Re-defining Endpoint Protection Mike Rothman, President mrothman@securosis.com Twitter: @securityincite Advanced Endpoint and Server Protection: Tactics and Techniques
About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys – that’s all we do.
How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore. http://flic.kr/p/9kC2Q1
Milking the AV Cash Cow • Add incremental functions: • HIPS/Heuristics • “Crowd-sourcing” threats • File reputation • Endpoint hygiene
Threat Management Reimagined
Prevention Next you try to stop an attack from being successful. This is where most of the effort in security has gone for the past decade, with mixed (okay, lousy) results. A number of new tactics and techniques are modestly increasing effectiveness, but the simple fact is that you cannot prevent every attack. It has become a question of reducing your attack surface as much as practical. If you can stop the simplistic attacks you can focus on more advanced ones.
Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes http://www.flickr.com/photos/dzingeek/4587871752/
The Negative Security Model http://www.despair.com/tradition.html
Traditional AV But detection of advanced attacks is still problematic if detection is restricted to matching files at runtime. You have no chance to detect zero-day or polymorphic malware attacks
You don’t know what malware is going to look like... But you DO know what software should and should not do. This calls for Advanced Heuristics
Advanced Heuristics Heuristics have evolved to recognize normal application behavior. This dramatically improves accuracy because rules are built and maintained at a specific application-level.
Look for what? • Executables/dependencies • Injected threads • Process creation • System file/configuration/registry changes • File system changes • OS level functions including print screen, network stack changes, key logging, etc. • Turning off protections • Account creation and privilege escalation http://flic.kr/p/6Yz7MB
Application Control • Define a set of authorized executables that can run on a device, and block everything else. • Flexible “trust” model to offer “grace” period to install s/w • Authorized publishers, trusted employees, etc. • Though more flexible trust models weaken security… http://flic.kr/p/97Kqk8
Application Control Use Cases • Servers • Fixed function devices • High value endpoints
Isolation Spin up a walled garden to run applications. If app is compromised (detected using advanced heuristics), the sandbox prevents the application from accessing core device features such as the file system and memory, and prevents the attacker from loading additional malware.
Old concept, New Packaging • Isolation is not new. VM’s in use by sophisticated users for years. • Isolation still needs to use some O/S level services, which provides attack surface. • VM (or isolation) aware malware stays dormant • Sophisticated sophisticated evasion techniques emerging: human interaction, timers, process hiding, etc…
Choosing Prevention • What kind of adversaries do you face? • Which applications are most frequently used? • How disruptive will employees allow the protection to be? • What percentage of devices have been replaced in the past year?
Understanding Effectiveness • Hype, religion and snake oil will be common as vendors look to establish their approach as “best.” • Comparative tests frequently gamed. Provide one data point. • Look for testing outliers and go on from there. http://flic.kr/p/7SrgR3
Summary • Advanced Protection requires a broader view of threat management • Innovation on endpoint/server prevention will accelerate • Shift investment from ineffective legacy prevention to more effective advanced prevention, detection and investigation. http://www.flickr.com/photos/74571262@N08/6710953053/
Read our stuff • Blog • http://securosis.com/blog • Research • http://securosis.com/research • We publish (almost) everything for free • Contribute. Make it better.
Mike Rothman Securosis LLC mrothman@securosis.com http://securosis.com/blog Twitter: @securityincite
© 2014 IBM Corporation IBM Security 24© 2014 IBM Corporation Trusteer Apex
© 2014 IBM Corporation IBM Security 25 Are you fighting a losing battle? IBM Internal Use Only • Humans will always make mistakes • System and application vulnerabilities continue to emerge • Malware detection will always lag
© 2014 IBM Corporation IBM Security 26 Do you have the right weapons? IBM Confidential until May XY, 2014 Fragmented market with point products • Endpoint protection market is highly fragmented with many point solutions - e.g., Sandboxing, application control, whitelisting Major security control gaps • Existing products offer no controls for major attack vectors - e.g., Zero-day exploits, applicative Java attacks Challenging manageability and operations • Advanced threat solutions are difficult and costly to operate • Difficult to scale manual remediation processes to thousands of enterprise endpoints • High false positive rates • Whitelisting processes on endpoints non-manageable
© 2014 IBM Corporation IBM Security 27 Trusteer Apex Preemptive, low-impact defense for enterprise endpoints IBM Confidential until May XY, 2014 ADVANCED MULTI-LAYERED DEFENSE Comprehensive endpoint defense against advanced threats DYNAMIC INTELLIGENCE Advanced threat intelligence collected from tens of millions of endpoints LOW OPERATIONAL IMPACT Low overhead on IT / security teams, transparent to end users Trusteer Apex
© 2014 IBM Corporation IBM Security 28 Apex multi-layered defense architecture IBM Confidential until May XY, 2014 KB to create icon Threat and Risk Reporting Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Exploit Chain Disruption Cloud Based File Inspection Malicious Communication Prevention Lockdown for Java Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud NEW NEW NEW • Alert and prevent phishing and reuse on non- corporate sites • Prevent infections via exploits • Zero-day defense by controlling exploit-chain choke point • Legacy protection against known viruses • Consolidates over 20 AV engines for maximal efficacy and operational simplicity • Block malware communication • Disrupt C&C control • Prevent data exfiltration • Prevent high-risk actions by malicious Java applications
© 2014 IBM Corporation IBM Security 29 No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Controlling exploit-chain chokepoints IBM Confidential until May XY, 2014 Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint File Inspection Endpoint Vulnerability Reporting Credential Protection Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
© 2014 IBM Corporation IBM Security 30 Low operational impact Advanced threat analysis and turnkey service IBM Confidential until May XY, 2014 Eliminate the traditional security team approach (detect, notify, and manually resolve) Low-footprint threat prevention Exceptional turnkey service Low impact to IT security team Minimize impact by blocking only the most sensitive actions Centralized risk assessment service Directly update endpoint users
© 2014 IBM Corporation IBM Security 31 Dynamic intelligence Crowd-sourced expertise in threat research and dynamic intelligence Global Threat Research and Intelligence • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities,17B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Real-time sharing of Trusteer intelligence NEW Phishing Sites URL/Web Categories IP/Domain Reputation Exploit Triage Malware Tracking Zero-day Research IBM Confidential until May XY, 2014
© 2014 IBM Corporation IBM Security 32 Client example: Major heavy equipment manufacturer Protecting endpoints against advanced threats and malware IBM Confidential until May XY, 2014 Business challenge  Protect 10,000 endpoints in multiple international locations  Provide Remote Access to Suppliers, Contractors and Employees  Prevent IP and Technology Data Theft IBM Security Solution: Trusteer Apex Trusteer Apex protects endpoints throughout the threat lifecycle by applying an integrated, multi- layered defense to prevent endpoint compromise for both managed and remote endpoints. Threats are continually analyzed and protections provided by Trusteer’s turnkey service. Discovered 32 threats and 100 suspicious activities within weeks of deployment despite other security products Advanced Threat Protection
© 2014 IBM Corporation IBM Security 33 Apex is essential to the IBM Threat Protection System IBM Confidential - NDA until May 5, 2014 Open Integrations Ready for IBM Security Intelligence Ecosystem Trusteer Apex Endpoint Exploit Chain Disruption IBM Security Network Protection XGS Smarter Prevention IBM Security QRadar Security Intelligence Security Intelligence IBM Emergency Response Services IBM Security QRadar Incident Forensics Continuous Response IBM X-Force Threat Intelligence New real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X- Force Global Threat Intelligence 1 2 3 5 4 Java Lockdown Protection - granular control of untrusted code, cloud-based file inspection, and QRadar integration NEW Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS NEW Data Node appliance, new flow and event APIs, and QRadar Vulnerability Manager scanning improvements NEW Integrated forensics module with full packet search and visual reconstruction of relationships NEW NEWNEW Increased global coverage and expertise related to malware analysis and forensics NEW New functionality from partners including FireEye, TrendMicro, Damballa and other protection vendors
© 2014 IBM Corporation IBM Security 34 Introducing IBM Trusteer Apex Re-defining endpoint protection for the advanced threat landscape Trusteer Fast Facts: Acquired by IBM August 2013 Adds endpoint protection capabilities to the IBM Security Portfolio Unique Integrations Integrated into IBM Threat Protection System Advanced Threat Defense Leaders Analyzing and preventing APT’s for the last 8 years
Disclaimer Please Note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Recomendados

Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry UpdateThomas Springer
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 

Recomendados

Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry UpdateThomas Springer
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applicationseightbit
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
MSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed SecurityMSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed SecurityDavid Castro
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
Fortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsFortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsjasonhaddix
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldDenim Group
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Denim Group
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM Security
 

Más contenido relacionado

La actualidad más candente

Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applicationseightbit
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
MSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed SecurityMSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed SecurityDavid Castro
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principlessluge
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
Fortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsFortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsjasonhaddix
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldDenim Group
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Denim Group
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 

La actualidad más candente (20)

Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
 
MSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed SecurityMSP Mastering the Secrets to Succuss in Managed Security
MSP Mastering the Secrets to Succuss in Managed Security
 
SDL: Secure design principles
SDL: Secure design principlesSDL: Secure design principles
SDL: Secure design principles
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
 
Fortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsFortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabs
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 

Similar a Re-defining Endpoint Protection: Preventing Compromise in the Face of Advanced Attacks

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM Security
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testingCu Nguyen
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...IBM Security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 

Similar a Re-defining Endpoint Protection: Preventing Compromise in the Face of Advanced Attacks (20)

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?
 
Beyond security testing
Beyond security testingBeyond security testing
Beyond security testing
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
C days2015
C days2015C days2015
C days2015
 

Más de IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

Más de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Re-defining Endpoint Protection: Preventing Compromise in the Face of Advanced Attacks

  • 1. © 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation Re-defining Endpoint Protection Mike Rothman, Securosis Andy Land, IBM
  • 2. Re-defining Endpoint Protection Mike Rothman, President mrothman@securosis.com Twitter: @securityincite Advanced Endpoint and Server Protection: Tactics and Techniques
  • 3. About Securosis • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys – that’s all we do.
  • 4.
  • 5. How customers view Endpoint Protection • Compliance is the main driver for endpoint protection • Whether it works or not is not the issue. • And to be clear, traditional anti-malware technology doesn’t work anymore. http://flic.kr/p/9kC2Q1
  • 6. Milking the AV Cash Cow • Add incremental functions: • HIPS/Heuristics • “Crowd-sourcing” threats • File reputation • Endpoint hygiene
  • 8. Prevention Next you try to stop an attack from being successful. This is where most of the effort in security has gone for the past decade, with mixed (okay, lousy) results. A number of new tactics and techniques are modestly increasing effectiveness, but the simple fact is that you cannot prevent every attack. It has become a question of reducing your attack surface as much as practical. If you can stop the simplistic attacks you can focus on more advanced ones.
  • 9. Adversaries: Better and Better Advanced Malware Polymorphism Sophisticated targeting Professional Processes http://www.flickr.com/photos/dzingeek/4587871752/
  • 10. The Negative Security Model http://www.despair.com/tradition.html
  • 11. Traditional AV But detection of advanced attacks is still problematic if detection is restricted to matching files at runtime. You have no chance to detect zero-day or polymorphic malware attacks
  • 12. You don’t know what malware is going to look like... But you DO know what software should and should not do. This calls for Advanced Heuristics
  • 13. Advanced Heuristics Heuristics have evolved to recognize normal application behavior. This dramatically improves accuracy because rules are built and maintained at a specific application-level.
  • 14. Look for what? • Executables/dependencies • Injected threads • Process creation • System file/configuration/registry changes • File system changes • OS level functions including print screen, network stack changes, key logging, etc. • Turning off protections • Account creation and privilege escalation http://flic.kr/p/6Yz7MB
  • 15. Application Control • Define a set of authorized executables that can run on a device, and block everything else. • Flexible “trust” model to offer “grace” period to install s/w • Authorized publishers, trusted employees, etc. • Though more flexible trust models weaken security… http://flic.kr/p/97Kqk8
  • 16. Application Control Use Cases • Servers • Fixed function devices • High value endpoints
  • 17. Isolation Spin up a walled garden to run applications. If app is compromised (detected using advanced heuristics), the sandbox prevents the application from accessing core device features such as the file system and memory, and prevents the attacker from loading additional malware.
  • 18. Old concept, New Packaging • Isolation is not new. VM’s in use by sophisticated users for years. • Isolation still needs to use some O/S level services, which provides attack surface. • VM (or isolation) aware malware stays dormant • Sophisticated sophisticated evasion techniques emerging: human interaction, timers, process hiding, etc…
  • 19. Choosing Prevention • What kind of adversaries do you face? • Which applications are most frequently used? • How disruptive will employees allow the protection to be? • What percentage of devices have been replaced in the past year?
  • 20. Understanding Effectiveness • Hype, religion and snake oil will be common as vendors look to establish their approach as “best.” • Comparative tests frequently gamed. Provide one data point. • Look for testing outliers and go on from there. http://flic.kr/p/7SrgR3
  • 21. Summary • Advanced Protection requires a broader view of threat management • Innovation on endpoint/server prevention will accelerate • Shift investment from ineffective legacy prevention to more effective advanced prevention, detection and investigation. http://www.flickr.com/photos/74571262@N08/6710953053/
  • 22. Read our stuff • Blog • http://securosis.com/blog • Research • http://securosis.com/research • We publish (almost) everything for free • Contribute. Make it better.
  • 24. © 2014 IBM Corporation IBM Security 24© 2014 IBM Corporation Trusteer Apex
  • 25. © 2014 IBM Corporation IBM Security 25 Are you fighting a losing battle? IBM Internal Use Only • Humans will always make mistakes • System and application vulnerabilities continue to emerge • Malware detection will always lag
  • 26. © 2014 IBM Corporation IBM Security 26 Do you have the right weapons? IBM Confidential until May XY, 2014 Fragmented market with point products • Endpoint protection market is highly fragmented with many point solutions - e.g., Sandboxing, application control, whitelisting Major security control gaps • Existing products offer no controls for major attack vectors - e.g., Zero-day exploits, applicative Java attacks Challenging manageability and operations • Advanced threat solutions are difficult and costly to operate • Difficult to scale manual remediation processes to thousands of enterprise endpoints • High false positive rates • Whitelisting processes on endpoints non-manageable
  • 27. © 2014 IBM Corporation IBM Security 27 Trusteer Apex Preemptive, low-impact defense for enterprise endpoints IBM Confidential until May XY, 2014 ADVANCED MULTI-LAYERED DEFENSE Comprehensive endpoint defense against advanced threats DYNAMIC INTELLIGENCE Advanced threat intelligence collected from tens of millions of endpoints LOW OPERATIONAL IMPACT Low overhead on IT / security teams, transparent to end users Trusteer Apex
  • 28. © 2014 IBM Corporation IBM Security 28 Apex multi-layered defense architecture IBM Confidential until May XY, 2014 KB to create icon Threat and Risk Reporting Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Exploit Chain Disruption Cloud Based File Inspection Malicious Communication Prevention Lockdown for Java Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud NEW NEW NEW • Alert and prevent phishing and reuse on non- corporate sites • Prevent infections via exploits • Zero-day defense by controlling exploit-chain choke point • Legacy protection against known viruses • Consolidates over 20 AV engines for maximal efficacy and operational simplicity • Block malware communication • Disrupt C&C control • Prevent data exfiltration • Prevent high-risk actions by malicious Java applications
  • 29. © 2014 IBM Corporation IBM Security 29 No.ofTypes Attack Progression Data exfiltrationExploit Delivery of weaponized content Exploitation of app vulnerability Malware delivery Malware persistency Execution and malicious access to content Establish communication channels Data exfiltration Controlling exploit-chain chokepoints IBM Confidential until May XY, 2014 Pre-exploit 0011100101 1101000010 1111000110 0011001101 Strategic Chokepoint Strategic Chokepoint Strategic Chokepoint File Inspection Endpoint Vulnerability Reporting Credential Protection Destinations (C&C traffic detection) Endless Unpatched and zero-day vulnerabilities (patching) Many Weaponized content (IPS, sandbox) Endless Malicious files (antivirus, whitelisting) Endless Many Malicious behavior activities (HIPs) Exploit Chain Disruption Lockdown for Java Malicious Communication Blocking
  • 30. © 2014 IBM Corporation IBM Security 30 Low operational impact Advanced threat analysis and turnkey service IBM Confidential until May XY, 2014 Eliminate the traditional security team approach (detect, notify, and manually resolve) Low-footprint threat prevention Exceptional turnkey service Low impact to IT security team Minimize impact by blocking only the most sensitive actions Centralized risk assessment service Directly update endpoint users
  • 31. © 2014 IBM Corporation IBM Security 31 Dynamic intelligence Crowd-sourced expertise in threat research and dynamic intelligence Global Threat Research and Intelligence • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities,17B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Real-time sharing of Trusteer intelligence NEW Phishing Sites URL/Web Categories IP/Domain Reputation Exploit Triage Malware Tracking Zero-day Research IBM Confidential until May XY, 2014
  • 32. © 2014 IBM Corporation IBM Security 32 Client example: Major heavy equipment manufacturer Protecting endpoints against advanced threats and malware IBM Confidential until May XY, 2014 Business challenge  Protect 10,000 endpoints in multiple international locations  Provide Remote Access to Suppliers, Contractors and Employees  Prevent IP and Technology Data Theft IBM Security Solution: Trusteer Apex Trusteer Apex protects endpoints throughout the threat lifecycle by applying an integrated, multi- layered defense to prevent endpoint compromise for both managed and remote endpoints. Threats are continually analyzed and protections provided by Trusteer’s turnkey service. Discovered 32 threats and 100 suspicious activities within weeks of deployment despite other security products Advanced Threat Protection
  • 33. © 2014 IBM Corporation IBM Security 33 Apex is essential to the IBM Threat Protection System IBM Confidential - NDA until May 5, 2014 Open Integrations Ready for IBM Security Intelligence Ecosystem Trusteer Apex Endpoint Exploit Chain Disruption IBM Security Network Protection XGS Smarter Prevention IBM Security QRadar Security Intelligence Security Intelligence IBM Emergency Response Services IBM Security QRadar Incident Forensics Continuous Response IBM X-Force Threat Intelligence New real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X- Force Global Threat Intelligence 1 2 3 5 4 Java Lockdown Protection - granular control of untrusted code, cloud-based file inspection, and QRadar integration NEW Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS NEW Data Node appliance, new flow and event APIs, and QRadar Vulnerability Manager scanning improvements NEW Integrated forensics module with full packet search and visual reconstruction of relationships NEW NEWNEW Increased global coverage and expertise related to malware analysis and forensics NEW New functionality from partners including FireEye, TrendMicro, Damballa and other protection vendors
  • 34. © 2014 IBM Corporation IBM Security 34 Introducing IBM Trusteer Apex Re-defining endpoint protection for the advanced threat landscape Trusteer Fast Facts: Acquired by IBM August 2013 Adds endpoint protection capabilities to the IBM Security Portfolio Unique Integrations Integrated into IBM Threat Protection System Advanced Threat Defense Leaders Analyzing and preventing APT’s for the last 8 years
  • 35. Disclaimer Please Note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
  • 36. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.