IT Sikkerhed McAfee Confidential Agenda • Den generelle status for IT-sikkerhed • Tips og gode råd • Hvad kan du gøre for at sikre dig selv, din computer, mobil og tablet bedre? • Hvordan kan du genkende hvis der er nogle ”phishing” /fiske emails eller telefonopkald • Kodeord - Password: Hvordan laver du forskellige sikre password du let kan huske. • Programmer der kan hjælpe med at huske password • Er IT-kriminelle i stand til at bryde ind hvor som helst og lamme samfundet? • El og-vandforsyning, hospitalsvæsen, bankverdenen, kommunerne og staten • Sådan arbejder et IT-sikkerheds firma • IT-sikkerhed i fremtiden • Spørgsmål og svar McAfee Confidential McAfee Confidential 3 McAfee Confidential 4 McAfee Confidential 5 Sikkerhed er mange ting • Forskellen • At føle sig sikker • At være sikker • Budskabet har betydning for modtageren • Folks opfattelse og forståelse af sikkerhed • Er problemet selvforskyldt? • Kører du på vinterdæk om vinteren? • Kører du bilen til service, syn etc. • Hvor mange sikkerhedsteknologier har du i bilen? McAfee Confidential Det reelle trusselsbillede • Hvordan ser det ud? • Hvad kan vi forvente? • Ransomware, Sociale medie, Mobility, Mac OS, Android ... • Hvad skal vi være opmærksomme på? • Informationer • Prioritering af sikkerhed, er vi parate? McAfee Confidential Et ord som dækker it-sikkerhedsudfordringerne Kompleksitet Vi arbejder for at lukke alle huller, it-kriminelle skal bare finde et.... Sikkerhed må og kan ikke ses og håndteres som ”siloer” Bedste sikkerhed er en samlet helhedsløsning McAfee Confidential Kompleksiteten • Forbrugerstyret IT (Consumerization of IT) • Brugerne anvender deres private enheder til arbejde • Kombiner Windows og Mac – iOS, Android ... • Sociale medier • Mail og messenger indbygget i web • Diversitet af enheder • Smartphones, Tablets, operativsystemer • Cloud • Dropbox, OneDrive, Google Drive, iCloud, delt mellem mange enheder • App eksplosion • Mere end mail og web McAfee Confidential Hvordan ser trusselsbilledet ud McAfee Confidential McAfee Confidential Hvem er målet • Dig via din computer eller mobil/tablet McAfee Confidential “Indgange” til din computer • Dig • Web • Email • USB • Telefon opkald • Snyder dig – “Social engineering” • Uvidende – “huller”/sårbarheder i systemet/programmer • Udnytter sårbarheder i: • Browser • Flash • PDF • JAVA McAfee Confidential The Problem “More than 95 percent of all attacks tied to state-affiliated espionage employed phishing as a means of establishing a foothold in their intended victims'systems.” Verizon, 2014 Data Breach Investigations Report McAfee Confidential Forløb McAfee Confidential Beskyt dine informationer McAfee Confidential Informationer • Backup – beskyt dine billeder og dokumenter • Skal være gemt et andet sted fysisk end på din computer eller tablet/smartphone • Password / Kodeord • Brug forskellige password på hvert sted • Brug en algoritme • Brug Password manager McAfee Confidential Ransomware “afpresning” McAfee Confidential Ransomware • Malware som krypterer alle dine dokumenter som er tilgægelig på din computer • Kræver betaling for at få nøglen til at få adgang til dokumenterne igen • >40% betaler for at få adgang til dokumenterne igen McAfee Confidential Betal for at få nøglen ellers slettes den efter 72 timer Cryptolocker kommer ind på din computer McAfee Confidential Krypterer alle dine dokumenter og billeder Fjerner så krypteringen McAfee Confidential Opensource tilgængelig på github.com McAfee Confidential Key Trend Ransomware • Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58% in Q2. The total number of ransomware samples grew 127% over the past year. • We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others. McAfee Confidential Phishing McAfee Confidential Test din Phishing viden… https://phishingquiz.mcafee.com/ McAfee Confidential Personer fra Danmark får kun 69% rigtige… McAfee Confidential Key Trend Phishing URLs McAfee Confidential Password / Kodeord McAfee Confidential Kodeords algortime • Have en kode du altid kan huske • De#5smaa ! • Tag en del af det domaine navn du hvor du skal bruge et kodeord • Facebook = kDe#5smaaFa! • Gmail = lDe#5smaaGm! • Linkedin = nDe#5smaaLi! • Dr = rDe#5smaaDr! • Algoritme. Tag det sidste bogstav sæt det forrest og tag de to foreste bogstaver og sæt dem næst bagerst med stort forbogstav McAfee Confidential Password / Kodeord • LastPass • Lastpass Wallet til din mobil eller tablet • Husk på dine vigtige informationer • Web: www.lastpass.com McAfee Confidential Lastpass wallet McAfee Confidential Mobile / Tablet McAfee Confidential Sårbare • Android har mange sårbarheder • Problemer med rettelser til gamle enheder • IOS er utrolig sikker mod malware • Der er ikke noget antivirus tilladt eller muligt • Designet sikkert OS fra bunden • Jailbroken IOS devices er dårligere stillet end Android McAfee Confidential Walled Garden https://en.wikipedia.org/wiki/Closed_platform McAfee Confidential 34 There are 345 new threats every minute, or almost 6 every second. Source: McAfee Labs McAfee Confidential Threat Trends – Q2 2015 Source: McAfee Labs McAfee Confidential 36 McAfee GTI Metrics Q2 2015 • 6.7 million attempts per hour were made to entice our customers into connecting to risky URLs (via emails, browser searches, etc.) • 19.2 million infected files per hour were exposed to our customers’ networks • 7 million PUPs per hour attempted installation or launch • 2.3 million attempts per hour were made by our customers to connect to risky IP addresses or those addresses attempted to connect to customers’ networks McAfee Confidential 37 Key Trend Malware • The McAfee Labs malware zoo grew 12% from Q1 to Q2. It now contains more than 433 million samples. McAfee Confidential Key Trend Mobile Malware • The total number of mobile malware samples grew 17% in Q2. McAfee Confidential Key Trend Ransomware • Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58% in Q2. The total number of ransomware samples grew 127% over the past year. • We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others. McAfee Confidential Key Trend Rootkits McAfee Confidential Key Trend Malicious Signed Binaries McAfee Confidential Key Trend Suspect URLs McAfee Confidential Key Trend Phishing URLs McAfee Confidential Key Trend Messaging Threats McAfee Confidential Hvad kan du gøre… McAfee Confidential Vedligehold programmerne • Patching…. • OS • Browser • PDF reader • Flash • …. • www.Secunia.dk • PSI – Identificier programmerne med kendte sårbarheder McAfee Confidential Hvor bevæger du dig hen på nettet? • Få gratis “rådgivning” i din browser • http://www.siteadvisor.com McAfee Confidential Effektive løsninger • Anvend ikke Windows som lokal administrator • Brug “Kør som” – “Run As” når du skal være administrator • Kør browser i lukket virtual maskine • https://www.virtualbox.org McAfee Confidential McAfee Confidential • Microsoft • Enhanced Mitigation Experience Toolkit – www.Microsoft.com/emet • Process Explorer – https://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx • McAfee Raport • http://www.mcafee.com/us/downloads/free-tools/raptor.aspx McAfee Confidential 51 McAfee Confidential 52 McAfee Labs Threats Report August 2015 • Speaker Name | Title . McAfee Confidential Key Topic Intel + McAfee: a five-year retrospective The attacker profile has changed. McAfee Confidential Key Topic Intel + McAfee: a five-year retrospective Increasingly evasive malware and long-running attacks. McAfee Confidential Key Topic Intel + Massive McAfee: five-year retrospective increasea in the types and volume of devices. McAfee Confidential Key Topic Intel + McAfee: a five-year retrospective Cybercrime has transformed into a full-fledged industry. McAfee Confidential Key Topic Intel + McAfee: a five-year retrospective We have witnessed the transformation of cybercrime into a fullfledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models. McAfee Confidential Key Topic Data exfiltration: an important step in the cyber thief’s journey Typical data exfiltration architecture McAfee Confidential Key Topic Data exfiltration: an important step in the cyber thief’s journey Data transports McAfee Confidential Key Topic Data exfiltration: an important step in the cyber thief’s journey Data manipulation McAfee Confidential Key Topic Data exfiltration: an important step in the cyber thief’s journey Recommended policies and procedures to protect against data exfiltration McAfee Confidential Key Topic GPU malware: separating fact from fiction Not a perfect storm! • Moving malicious code from the CPU and host memory reduces the detection surface, making it more difficult for host-based defenses to detect attacks. • However, the detection surface has not been completely eliminated. Trace elements of malicious activity remain, allowing endpoint security products to detect and remediate the threat. McAfee Confidential Kan vores infrastruktur blive lammet? McAfee Confidential McAfee Confidential McAfee Confidential • In October 2012, U.S. defense secretary Leon Panetta warned that the United States was vulnerable to a “cyber Pearl Harbor” that could derail trains, poison water supplies, and cripple power grids. The next month, Chevron confirmed the speculation by becoming the first U.S. corporation to admit that Stuxnet had spread across its machines. McAfee Confidential 67 Hvordan arbejder vi McAfee Confidential McAfee Confidential McAfee Confidential How Reputations Work With Global Threat Intelligence Network Sensor Endpoint Sensor McAfee Confidential Global Reputation The Cyber Kill Chain® Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions & Objectives Source: http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html McAfee Confidential Kill-chain McAfee Confidential McAfee Confidential IT Security – current tech August 2015 Steen Pedersen | Principal Consultant – Endpoint Practice Lead Agenda • Selections of interesting modern IT Security • Security Connected • Data Exchange Layer – DXL • Threat Intelligence Exchange - TIE • Intel has defined countless standards • Advanced Threat Defense - ATD • Back to the future – whitelisting • Enhanced security for current and legacy OS McAfee Confidential Building Security By Silo Technology Acquisition Process Has Delivered Security Chaos Endpoint Protection McAfee Confidential Firewall Gateway Security Network IPS Compliance Data Protection Mobility Analytics 78 Building Security By Silo Creating a False Sense of Security TCO CapEx + OpEx Security Posture Layered Tools Point Products Parity McAfee Confidential TIME Advancement 79 Optimizing Security Infrastructure Delivering Operationally Effective Security Connected Architecture TCO CapEx + OpEx Security Posture Layered Tools Point Products Parity McAfee Confidential TIME Advancement 80 – History of Defining Largest Dedicated Delivering a Next Generation Architecture Security Provider Security Architecture Inventor of the world’s most – Broadest security product Defining innovative industry approaches forcoverage collaborative widely used – computing in the industry and adaptive security architecture – Complete portfolio focused upon – Defining countless standards – Introducing security integrations which are security sustainable used in everydayand lives ranging broadly reaching – Leadership position in 6 of 8 from USB, WiFi, to IoT Gartner Security Magic – Developing capabilities for new security paradigms in – Top 10 Most Influential Brands Quadrants areas such as Software Defined Datacenter, Cloud, and in the World IoT McAfee Confidential 81 McAfee Security Connected Evolution Debunking Common Obstacles A Connected Services Architecture is not… • A Single Vendor Solution • A Monolithic Architecture • The Continuous Addition of New Technologies • A New Environment Requiring More Resources to Maintain • Massive Rip/Replace of Security Infrastructure McAfee Confidential 82 The Data Exchange Layer (DXL) The Fabric of Security Connected McAfee Confidential Data Exchange Layer Standardize integration and communication to break down operational silos Disjointed API-Based Integrations McAfee Confidential Collaborative Fabric-Based Ecosystem (DXL) Result Result Slow, heavy, and burdensome Fast, lightweight, and streamlined Complex and expensive to maintain Simplified and reduced TCO Limited vendor participation Open vendor participation Fragmented visibility Holistic visibility Traditional Siloed Protection Series of isolated fights: adapt manually, and sometimes not at all Individual technologies may be extremely effective, but security infrastructure does not learn from encounters Prebreach McAfee Confidential Postbreach Security Connected Protection Orchestrated and automated responses: adapt in real time Apply insights immediately throughout a collaborative infrastructure Prebreach McAfee Confidential Postbreach CompleteaProtection Enabling Next From Endpoint to Generation Network Architecture ATD Web / Mail Gateway SIA Partners / 3rd Parties SIEM NGFW DLP McAfee Active Response Threat Intelligence Exchange NSP . McAfee Confidential 87 Threat Landscape 362 New threats every minute, or more than 6 every second 13% Growth of the McAfee Labs malware zoo between Q4 2014 and Q1 2015 49% Rise in mobile malware samples from Q4 2014 to Q1 2015 81% Jump in new suspect URLs found in Q1 2015 compared to Q4 2014 165% Increase in new ransomware in Q1 2015 317% Growth in Adobe Flash exploits in Q1 2015 400,000,000+ Unique malware samples in the McAfee Labs Zoo as of Q1 2015 Source: McAfee Labs Threats Report: 1st Quarter 2015 McAfee Confidential 88 What Is Advanced Malware? Typically Criminal Stealthy Targeted Unknown Evades Legacy-based Defenses Discovered After the Fact Theft Sabotage Espionage Data loss Costly clean-up Long-term damage Key Challenges • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. • Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signaturebased mechanisms. Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) McAfee Confidential 89 Comprehensive Layered Approach White/ Black Listing GTI AV Real-time Emulation Dynamic and Static Code Number of Samples You Can Process Known Good Known Bad Emulation File Execution Compute Cycles Needed/Time to Process McAfee Confidential 90 McAfee Application Control Pro-Active Protection Through System Hardening Back to the future… Know what to trust McAfee Confidential How Whitelisting Works The Basics Create Whitelist Whitelist EXE SYS Solidify / Harden System EXE Block Unauthorized Applications McAfee Confidential DLL BAT The Trust Model What to do after the whitelist Trusted Updaters Trusted Certificates Trusted Directories Trusted Users McAfee Confidential Self-Approval (Desktop User Experience) • A non-whitelisted app can be approved by the end user • This mode is for users/systems who make frequent changes (not for all) • The admin will audit these self-approvals and decide to Accept/Reject • This is also a get-your-feet-wet-withwhitelisting mode McAfee Confidential Summary of User Types Increasing order of privilege Trusted Users Not subject to whitelist restrictions (e.g.: IT admin) Users who can Self-Approve Non-whitelisted file is blocked but user can override prevention and execute (e.g.: Developers) Regular Users Non-whitelisted files are blocked and user is notified McAfee Confidential Supported Environments Windows Embedded XPE, 7, 8, 8.1 Windows XP, 7, 8, 8.1 Windows Server 2003 (R2), 2008 (R2), 2012 (R2) RHEL, SLES, OpenSuSE, OpenLinux, CentOS, Ubuntu Solaris Source: https://kc.mcafee.com/corporate/index?page=content&id=KB73341 McAfee Confidential Cost Savings • Improved Protection • From Targeted Attacks and Advanced Persistent Threats (APTs) • Visibility of Applications in Enterprise • How many are reputed and how many are not • No More Patch Panic • MP & AWL will provide coverage and eliminates urgency for security patches • Extending Life of Legacy Systems • Win NT, Win 2000, XP and 2003 • Improved System Performance • Negligible CPU & Memory usage (vital for ATMs, POS, Kiosks) • No degradation to app responsiveness and server throughput . McAfee Confidential 98 Information • http://www.mcafee.com/tie • http://www.mcafee.com/uk/resources/misc/infographic-connected-security-yields-smarterdefenses.pdf McAfee Confidential 99
© Copyright 2024