IT-sikkerhed sep. 15

IT Sikkerhed
McAfee Confidential
Agenda
•  Den generelle status for IT-sikkerhed
•  Tips og gode råd
•  Hvad kan du gøre for at sikre dig selv, din computer, mobil og tablet bedre?
•  Hvordan kan du genkende hvis der er nogle ”phishing” /fiske emails eller telefonopkald
•  Kodeord - Password: Hvordan laver du forskellige sikre password du let kan huske.
•  Programmer der kan hjælpe med at huske password
•  Er IT-kriminelle i stand til at bryde ind hvor som helst og lamme samfundet?
•  El og-vandforsyning, hospitalsvæsen, bankverdenen, kommunerne og staten
•  Sådan arbejder et IT-sikkerheds firma
•  IT-sikkerhed i fremtiden
•  Spørgsmål og svar
McAfee Confidential
McAfee Confidential
3
McAfee Confidential
4
McAfee Confidential
5
Sikkerhed er mange ting
•  Forskellen
•  At føle sig sikker
•  At være sikker
•  Budskabet har betydning for modtageren
•  Folks opfattelse og forståelse af sikkerhed
•  Er problemet selvforskyldt?
•  Kører du på vinterdæk om vinteren?
•  Kører du bilen til service, syn etc.
•  Hvor mange sikkerhedsteknologier har du i bilen?
McAfee Confidential
Det reelle trusselsbillede
•  Hvordan ser det ud?
•  Hvad kan vi forvente?
•  Ransomware, Sociale medie, Mobility, Mac OS, Android ...
•  Hvad skal vi være opmærksomme på?
•  Informationer
•  Prioritering af sikkerhed, er vi parate?
McAfee Confidential
Et ord som dækker it-sikkerhedsudfordringerne
Kompleksitet
Vi arbejder for at lukke alle huller, it-kriminelle skal bare finde et....
Sikkerhed må og kan ikke ses og håndteres som ”siloer”
Bedste sikkerhed er en samlet helhedsløsning
McAfee Confidential
Kompleksiteten
•  Forbrugerstyret IT (Consumerization of IT)
•  Brugerne anvender deres private enheder til arbejde
•  Kombiner Windows og Mac – iOS, Android ...
•  Sociale medier
•  Mail og messenger indbygget i web
•  Diversitet af enheder
•  Smartphones, Tablets, operativsystemer
•  Cloud
•  Dropbox, OneDrive, Google Drive, iCloud, delt mellem mange enheder
•  App eksplosion
•  Mere end mail og web
McAfee Confidential
Hvordan ser
trusselsbilledet ud
McAfee Confidential
McAfee Confidential
Hvem er målet
•  Dig via din computer eller mobil/tablet
McAfee Confidential
“Indgange” til din computer
•  Dig
•  Web
•  Email
•  USB
•  Telefon opkald
•  Snyder dig – “Social engineering”
•  Uvidende – “huller”/sårbarheder i systemet/programmer
•  Udnytter sårbarheder i:
•  Browser
•  Flash
•  PDF
•  JAVA
McAfee Confidential
The Problem
“More than 95 percent of all attacks tied to state-affiliated espionage employed
phishing as a means of establishing a foothold in their intended victims'systems.”
Verizon, 2014 Data Breach Investigations Report
McAfee Confidential
Forløb
McAfee Confidential
Beskyt dine
informationer
McAfee Confidential
Informationer
•  Backup – beskyt dine billeder og dokumenter
•  Skal være gemt et andet sted fysisk end på din computer eller tablet/smartphone
•  Password / Kodeord
•  Brug forskellige password på hvert sted
•  Brug en algoritme
•  Brug Password manager
McAfee Confidential
Ransomware
“afpresning”
McAfee Confidential
Ransomware
•  Malware som krypterer alle dine dokumenter som er tilgægelig på din computer
•  Kræver betaling for at få nøglen til at få adgang til dokumenterne igen
•  >40% betaler for at få adgang til dokumenterne igen
McAfee Confidential
Betal for at få nøglen
ellers slettes den efter 72
timer
Cryptolocker
kommer ind på din
computer
McAfee Confidential
Krypterer alle dine
dokumenter og billeder
Fjerner så krypteringen
McAfee Confidential
Opensource tilgængelig på github.com
McAfee Confidential
Key Trend
Ransomware
•  Ransomware continues to grow very rapidly – with the number of new ransomware samples rising
58% in Q2. The total number of ransomware samples grew 127% over the past year.
•  We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others.
McAfee Confidential
Phishing
McAfee Confidential
Test din Phishing viden…
https://phishingquiz.mcafee.com/
McAfee Confidential
Personer fra Danmark får kun 69% rigtige…
McAfee Confidential
Key Trend
Phishing URLs
McAfee Confidential
Password /
Kodeord
McAfee Confidential
Kodeords algortime
•  Have en kode du altid kan huske
•  De#5smaa !
•  Tag en del af det domaine navn du hvor du skal bruge et kodeord
•  Facebook
=
kDe#5smaaFa!
•  Gmail
=
lDe#5smaaGm!
•  Linkedin
=
nDe#5smaaLi!
•  Dr
=
rDe#5smaaDr!
•  Algoritme. Tag det sidste bogstav sæt det forrest og tag de to foreste bogstaver og sæt
dem næst bagerst med stort forbogstav
McAfee Confidential
Password / Kodeord
•  LastPass
•  Lastpass Wallet til din mobil eller tablet
•  Husk på dine vigtige informationer
•  Web: www.lastpass.com
McAfee Confidential
Lastpass wallet
McAfee Confidential
Mobile / Tablet
McAfee Confidential
Sårbare
•  Android har mange sårbarheder
•  Problemer med rettelser til gamle enheder
•  IOS er utrolig sikker mod malware
•  Der er ikke noget antivirus tilladt eller muligt
•  Designet sikkert OS fra bunden
•  Jailbroken IOS devices er dårligere stillet end Android
McAfee Confidential
Walled Garden
https://en.wikipedia.org/wiki/Closed_platform
McAfee Confidential
34
There are 345 new
threats every minute,
or almost
6 every second.
Source: McAfee Labs
McAfee Confidential
Threat Trends – Q2 2015
Source: McAfee Labs
McAfee Confidential
36
McAfee GTI Metrics
Q2 2015
•  6.7 million attempts per hour were made to entice our customers into connecting to risky
URLs (via emails, browser searches, etc.)
•  19.2 million infected files per hour were exposed to our customers’ networks
•  7 million PUPs per hour attempted installation or launch
•  2.3 million attempts per hour were made by our customers to connect to risky IP
addresses or those addresses attempted to connect to customers’ networks
McAfee Confidential
37
Key Trend
Malware
•  The McAfee Labs malware zoo grew 12% from Q1 to Q2. It now contains more than 433 million
samples.
McAfee Confidential
Key Trend
Mobile Malware
•  The total number of mobile malware samples grew 17% in Q2.
McAfee Confidential
Key Trend
Ransomware
•  Ransomware continues to grow very rapidly – with the number of new ransomware samples rising
58% in Q2. The total number of ransomware samples grew 127% over the past year.
•  We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others.
McAfee Confidential
Key Trend
Rootkits
McAfee Confidential
Key Trend
Malicious Signed Binaries
McAfee Confidential
Key Trend
Suspect URLs
McAfee Confidential
Key Trend
Phishing URLs
McAfee Confidential
Key Trend
Messaging Threats
McAfee Confidential
Hvad kan du
gøre…
McAfee Confidential
Vedligehold programmerne
•  Patching….
•  OS
•  Browser
•  PDF reader
•  Flash
•  ….
•  www.Secunia.dk
•  PSI – Identificier programmerne med kendte sårbarheder
McAfee Confidential
Hvor bevæger du dig hen på nettet?
•  Få gratis “rådgivning” i din browser
•  http://www.siteadvisor.com
McAfee Confidential
Effektive løsninger
•  Anvend ikke Windows som lokal administrator
•  Brug “Kør som” – “Run As” når du skal være
administrator
•  Kør browser i lukket virtual maskine
•  https://www.virtualbox.org
McAfee Confidential
McAfee Confidential
•  Microsoft
•  Enhanced Mitigation Experience Toolkit
–  www.Microsoft.com/emet
•  Process Explorer
–  https://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
•  McAfee Raport
•  http://www.mcafee.com/us/downloads/free-tools/raptor.aspx
McAfee Confidential
51
McAfee Confidential
52
​ McAfee Labs
​ Threats Report
​ August 2015
•  Speaker Name | Title
.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective
The attacker profile has changed.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective
Increasingly evasive malware and long-running attacks.
McAfee Confidential
Key Topic
Intel + Massive
McAfee:
five-year
retrospective
increasea
in the
types and volume
of devices.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective
Cybercrime has transformed into a full-fledged industry.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective
We have witnessed the transformation of cybercrime into a fullfledged industry with suppliers, markets, service providers,
financing, trading systems, and a proliferation of business models.
McAfee Confidential
Key Topic
Data exfiltration: an important step in the
cyber thief’s journey
Typical data exfiltration architecture
McAfee Confidential
Key Topic
Data exfiltration: an important step in the
cyber thief’s journey
Data transports
McAfee Confidential
Key Topic
Data exfiltration: an important step in the
cyber thief’s journey
Data manipulation
McAfee Confidential
Key Topic
Data exfiltration: an important step in the
cyber thief’s journey
Recommended policies and procedures to protect against data exfiltration
McAfee Confidential
Key Topic
GPU malware: separating fact from fiction
Not a perfect storm!
•  Moving malicious code from the CPU and host memory reduces
the detection surface, making it more difficult for host-based
defenses to detect attacks.
•  However, the detection surface has not been completely
eliminated. Trace elements of malicious activity remain, allowing
endpoint security products to detect and remediate the threat.
McAfee Confidential
Kan vores infrastruktur blive
lammet?
McAfee Confidential
McAfee Confidential
McAfee Confidential
•  In October 2012, U.S. defense secretary Leon Panetta warned that the United States
was vulnerable to a “cyber Pearl Harbor” that could derail trains, poison water supplies,
and cripple power grids. The next month, Chevron confirmed the speculation by
becoming the first U.S. corporation to admit that Stuxnet had spread across its machines.
McAfee Confidential
67
Hvordan arbejder vi
McAfee Confidential
McAfee Confidential
McAfee Confidential
How Reputations Work
With Global Threat Intelligence
Network
Sensor
Endpoint
Sensor
McAfee Confidential
Global
Reputation
The Cyber Kill Chain®
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions & Objectives
Source: http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html
McAfee Confidential
Kill-chain
McAfee Confidential
McAfee Confidential
IT Security – current tech
 August 2015
 Steen Pedersen | Principal Consultant – Endpoint Practice Lead
Agenda
•  Selections of interesting modern IT Security
•  Security Connected
•  Data Exchange Layer – DXL
•  Threat Intelligence Exchange - TIE
•  Intel has defined countless standards
•  Advanced Threat Defense - ATD
•  Back to the future – whitelisting
•  Enhanced security for current and legacy OS
McAfee Confidential
Building Security By Silo
Technology Acquisition Process Has Delivered Security Chaos
Endpoint
Protection
McAfee Confidential
Firewall
Gateway
Security
Network IPS
Compliance
Data
Protection
Mobility
Analytics
78
Building Security By Silo
Creating a False Sense of Security
TCO
CapEx + OpEx
Security
Posture
Layered Tools
Point Products
Parity
McAfee Confidential
TIME
Advancement
79
Optimizing Security Infrastructure
Delivering Operationally Effective Security
Connected
Architecture
TCO
CapEx + OpEx
Security
Posture
Layered Tools
Point Products
Parity
McAfee Confidential
TIME
Advancement
80
– 
History of Defining
Largest Dedicated
Delivering a Next Generation
Architecture
Security Provider
Security Architecture
Inventor of the world’s most
–  Broadest security product
Defining innovative industry approaches forcoverage
collaborative
widely used – 
computing
in the industry
and adaptive security
architecture
–  Complete portfolio focused upon
–  Defining countless
standards
–  Introducing security integrations which are security
sustainable
used in everydayand
lives
ranging
broadly reaching
–  Leadership position in 6 of 8
from USB, WiFi, to IoT
Gartner Security
Magic
–  Developing capabilities for new security paradigms
in
–  Top 10 Most Influential Brands
Quadrants
areas such as Software Defined Datacenter, Cloud, and
in the World
IoT
McAfee Confidential
81
McAfee Security Connected Evolution
Debunking Common Obstacles
A Connected Services
Architecture is not…
•  A Single Vendor Solution
•  A Monolithic Architecture
•  The Continuous Addition of New
Technologies
•  A New Environment Requiring
More Resources to Maintain
•  Massive Rip/Replace of Security
Infrastructure
McAfee Confidential
82
​ The Data Exchange Layer (DXL)
The Fabric of Security Connected
McAfee Confidential
Data Exchange Layer
Standardize integration and communication to break down operational silos
Disjointed API-Based
Integrations
McAfee Confidential
Collaborative Fabric-Based
Ecosystem (DXL)
Result
Result
Slow, heavy, and burdensome
Fast, lightweight, and streamlined
Complex and expensive to maintain
Simplified and reduced TCO
Limited vendor participation
Open vendor participation
Fragmented visibility
Holistic visibility
Traditional Siloed Protection
Series of isolated fights: adapt manually, and sometimes not at all
Individual technologies may be
extremely effective, but security
infrastructure does not learn from
encounters
Prebreach
McAfee Confidential
Postbreach
Security Connected Protection
Orchestrated and automated responses: adapt in real time
Apply insights immediately
throughout a collaborative
infrastructure
Prebreach
McAfee Confidential
Postbreach
CompleteaProtection
Enabling
Next
From Endpoint to
Generation
Network
Architecture
ATD
Web / Mail Gateway
SIA Partners /
3rd Parties
SIEM
NGFW
DLP
McAfee Active
Response
Threat
Intelligence
Exchange
NSP
.
McAfee Confidential
87
Threat Landscape
362
New threats every minute, or more than 6 every second
13%
Growth of the McAfee Labs malware zoo between Q4 2014 and Q1 2015
49%
Rise in mobile malware samples from Q4 2014 to Q1 2015
81%
Jump in new suspect URLs found in Q1 2015 compared to Q4 2014
165%
Increase in new ransomware in Q1 2015
317%
Growth in Adobe Flash exploits in Q1 2015
400,000,000+
Unique malware samples in the McAfee Labs Zoo as of Q1 2015
Source: McAfee Labs Threats Report: 1st Quarter 2015
McAfee Confidential
88
What Is Advanced Malware?
Typically
Criminal
Stealthy
Targeted
Unknown
Evades
Legacy-based
Defenses
Discovered
After the Fact
Theft
Sabotage
Espionage
Data loss
Costly clean-up
Long-term damage
Key Challenges
•  Existing blocking and prevention capabilities are
insufficient to protect against motivated, advanced
attackers.
•  Many of these attacks are not advanced in techniques;
they are simply designed to bypass traditional signaturebased mechanisms.
Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014)
McAfee Confidential
89
Comprehensive Layered Approach
White/
Black
Listing
GTI
AV
Real-time Emulation
Dynamic and
Static Code
Number of
Samples You
Can Process
Known Good
Known Bad
Emulation
File Execution
Compute Cycles Needed/Time to Process
McAfee Confidential
90
McAfee Application Control
Pro-Active Protection Through System Hardening
Back to the future…
Know what to trust
McAfee Confidential
How Whitelisting Works
The Basics
Create Whitelist
Whitelist
EXE
SYS
Solidify / Harden System
EXE
Block Unauthorized
Applications
McAfee Confidential
DLL
BAT
The Trust Model
What to do after the whitelist
Trusted Updaters
Trusted Certificates
Trusted Directories
Trusted Users
McAfee Confidential
Self-Approval (Desktop User Experience)
•  A non-whitelisted app can be approved by
the end user
•  This mode is for users/systems who make
frequent changes (not for all)
•  The admin will audit these self-approvals
and decide to Accept/Reject
•  This is also a get-your-feet-wet-withwhitelisting mode
McAfee Confidential
Summary of User Types
Increasing order of privilege
Trusted Users
Not subject to whitelist restrictions (e.g.: IT admin)
Users who can Self-Approve
Non-whitelisted file is blocked but user can override prevention
and execute (e.g.: Developers)
Regular Users
Non-whitelisted files are blocked and user is notified
McAfee Confidential
Supported Environments
Windows Embedded XPE, 7, 8, 8.1
Windows XP, 7, 8, 8.1
Windows Server 2003 (R2), 2008 (R2),
2012 (R2)
RHEL, SLES, OpenSuSE, OpenLinux, CentOS, Ubuntu
Solaris
Source: https://kc.mcafee.com/corporate/index?page=content&id=KB73341
McAfee Confidential
Cost Savings
•  Improved Protection
•  From Targeted Attacks and Advanced Persistent Threats (APTs)
•  Visibility of Applications in Enterprise
•  How many are reputed and how many are not
•  No More Patch Panic
•  MP & AWL will provide coverage and eliminates urgency for security
patches
•  Extending Life of Legacy Systems
•  Win NT, Win 2000, XP and 2003
•  Improved System Performance
•  Negligible CPU & Memory usage (vital for ATMs, POS, Kiosks)
•  No degradation to app responsiveness and server throughput
.
McAfee Confidential
98
Information
•  http://www.mcafee.com/tie
•  http://www.mcafee.com/uk/resources/misc/infographic-connected-security-yields-smarterdefenses.pdf
McAfee Confidential
99