Top 9 Mistakes of APT Victims:   What They Are and What You Can Do To Prevent Them                        © 2013 Monterey ...
Brought to you by               www.lumension.comSpeaker      Chris Merritt – Director, Solution Marketing
Preview of Key Points 1. Allowing open attack surfaces without securing    configurations 2. Permitting unlocked ports and...
Risk Real and Percieved Do you think you could be a target How confident are you that you could detect  an APT attack?© ...
1. Allowing open attack surfaces                         without securing configurations Examples  Automatic proxy detec...
2. Permitting unlocked ports                                        and unfettered device usage Feds: Infected USB drive ...
3. Failing to use centralized                                            vulnerability remediation  There are too many tw...
4. Allowing untrusted                                          software to execute This is the single most effective way ...
5. Failing to follow existing security                                                 policies/procedures and use        ...
6. Permitting open policies for                                       privileged user authority RSA SecurID incident invo...
7. Not engaging in consistent                                    end-user security awareness RSA SecurID incident occurre...
8. Failing to leverage logging                                                    and to set up traps Most organizations ...
9. Permitting Malware                                        beaconing and exfiltration  A EXE file must be installed and...
Bottom Line Most of these are little things But with APTs it only takes one  One user  One PC  One setting or vulnera...
Brought to you by               www.lumension.comSpeaker      Chris Merritt – Director, Solution Marketing
Defense-in-Depth Strategy                                              Successful risk mitigation                       AV...
Mapping  Top Mistakes                                         How Lumension Helps  1. Allowing open attack surfaces withou...
More Information• Free Security Scanner Tools                    • Get a Quote (and more) » Vulnerability Scanner – discov...
Upcoming SlideShare
Loading in …5
×

Top 9 Mistakes of APT Victims: What They Are and What You Can Do To Prevent Them

492
-1

Published on

A couple years ago, Bruce Schneier said that against an APT attacker, “the absolute level of your security is what's important. It doesn't matter how secure you are compared to your peers; all that matters is whether you're secure enough to keep him out.” Those words have proven true over and over again. APT attackers don’t move on to the next target as soon as they see your security is a little above average.

In this age, when you have to do everything right to protect your network, it pays to look at what other people do wrong and learn from their mistakes. We are going to do just that in this webinar. Based on public and unpublished APT incidents, Rand Franklin Smith of Ultimate Windows Security has gathered a list of 9 different things that show up repeatedly:
1. Allowing open attack surfaces without securing configurations
2. Permitting unlocked ports and unfettered device usage
3. Failing to use centralized vulnerability remediation
4. Allowing untrusted software to execute
5. Failing to follow existing security policies/procedures and use at-hand technology consistently
6. Permitting open policies for privileged user authority
7. Not engaging in consistent end-user security awareness
8. Failing to leverage logging and to set up traps
9. Permitting Malware beaconing and exfiltration
These are gleaned from real-world scenarios. Look at how the attacks succeeded due in large part to the mistakes made. Also see, from a technical standpoint, how each one of these allowed one or more attacks to actually occur.

Many of these points are in the area of endpoint security. Lumension is sponsoring this event and we will show you briefly how Lumension Endpoint Management and Security Suite can help you efficiently control these risks. Learning from other people’s mistakes is a lot less painful than learning from your own, so don’t miss this real-training-for-free session!

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
492
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Top 9 Mistakes of APT Victims: What They Are and What You Can Do To Prevent Them

  1. 1. Top 9 Mistakes of APT Victims: What They Are and What You Can Do To Prevent Them © 2013 Monterey Technology Group Inc.
  2. 2. Brought to you by www.lumension.comSpeaker  Chris Merritt – Director, Solution Marketing
  3. 3. Preview of Key Points 1. Allowing open attack surfaces without securing configurations 2. Permitting unlocked ports and unfettered device usage 3. Failing to use centralized vulnerability remediation 4. Allowing untrusted software to execute 5. Failing to follow existing security policies/procedures and use at-hand technology consistently 6. Permitting open policies for privileged user authority 7. Not engaging in consistent end-user security awareness 8. Failing to leverage logging and to set up traps 9. Permitting Malware beaconing and exfiltration© 2013 Monterey Technology Group Inc.
  4. 4. Risk Real and Percieved Do you think you could be a target How confident are you that you could detect an APT attack?© 2013 Monterey Technology Group Inc.
  5. 5. 1. Allowing open attack surfaces without securing configurations Examples Automatic proxy detection Leaving auto-update configured to contact MS Unnecessary or out-of-date software© 2013 Monterey Technology Group Inc.
  6. 6. 2. Permitting unlocked ports and unfettered device usage Feds: Infected USB drive idled power plant 3 weeks http://www.usatoday.com/story/tech/2013/01/ 16/usb-drive-infected-with-crimeware-shut- power-plant/1840783/ Two-Thirds of Lost USB Drives Carry Malware http://it.slashdot.org/story/11/12/07/2037223/t wo-thirds-of-lost-usb-drives-carry-malware Malware USB drives handed out a tradeshows© 2013 Monterey Technology Group Inc.
  7. 7. 3. Failing to use centralized vulnerability remediation  There are too many tweaks and security fixes that can’t be made via Group Policy  De-registering unsafe DLLs  Setting the kill bit  Setting up bitlocker  Configuring powershell security  Changing admin password  You can’t  Visit each PC in person and that’s a waste of time anyway  Depend on end-users  You need a way to  run commands, remediation scripts and other fixes on all your PCs automatically  Track the success of remediation steps© 2013 Monterey Technology Group Inc.
  8. 8. 4. Allowing untrusted software to execute This is the single most effective way to stop APTs© 2013 Monterey Technology Group Inc.
  9. 9. 5. Failing to follow existing security policies/procedures and use at-hand technology consistently Adobe allows critical code-signing server to run noncompliant with corporate standards Other examples© 2013 Monterey Technology Group Inc.
  10. 10. 6. Permitting open policies for privileged user authority RSA SecurID incident involved lateral movement resulting in privilege escalation This typically means that a privileged user was logged on interactively on a system where they also read email, browse the web or open document files Best practices and privileged user technologies exist to keep admin level credentials sacrosanct© 2013 Monterey Technology Group Inc.
  11. 11. 7. Not engaging in consistent end-user security awareness RSA SecurID incident occurred when 3 users were sent an infected spreadsheet, it went into their Junk email, and a single user opened it One corporation sent a spear-phishing email to its users It took 3 campaigns before they got the open rate below 20% Lesson Repeated and constant Trackable© 2013 Monterey Technology Group Inc.
  12. 12. 8. Failing to leverage logging and to set up traps Most organizations do not Monitor process start events to discover new EXEs Deploy decoy folders with bait files on production systems and audit access© 2013 Monterey Technology Group Inc.
  13. 13. 9. Permitting Malware beaconing and exfiltration  A EXE file must be installed and permitted to run for an APT to be successful  When activated, most APT-ware must beacon back to command and control servers  At some point data is exfiltrated  It is challenging, but there are techniques for recognizing outbound traffic that could be malware Look for strange packet patterns inconsistent with normal web browsing • Like more data going up than down Look for mysterious domain names like ibiz.3387.org© 2013 Monterey Technology Group Inc.
  14. 14. Bottom Line Most of these are little things But with APTs it only takes one One user One PC One setting or vulnerability that lets the bad guy get established It’s all about Defense-in-depth Doing everything right Not allowing untrusted code to execute© 2013 Monterey Technology Group Inc.
  15. 15. Brought to you by www.lumension.comSpeaker  Chris Merritt – Director, Solution Marketing
  16. 16. Defense-in-Depth Strategy Successful risk mitigation AV starts with a solid vulnerability Control the Bad management foundation, augmented by additional Device Control Control the Flow layered defenses which go beyond the traditional blacklist HD and Media Encryption approach. Control the Data Application Control Control the Gray Patch and Configuration Management Control the Vulnerability Landscape16
  17. 17. Mapping Top Mistakes How Lumension Helps 1. Allowing open attack surfaces without securing Security Configuration Management / configurations Patch and Remediation 2. Permitting unlocked ports and unfettered device Device Control usage 3. Failing to use centralized vulnerability Patch and Remediation remediation 4. Allowing untrusted software to execute Application Control / AntiVirus 5. Failing to follow existing security policies / procedures and to use at-hand technology consistently 6. Permitting open policies for privileged user Application Control authority 7. Not engaging in consistent end-user security awareness 8. Failing to leverage logging and to set up traps 9. Permitting malware beaconing and exfiltration Application Control© 2013 Monterey Technology Group Inc.
  18. 18. More Information• Free Security Scanner Tools • Get a Quote (and more) » Vulnerability Scanner – discover all OS and http://www.lumension.com/endpoint- application vulnerabilities on your network management-security-suite/buy-now.aspx#2 » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx• Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx18
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×