Imunify360 is the next-generation Linux Web server security solution. It uses herd immunity and the 6-layer approach providing total protection against attacks.
2. Hosting Industry Survey revealed...
13%
19%
25%
28%
37%
45%
48%
49%
53%
61%
67%
DNS Poisoning
Information disclosure
Privilege escalation
XSS attacks and similar
Comment SPAM
Website Defacement
Code/SQL Injections
Brute force attacks
Remote exploit
Malware infection
DoS/DDoS
Over 60% reported customers worry about
security. Top reported issues:
3. The state of security in
hosting
Distributed attacks are on the rise
○ Not only DDoS
○ Distributed brute force attacks
○ Distributed port scans
○ Distributed OS & Application
fingerprinting
○ Distributed vulnerability scans
4. Existing tools are not capable to
handle
○ Single server
○ Dumb
• No history
• No behavior analytics
• No heuristics
The state of security in
hosting
5. Too many sources of incidents
Too many decisions to make
No way to correlate
Too many decisions to make
6. Centralized dashboard
Herd protection
Sandboxing
Heuristics
Machine learning
All that without re-inventing the wheel
Imunify360
7. Firewall ‒ Herd immunity
○ Machine learning
○ 17K+ IPs blocked
automatically
○ Large # of honeypots
○ Better immunity with each
additional server
Protection Vectors ‒ Firewall
8. Reduce false positive
○ Use captcha to automatically unblock
○ Train AI to reduce false positives...
Firewall ‒ Protection Layers
9. OSSEC for IDS
o ML to decrease false positives
IDS
10. Very popular
More features than Imunify360
Huge expertise
We will integrate it into Imunify360
Best of both words:
Same herd immunity
Same captcha / training
Same CSF flexibility
Firewall ‒ CSF
11. Mod_security
○ OWASP
○ Comodo
○ Atomic
Herd immunity → Feeds into
correlation engine → firewall
○ Machine learning
○ Most attacks will not reach WAF, will be
blocked at firewall
WAF ‒ Protection Layers
12. Maldet protection scanning
○ Automated scans
○ On upload scans
• PHP
o Attack IP detection (ext attributes)
• FTP
• SSH
○ Backup integration / automated
recovery of infected files
Malware scanning ‒
Protection Vectors
14. Covered by WAF
Covered by Softaculous
Covered by Patchman
Main issues:
o plugins, not web apps
o 0-day vulnerabilities
Outdated web apps?
Reliance on knowing more than attacker
15. Limit what webapps can do:
Today webapps can do whatever unprivileged linux user can do
○ Does wordpress need to be able same things as strange, gcc or name server?
○ Filter/limit syscalls available
○ Filter/limit filesystem operations/access
Protection layer ‒ Sandboxing
Different approach
No 0-day privilege escalations
No turning a web app into a ‘bot’ part of the botnet.
16. AV vendors know that signatures
don’t work
Sandboxing & heuristics used on
desktop for 10+ years
Not used on web servers
Huge improvement in server
security
Sandboxing ‒ because
signatures don’t work
17. Train ML on ‘good behaviors’
Automatically detect bad
behaviors
Lock down after training
Sandboxing Stage II:
heuristics + AI
Prevent majority of injection & defacement attacks
18. Train on each site individually
Re-train on upgrades
○ User managed lock/unlock
Use client’s IP ‘reputation’ for
good vs bad
Use ‘banking style’ notifications
(e-mail, sms, phone) for site
owner
Sandboxing Stage II: AI
19. Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP]
[+more info on the attack]
Was it you?
‘Bad Action’ Notifications
YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
20. Is your IP on any of the
blacklists
○ SPAM
○ Botnet
Is any of hosted domains on
the blacklists:
○ Malware
○ Phishing
○ SPAM
Reputation management
23. Use all related info to detect attacks
Use machine learning to correlate
information
Use multiple layers to detect, and defend
against the attacker
Minimize human involvement
○ Minimize decision making
360° defense
24. Imunify360 Imunify Sensor
Maximum security with sophisticated attack
detection
Basic security with lightweight attack
detection
Centralized Incident Management
dashboard
Firewall Advanced Firewall with herd immunity Standard Firewall
Smart Intrusion Detection System
IDS/IPS
Patch management
Intelligent Web application sandboxing
KernelCare
HardenedPHP
Complete feature comparison at imunify360.com
Imunify360 vs Imunify Sensor
25. Dedicated / VPS
Shared
cPanel
DirectAdmin
Plesk
Good For Web Servers
Goal: zero
configuration, good
for novice, better
than expert...