SlideShare a Scribd company logo
1 of 28
Download to read offline
Imunify360 Webinar
Jan 11, 2016
Hosting Industry Survey revealed...
13%
19%
25%
28%
37%
45%
48%
49%
53%
61%
67%
DNS Poisoning
Information disclosure
Privilege escalation
XSS attacks and similar
Comment SPAM
Website Defacement
Code/SQL Injections
Brute force attacks
Remote exploit
Malware infection
DoS/DDoS
Over 60% reported customers worry about
security. Top reported issues:
The state of security in
hosting
 Distributed attacks are on the rise
○ Not only DDoS
○ Distributed brute force attacks
○ Distributed port scans
○ Distributed OS & Application
fingerprinting
○ Distributed vulnerability scans
 Existing tools are not capable to
handle
○ Single server
○ Dumb
• No history
• No behavior analytics
• No heuristics
The state of security in
hosting
 Too many sources of incidents
 Too many decisions to make
 No way to correlate
Too many decisions to make
 Centralized dashboard
 Herd protection
 Sandboxing
 Heuristics
 Machine learning
 All that without re-inventing the wheel
Imunify360
 Firewall ‒ Herd immunity
○ Machine learning
○ 17K+ IPs blocked
automatically
○ Large # of honeypots
○ Better immunity with each
additional server
Protection Vectors ‒ Firewall
 Reduce false positive
○ Use captcha to automatically unblock
○ Train AI to reduce false positives...
Firewall ‒ Protection Layers
 OSSEC for IDS
o ML to decrease false positives
IDS
 Very popular
 More features than Imunify360
 Huge expertise
We will integrate it into Imunify360
Best of both words:
 Same herd immunity
 Same captcha / training
 Same CSF flexibility
Firewall ‒ CSF
 Mod_security
○ OWASP
○ Comodo
○ Atomic
 Herd immunity → Feeds into
correlation engine → firewall
○ Machine learning
○ Most attacks will not reach WAF, will be
blocked at firewall
WAF ‒ Protection Layers
 Maldet protection scanning
○ Automated scans
○ On upload scans
• PHP
o Attack IP detection (ext attributes)
• FTP
• SSH
○ Backup integration / automated
recovery of infected files
Malware scanning ‒
Protection Vectors
 Patch management
○ KernelCare
• Kernel
• OpenSSL (soon)
• GLIBC (soon)
○ HardenedPHP
○ Security configuration / RPM
version scans
Patch Management ‒
Protection Layers
 Covered by WAF
 Covered by Softaculous
 Covered by Patchman
 Main issues:
o plugins, not web apps
o 0-day vulnerabilities
Outdated web apps?
Reliance on knowing more than attacker
Limit what webapps can do:
 Today webapps can do whatever unprivileged linux user can do
○ Does wordpress need to be able same things as strange, gcc or name server?
○ Filter/limit syscalls available
○ Filter/limit filesystem operations/access
Protection layer ‒ Sandboxing
Different approach
No 0-day privilege escalations
No turning a web app into a ‘bot’ part of the botnet.
 AV vendors know that signatures
don’t work
 Sandboxing & heuristics used on
desktop for 10+ years
 Not used on web servers
 Huge improvement in server
security
Sandboxing ‒ because
signatures don’t work
 Train ML on ‘good behaviors’
 Automatically detect bad
behaviors
 Lock down after training
Sandboxing Stage II:
heuristics + AI
Prevent majority of injection & defacement attacks
 Train on each site individually
 Re-train on upgrades
○ User managed lock/unlock
 Use client’s IP ‘reputation’ for
good vs bad
 Use ‘banking style’ notifications
(e-mail, sms, phone) for site
owner
Sandboxing Stage II: AI
Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP]
[+more info on the attack]
Was it you?
‘Bad Action’ Notifications
YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
 Is your IP on any of the
blacklists
○ SPAM
○ Botnet
 Is any of hosted domains on
the blacklists:
○ Malware
○ Phishing
○ SPAM
Reputation management
Why is that important?
Configurable
 Use all related info to detect attacks
 Use machine learning to correlate
information
 Use multiple layers to detect, and defend
against the attacker
 Minimize human involvement
○ Minimize decision making
360° defense
Imunify360 Imunify Sensor
Maximum security with sophisticated attack
detection
Basic security with lightweight attack
detection
Centralized Incident Management
dashboard
Firewall Advanced Firewall with herd immunity Standard Firewall
Smart Intrusion Detection System
IDS/IPS
Patch management
Intelligent Web application sandboxing
KernelCare
HardenedPHP
Complete feature comparison at imunify360.com
Imunify360 vs Imunify Sensor
 Dedicated / VPS
 Shared
 cPanel
 DirectAdmin
 Plesk
Good For Web Servers
Goal: zero
configuration, good
for novice, better
than expert...
Pricing
Imunify360
Retail: $35/month
Service Provider: $9/month
Imunify Sensor
Retail: $9/month
Service Provider: $2/month
Resources:
 Imunify360.com
 Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server-
security-comparison
 Survey: https://www.cloudlinux.com/images/content/resources/Hosting-
Industry-Survey-Results-2016.pdf
Questions?

More Related Content

What's hot

Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomwareRaghavendra P.V
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallAlienVault
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthIceQUICK
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...ClearDATACloud
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Bhairave Maulekhi
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicTripwire
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoNetwork Performance Channel GmbH
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SWITCHPOINT NV/SA
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 

What's hot (20)

Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware
Ransomware Ransomware
Ransomware
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Intercept X - Sophos Endpoint
Intercept X - Sophos EndpointIntercept X - Sophos Endpoint
Intercept X - Sophos Endpoint
 
How to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 

Similar to Keeping web servers safe and profitable with Imunify360

Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...
Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...
Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...Openbar
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
 

Similar to Keeping web servers safe and profitable with Imunify360 (20)

Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...
Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...
Openbar Leuven // Top 5 focus areas in cyber security linked to you digital t...
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018Bitglass Webinar - 5 Cloud Security Best Practices for 2018
Bitglass Webinar - 5 Cloud Security Best Practices for 2018
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCry
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Active Testing
Active TestingActive Testing
Active Testing
 

More from CloudLinux

LVE Manager's New UI
LVE Manager's New UILVE Manager's New UI
LVE Manager's New UICloudLinux
 
How lve stats2 works for you and your customers
How lve stats2 works for you and your customersHow lve stats2 works for you and your customers
How lve stats2 works for you and your customersCloudLinux
 
Single tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SSingle tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SCloudLinux
 
How to deploy KuberDock hassle-free
How to deploy KuberDock hassle-freeHow to deploy KuberDock hassle-free
How to deploy KuberDock hassle-freeCloudLinux
 
How to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsHow to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsCloudLinux
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSCloudLinux
 

More from CloudLinux (6)

LVE Manager's New UI
LVE Manager's New UILVE Manager's New UI
LVE Manager's New UI
 
How lve stats2 works for you and your customers
How lve stats2 works for you and your customersHow lve stats2 works for you and your customers
How lve stats2 works for you and your customers
 
Single tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8SSingle tenant software to multi-tenant SaaS using K8S
Single tenant software to multi-tenant SaaS using K8S
 
How to deploy KuberDock hassle-free
How to deploy KuberDock hassle-freeHow to deploy KuberDock hassle-free
How to deploy KuberDock hassle-free
 
How to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsHow to optimize CloudLinux OS limits
How to optimize CloudLinux OS limits
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
 

Recently uploaded

Apache Kafka's Common Pitfalls & Intricacies: A Customer Support Perspective
Apache Kafka's Common Pitfalls & Intricacies: A Customer Support PerspectiveApache Kafka's Common Pitfalls & Intricacies: A Customer Support Perspective
Apache Kafka's Common Pitfalls & Intricacies: A Customer Support PerspectiveHostedbyConfluent
 
Which standard is best for your content?
Which standard is best for your content?Which standard is best for your content?
Which standard is best for your content?Rustici Software
 
Technology Governance & Migration In The AI Era
Technology Governance & Migration In The AI EraTechnology Governance & Migration In The AI Era
Technology Governance & Migration In The AI Era2toLead Limited
 
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdfREFASHIOND
 
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024BookNet Canada
 
Transport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MITransport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MIRomil Mishra
 
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023Joshua Flannery
 
Real-time Customer Impact Calculation on a Telecom Scale Knowledge Graph
Real-time Customer Impact Calculation on a Telecom Scale Knowledge GraphReal-time Customer Impact Calculation on a Telecom Scale Knowledge Graph
Real-time Customer Impact Calculation on a Telecom Scale Knowledge GraphHostedbyConfluent
 
Bridge to the Future: Migrating to KRaft
Bridge to the Future: Migrating to KRaftBridge to the Future: Migrating to KRaft
Bridge to the Future: Migrating to KRaftHostedbyConfluent
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactivestartupro
 
Women in Automation 2024: Technical session - Get your career started in auto...
Women in Automation 2024: Technical session - Get your career started in auto...Women in Automation 2024: Technical session - Get your career started in auto...
Women in Automation 2024: Technical session - Get your career started in auto...DianaGray10
 
Case Study: Implementing a Data Mesh at NORD/LB
Case Study: Implementing a Data Mesh at NORD/LBCase Study: Implementing a Data Mesh at NORD/LB
Case Study: Implementing a Data Mesh at NORD/LBHostedbyConfluent
 
Tecnogravura, Cylinder Engraving for Rotogravure
Tecnogravura, Cylinder Engraving for RotogravureTecnogravura, Cylinder Engraving for Rotogravure
Tecnogravura, Cylinder Engraving for RotogravureAntonio de Llamas
 
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...HostedbyConfluent
 
AsyncAPI v3: What’s New? | Kafka Summit London
AsyncAPI v3: What’s New? | Kafka Summit LondonAsyncAPI v3: What’s New? | Kafka Summit London
AsyncAPI v3: What’s New? | Kafka Summit LondonHostedbyConfluent
 
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...HostedbyConfluent
 
Aggregating Ad Events with Kafka Streams and Interactive Queries at Invidi
Aggregating Ad Events with Kafka Streams and Interactive Queries at InvidiAggregating Ad Events with Kafka Streams and Interactive Queries at Invidi
Aggregating Ad Events with Kafka Streams and Interactive Queries at InvidiHostedbyConfluent
 
Attacking (and Defending) Apache Kafka | Kafka Summit London
Attacking (and Defending) Apache Kafka | Kafka Summit LondonAttacking (and Defending) Apache Kafka | Kafka Summit London
Attacking (and Defending) Apache Kafka | Kafka Summit LondonHostedbyConfluent
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Building a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyBuilding a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyHostedbyConfluent
 

Recently uploaded (20)

Apache Kafka's Common Pitfalls & Intricacies: A Customer Support Perspective
Apache Kafka's Common Pitfalls & Intricacies: A Customer Support PerspectiveApache Kafka's Common Pitfalls & Intricacies: A Customer Support Perspective
Apache Kafka's Common Pitfalls & Intricacies: A Customer Support Perspective
 
Which standard is best for your content?
Which standard is best for your content?Which standard is best for your content?
Which standard is best for your content?
 
Technology Governance & Migration In The AI Era
Technology Governance & Migration In The AI EraTechnology Governance & Migration In The AI Era
Technology Governance & Migration In The AI Era
 
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf
#SCIT 2024 LatAm Delegation Overview + SPONSORSHIP.pdf
 
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024
Green paths: Learning from publishers’ sustainability journeys - Tech Forum 2024
 
Transport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MITransport in Open Pits______SM_MI10415MI
Transport in Open Pits______SM_MI10415MI
 
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
THE STATE OF STARTUP ECOSYSTEM - INDIA x JAPAN 2023
 
Real-time Customer Impact Calculation on a Telecom Scale Knowledge Graph
Real-time Customer Impact Calculation on a Telecom Scale Knowledge GraphReal-time Customer Impact Calculation on a Telecom Scale Knowledge Graph
Real-time Customer Impact Calculation on a Telecom Scale Knowledge Graph
 
Bridge to the Future: Migrating to KRaft
Bridge to the Future: Migrating to KRaftBridge to the Future: Migrating to KRaft
Bridge to the Future: Migrating to KRaft
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactive
 
Women in Automation 2024: Technical session - Get your career started in auto...
Women in Automation 2024: Technical session - Get your career started in auto...Women in Automation 2024: Technical session - Get your career started in auto...
Women in Automation 2024: Technical session - Get your career started in auto...
 
Case Study: Implementing a Data Mesh at NORD/LB
Case Study: Implementing a Data Mesh at NORD/LBCase Study: Implementing a Data Mesh at NORD/LB
Case Study: Implementing a Data Mesh at NORD/LB
 
Tecnogravura, Cylinder Engraving for Rotogravure
Tecnogravura, Cylinder Engraving for RotogravureTecnogravura, Cylinder Engraving for Rotogravure
Tecnogravura, Cylinder Engraving for Rotogravure
 
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...
Mastering Kafka Consumer Distribution: A Guide to Efficient Scaling and Resou...
 
AsyncAPI v3: What’s New? | Kafka Summit London
AsyncAPI v3: What’s New? | Kafka Summit LondonAsyncAPI v3: What’s New? | Kafka Summit London
AsyncAPI v3: What’s New? | Kafka Summit London
 
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...
The Streaming Data Lake - What Do KIP-405 and KIP-833 Mean for Your Larger Da...
 
Aggregating Ad Events with Kafka Streams and Interactive Queries at Invidi
Aggregating Ad Events with Kafka Streams and Interactive Queries at InvidiAggregating Ad Events with Kafka Streams and Interactive Queries at Invidi
Aggregating Ad Events with Kafka Streams and Interactive Queries at Invidi
 
Attacking (and Defending) Apache Kafka | Kafka Summit London
Attacking (and Defending) Apache Kafka | Kafka Summit LondonAttacking (and Defending) Apache Kafka | Kafka Summit London
Attacking (and Defending) Apache Kafka | Kafka Summit London
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Building a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyBuilding a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And Why
 

Keeping web servers safe and profitable with Imunify360

  • 2. Hosting Industry Survey revealed... 13% 19% 25% 28% 37% 45% 48% 49% 53% 61% 67% DNS Poisoning Information disclosure Privilege escalation XSS attacks and similar Comment SPAM Website Defacement Code/SQL Injections Brute force attacks Remote exploit Malware infection DoS/DDoS Over 60% reported customers worry about security. Top reported issues:
  • 3. The state of security in hosting  Distributed attacks are on the rise ○ Not only DDoS ○ Distributed brute force attacks ○ Distributed port scans ○ Distributed OS & Application fingerprinting ○ Distributed vulnerability scans
  • 4.  Existing tools are not capable to handle ○ Single server ○ Dumb • No history • No behavior analytics • No heuristics The state of security in hosting
  • 5.  Too many sources of incidents  Too many decisions to make  No way to correlate Too many decisions to make
  • 6.  Centralized dashboard  Herd protection  Sandboxing  Heuristics  Machine learning  All that without re-inventing the wheel Imunify360
  • 7.  Firewall ‒ Herd immunity ○ Machine learning ○ 17K+ IPs blocked automatically ○ Large # of honeypots ○ Better immunity with each additional server Protection Vectors ‒ Firewall
  • 8.  Reduce false positive ○ Use captcha to automatically unblock ○ Train AI to reduce false positives... Firewall ‒ Protection Layers
  • 9.  OSSEC for IDS o ML to decrease false positives IDS
  • 10.  Very popular  More features than Imunify360  Huge expertise We will integrate it into Imunify360 Best of both words:  Same herd immunity  Same captcha / training  Same CSF flexibility Firewall ‒ CSF
  • 11.  Mod_security ○ OWASP ○ Comodo ○ Atomic  Herd immunity → Feeds into correlation engine → firewall ○ Machine learning ○ Most attacks will not reach WAF, will be blocked at firewall WAF ‒ Protection Layers
  • 12.  Maldet protection scanning ○ Automated scans ○ On upload scans • PHP o Attack IP detection (ext attributes) • FTP • SSH ○ Backup integration / automated recovery of infected files Malware scanning ‒ Protection Vectors
  • 13.  Patch management ○ KernelCare • Kernel • OpenSSL (soon) • GLIBC (soon) ○ HardenedPHP ○ Security configuration / RPM version scans Patch Management ‒ Protection Layers
  • 14.  Covered by WAF  Covered by Softaculous  Covered by Patchman  Main issues: o plugins, not web apps o 0-day vulnerabilities Outdated web apps? Reliance on knowing more than attacker
  • 15. Limit what webapps can do:  Today webapps can do whatever unprivileged linux user can do ○ Does wordpress need to be able same things as strange, gcc or name server? ○ Filter/limit syscalls available ○ Filter/limit filesystem operations/access Protection layer ‒ Sandboxing Different approach No 0-day privilege escalations No turning a web app into a ‘bot’ part of the botnet.
  • 16.  AV vendors know that signatures don’t work  Sandboxing & heuristics used on desktop for 10+ years  Not used on web servers  Huge improvement in server security Sandboxing ‒ because signatures don’t work
  • 17.  Train ML on ‘good behaviors’  Automatically detect bad behaviors  Lock down after training Sandboxing Stage II: heuristics + AI Prevent majority of injection & defacement attacks
  • 18.  Train on each site individually  Re-train on upgrades ○ User managed lock/unlock  Use client’s IP ‘reputation’ for good vs bad  Use ‘banking style’ notifications (e-mail, sms, phone) for site owner Sandboxing Stage II: AI
  • 19. Possible attack against yoursite.com detected We have detected possible attack against yoursite.com Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP] [+more info on the attack] Was it you? ‘Bad Action’ Notifications YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
  • 20.  Is your IP on any of the blacklists ○ SPAM ○ Botnet  Is any of hosted domains on the blacklists: ○ Malware ○ Phishing ○ SPAM Reputation management
  • 21. Why is that important?
  • 23.  Use all related info to detect attacks  Use machine learning to correlate information  Use multiple layers to detect, and defend against the attacker  Minimize human involvement ○ Minimize decision making 360° defense
  • 24. Imunify360 Imunify Sensor Maximum security with sophisticated attack detection Basic security with lightweight attack detection Centralized Incident Management dashboard Firewall Advanced Firewall with herd immunity Standard Firewall Smart Intrusion Detection System IDS/IPS Patch management Intelligent Web application sandboxing KernelCare HardenedPHP Complete feature comparison at imunify360.com Imunify360 vs Imunify Sensor
  • 25.  Dedicated / VPS  Shared  cPanel  DirectAdmin  Plesk Good For Web Servers Goal: zero configuration, good for novice, better than expert...
  • 26. Pricing Imunify360 Retail: $35/month Service Provider: $9/month Imunify Sensor Retail: $9/month Service Provider: $2/month
  • 27.
  • 28. Resources:  Imunify360.com  Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server- security-comparison  Survey: https://www.cloudlinux.com/images/content/resources/Hosting- Industry-Survey-Results-2016.pdf Questions?