Endpoint and Server: The belt and braces anti-malware strategy
Upcoming SlideShare
Loading in...5
×
 

Endpoint and Server: The belt and braces anti-malware strategy

on

  • 68 views

Slides prepared for the Federal IT expo: FOSE. Should help employees and managers understand why anti-malware protection is needed at all endpoints and on all serves.

Slides prepared for the Federal IT expo: FOSE. Should help employees and managers understand why anti-malware protection is needed at all endpoints and on all serves.

Statistics

Views

Total Views
68
Views on SlideShare
67
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Endpoint and Server: The belt and braces anti-malware strategy Endpoint and Server: The belt and braces anti-malware strategy Presentation Transcript

    • Belt & Braces, Server & Endpoint: Why you need multiple levels of malware protection Stephen Cobb, CISSP Senior Security Researcher, ESET NA
    • Today’s agenda
    • Today’s agenda • Full spectrum malware defense
    • Endpoints under attack • Malware threat shows no signs of retreating • Attacks come from – Cyber criminals – Hacktivists – Non-state actors – Nation states
    • Attacks from servers, mobile devices • We now see large-scale server-based attacks • In one operation: 1000s of servers taken over • Used to attack 100s of 1000s of endpoints – Desktops, laptops, mobile devices • Clearly we need to protect against malware at all levels, across all surfaces
    • 2014 State of Endpoint Risk • Are security threats created by vulnerabilities to endpoint more difficult to stop/mitigate: 71% • Have you seen a major increase in malware incidents targeting your endpoints: 41% • Have your mobile endpoints been the target of malware in the last 12 months: 68% 2014 State of Endpoint Risk, Ponemon Institute
    • April 2014 GAO report • Information Security – Federal Agencies Need to Enhance Responses to Data Breaches • (GAO-14-487T) • A lot of work still to be done, across numerous agencies – Improve security – Improve breach response
    • 29,999 41,776 42,854 48,562 61,214 2009 2010 2011 2012 2013 The scale of the problem • Information security incidents reported to US-CERT by all federal agencies, 2009 – 2013 • GAO-14-487T • Number of incidents way up – More data to defend? – Improved reporting?
    • Exposure of PII is growing • More incidents involving Personally Identifiable Information • Why? – Thriving black market for PII • Impact – Serious costs/stress for victims – Growing public displeasure – Target CIO and CEO 10,481 13,028 15,584 22,156 25,566 2009 2010 2011 2012 2013
    • A federal PII breach example • July 2013, hackers get PII of 104,000+ people – From a DOE system • Social Security numbers, birth dates and locations, bank account numbers – Plus security questions and answers • DOE Inspector General: cost = $3.7 million – Assisting affected individuals and lost productivity
    • What happens to the stolen data? • Sold to criminal enterprises – For identity theft, raiding bank accounts, buying luxury goods, laundering money • Lucrative scams like tax identity fraud
    • The market for stolen data has matured
    • All driven by proven business strategies
    • Market forces in malware strategy • Dirty deeds that pay well: – Click fraud – DDoS – Spam – Infection
    • Malware profitability requires: • Devices that are always on, on good bandwidth • Was: desktop-based botnets • Now: server-based, website, VPS, etc. • With mobile devices on the rise
    • Example: Operation Windigo • 25,000+ servers compromised in last 2 years • About 10,000 still infected • 35 million spam messages per day • 500,000 web redirects per day • Currently installing • Click fraud malware • Spam sending malware
    • • Evolving since 2011 as modular multi-OS design • Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (Cygwin), Linux, including Linux on ARM • Stealthy, with strong use of cryptography • Halts operation to avoid detection • Maximizes resources by varying activity Complex malware infrastructure
    • Structure • Bad guys install on root-level compromised hosts: – By replacing SSH related binaries (ssh, sshd, ssh-add, etc.) – Or via a shared library used by SSH (libkeyutils) • Servers used to: – Serve malware, redirect traffic to infected hosts – Act as domain servers for malicious sites • Infecting web users through drive-by downloads • Redirect web traffic to advertisement networks
    • The need for belt and braces is clear • Endpoint – Scanning all incoming files, as they enter – From email, websites, removable media • Server – Email, File, Sharepoint, Gateway • Mobile – Antivirus, remote lock, and wipe
    • Belt, braces, encryption, authentication
    • Preferably: One interface to manage them all
    • Don’t neglect the real end point
    • Resources to tap • Industry associations • CompTIA • ISSA, SANS, (ISC)2 • Booth number 826 • My talk tomorrow • Websites
    • Thank you! • Stephen Cobb • Stephen.cobb@eset.com • We Live Security • www.welivesecurity.com • Webinars • www.brighttalk.com/channel/1718 • Booth number 826