Security TodayComprehensive Security Approachwith KaseyaJason DettbarnSenior Technology Analyst
Security Today - News - AgendaHistorical Security Breaches Los Alamos StuxNetSecurity Breaches Lockheed Martin NYTimes...
Security Today – Tech - AgendaCore Kaseya management & monitoring Agent Check-in Threshold USB Blocking Failed Login At...
4Richard Feynman – Los Alamos
5Richard Feynman – Safe Cracking
6Richard Feynman – Safe Cracking
7Richard Feynman – Safe CrackingPlay in the lock – 18, 19, 20, 21, 22
8Richard Feynman – Safe Cracking(1) Total Combinations Now
9Richard Feynman – Safe Cracking(2) A Typical CombinationMax Time = 12 min & Average = 6 min
10Richard Feynman – Safe Cracking(3) Pre Worked CombinationAverage = 1 - 2 min
11Richard Feynman – Safe Cracking
12The Inflection point – 06-08• 2006 – 200k unique threat identified• 2007 – 15 Million unique threat• Signature DB explod...
13DisclosuresMaintain…
14Botnets• Zombie War• Botherder• Conficker (Kido) was 6 million• TDL-4 botnet of 4 - 4.5 million• Accelerated Discovery o...
15Malware Dragnet Snags Millions ofInfected PCs• Botnet – 35 Million Strong?
16Kaseya Security StackEndpointMonitoring& HardeningAntivirusKaseyaAntivirusKaseyaEndpointSecurityAntiMalwareKaseyaAntiMal...
17Manufacturing…
18Service…
19Healthcare…
20Financial…
21Average…
22Staggering Economics• Cybercriminals earning > $100 Billion/Yr• Sophistication + Organization Increase– Organized Crime–...
23Online Bank Robberies• Clampi Trojan– Targeting English speaking countries– Goal: steal log-in and PW– DB of of 4500 dif...
24Distributed ComputingFolding@Home (Stanford Program)SETI @Home
25True power
26Botnet VirusMillions of dormant blackhat botnetsavailable for purchase
27Stuxnet VirusBreak Into Hardened Nuclear Facilities?
28How Did They Do ItUSB Drives Dropped in Parking Lot(leveraging autorun on the USB)
29How infections occur• “But, if its not broken?…”• Un-Patched Software• Spammed Infections• Legit website that’s been inf...
Security ‘Today’What Changed? Moving to the Cloud, data is not within network walls Distributed workforce More web enab...
Security ‘Today’Spear Phishing- Leveraging Social Media to targetPhishing Emails
Security & Vulnerability AgendaKaseya SpecificCore Kaseya management & monitoring Agent Check-in Threshold USB Blocking...
33Security solutions on endpointsAntivirus Antimalware URL Blocking Local FirewallDeviceblockingApplicationblockingLogfile...
Agent Check-in ThresholdMonitoring -> Alerts -> Agent Check-inSet Max ‘off-the-reservation’ alert
Core Kaseya CapabilitiesUSB Blocking- Activate Agent Procedure for USB Blocking
Failed Login / Locked AccountsEvent Log Monitoring- Set Event Sets (Failure Audit)
App BlockingApplication Blocking- Agent -> Application Blocker
PatchingWindows Patching- Auto Approve, Initial Update, Patch Reports
PatchingKaseya Software Deployment & Update- Auto Deploy & Approve/Update
Kaseya AntiVirusInstall, Profile Management, Scan Scheduling- Active Dexter Malware- Leading Industry A/V- Kaspersky v6.0....
41Kaseya Security StackEndpointMonitoring& HardeningAntivirusKaseyaAntivirusKaseyaEndpointSecurityAntiMalwareKaseyaAntiMal...
Questions?Jason DettbarnSenior Security Analystjason.dettbarn@kaseya.com
Upcoming SlideShare
Loading in …5
×

Kaseya Connect 2013: Security Today – Comprehensive Implementation of Kaseya to Defend Against Threats

681 views

Published on

System and data hacking has become a multi-billion dollar organized business across the globe. In this session recent high-profile attacks will be discussed and Senior Product Specialist, Jason Dettbarn will also project the direction of security vulnerabilities. Kaseya best-practices will be highlighted allowing you to guard against these attacks.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
681
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Was growing at the same rate as computer resources needed for a signature based approachHuristicsBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.7500 X larger in one year.
  • Gordon Moore8000 last year~21 exploits a DAY“the only way to keep up, is to stay ahead” KFBut its not that vulnerabilities disclosures proportionally grew… its that Malware became a business.Exponential growth cycleEvery one vigilant
  • APT are targeted for industry or companiesConficker (Kido) was 6 million 2009AMC’s Wildly successful Walking Dead is a preminition… 17 billion deviced connected to the Internet
  • Sept 19thMicrosoft Corp. made headlines when it scored an unconventional if not unprecedented legal victory: Convincing a U.S. court to let it seize control of a Chinese Internet service provider’s network as part of a crackdown on piracy.computer stores in China were selling PCs equipped with Windows operating system versions that were pre-loaded with the “Nitol” malware, and that these systems were phoning home to subdomains at 3322.org. The software giant subsequently identified thousands of sites at 3322.org that were serving Nitol and hundreds of other malware strains, and convinced a federal court in Virginia to grant it temporary control over portions of the dynamic DNS provider.They seized control over more than 70,000 domains that were closely associated with distributing hundreds of strains of malware. Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home to those 70,000 malicious domains.
  • Espionage, coupe, regime, changewe feed the botnetsHacked, we fund these operations.
  • Discovered in 2009 After 2 years in the wild.100 million in losses in the US aloneAtlanta-based SecureWorks, recently published a paper calling it "one of the largest and most professional thieving operations on the Internet."Targeting companies that interact with banksSand Springs Oklahoma School District. The thieves then submitted a series of bogus payroll payments, totaling more than $150,000, to accomplices they had hired throughout the United States.One tool company in Georgia that lost $435,000A single case handled by the FBI involved 300 incidents, $70 million in losses and 3,000 mules, according to Conroy McNelley. Also hit allot of school systems as well as state and local government
  • When Conficker reached its peak in 2009 = 6 million zombie machinesGigaFlops Floating Point Operations Per Second.Distributed computing on steriodsSecurity through obscurity as ineffective as hiding in the upstairs closet when your house is on fire.
  • Open a bank accountTransfer the $ to somewhere.RSA digital certificate two factor auth – HR highest authority, lowest tech apptitude - email that cost 71 Million dollars
  • Kaseya Connect 2013: Security Today – Comprehensive Implementation of Kaseya to Defend Against Threats

    1. 1. Security TodayComprehensive Security Approachwith KaseyaJason DettbarnSenior Technology Analyst
    2. 2. Security Today - News - AgendaHistorical Security Breaches Los Alamos StuxNetSecurity Breaches Lockheed Martin NYTimes Apple Facebook
    3. 3. Security Today – Tech - AgendaCore Kaseya management & monitoring Agent Check-in Threshold USB Blocking Failed Login Attempts / Locked Accounts App BlockingPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
    4. 4. 4Richard Feynman – Los Alamos
    5. 5. 5Richard Feynman – Safe Cracking
    6. 6. 6Richard Feynman – Safe Cracking
    7. 7. 7Richard Feynman – Safe CrackingPlay in the lock – 18, 19, 20, 21, 22
    8. 8. 8Richard Feynman – Safe Cracking(1) Total Combinations Now
    9. 9. 9Richard Feynman – Safe Cracking(2) A Typical CombinationMax Time = 12 min & Average = 6 min
    10. 10. 10Richard Feynman – Safe Cracking(3) Pre Worked CombinationAverage = 1 - 2 min
    11. 11. 11Richard Feynman – Safe Cracking
    12. 12. 12The Inflection point – 06-08• 2006 – 200k unique threat identified• 2007 – 15 Million unique threat• Signature DB explodes• Cybercrime becomes a Business
    13. 13. 13DisclosuresMaintain…
    14. 14. 14Botnets• Zombie War• Botherder• Conficker (Kido) was 6 million• TDL-4 botnet of 4 - 4.5 million• Accelerated Discovery of Multi yearthreats
    15. 15. 15Malware Dragnet Snags Millions ofInfected PCs• Botnet – 35 Million Strong?
    16. 16. 16Kaseya Security StackEndpointMonitoring& HardeningAntivirusKaseyaAntivirusKaseyaEndpointSecurityAntiMalwareKaseyaAntiMalwareRemediationAgentProceduresMonitoringService Desk& PSAScheduling &ManagementMonitoringPasswordsUSBBlock Processes
    17. 17. 17Manufacturing…
    18. 18. 18Service…
    19. 19. 19Healthcare…
    20. 20. 20Financial…
    21. 21. 21Average…
    22. 22. 22Staggering Economics• Cybercriminals earning > $100 Billion/Yr• Sophistication + Organization Increase– Organized Crime– Infrastructure– Affiliate Programs– Botnets + Malware kits• Who would do that?– Opportunist– Governments– Terror Organization– Hacktivists
    23. 23. 23Online Bank Robberies• Clampi Trojan– Targeting English speaking countries– Goal: steal log-in and PW– DB of of 4500 different financial sites• Wake, capture, sleep, transfer, classify– Years of observation– Learn user activities– Transfer money in lots of under 10K– Recruited money mules– Banks are not responsible for SMB $ Lost
    24. 24. 24Distributed ComputingFolding@Home (Stanford Program)SETI @Home
    25. 25. 25True power
    26. 26. 26Botnet VirusMillions of dormant blackhat botnetsavailable for purchase
    27. 27. 27Stuxnet VirusBreak Into Hardened Nuclear Facilities?
    28. 28. 28How Did They Do ItUSB Drives Dropped in Parking Lot(leveraging autorun on the USB)
    29. 29. 29How infections occur• “But, if its not broken?…”• Un-Patched Software• Spammed Infections• Legit website that’s been infected• Phishing• Trojans• Bots, botnets, botherders– Botherder Command and Control• TDL-4  4.5 million• Mac via Flashfake (700K)• Android botnet discovered 7/2012• USB, MSD• File transfers and Replication systems– Dropbox, LogMeIn
    30. 30. Security ‘Today’What Changed? Moving to the Cloud, data is not within network walls Distributed workforce More web enabled client applications More public individual information on Social NetPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
    31. 31. Security ‘Today’Spear Phishing- Leveraging Social Media to targetPhishing Emails
    32. 32. Security & Vulnerability AgendaKaseya SpecificCore Kaseya management & monitoring Agent Check-in Threshold USB Blocking Failed Login Attempts / Locked Accounts App BlockingPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
    33. 33. 33Security solutions on endpointsAntivirus Antimalware URL Blocking Local FirewallDeviceblockingApplicationblockingLogfileMonitoringRegularSystem AuditsOS PatchingApplicationPatchingRemoteSystemTrackingSystem Wiping
    34. 34. Agent Check-in ThresholdMonitoring -> Alerts -> Agent Check-inSet Max ‘off-the-reservation’ alert
    35. 35. Core Kaseya CapabilitiesUSB Blocking- Activate Agent Procedure for USB Blocking
    36. 36. Failed Login / Locked AccountsEvent Log Monitoring- Set Event Sets (Failure Audit)
    37. 37. App BlockingApplication Blocking- Agent -> Application Blocker
    38. 38. PatchingWindows Patching- Auto Approve, Initial Update, Patch Reports
    39. 39. PatchingKaseya Software Deployment & Update- Auto Deploy & Approve/Update
    40. 40. Kaseya AntiVirusInstall, Profile Management, Scan Scheduling- Active Dexter Malware- Leading Industry A/V- Kaspersky v6.0.4.1424
    41. 41. 41Kaseya Security StackEndpointMonitoring& HardeningAntivirusKaseyaAntivirusKaseyaEndpointSecurityAntiMalwareKaseyaAntiMalwareRemediationAgentProceduresMonitoringService Desk& PSAScheduling &ManagementMonitoringPasswordsUSBBlock Processes
    42. 42. Questions?Jason DettbarnSenior Security Analystjason.dettbarn@kaseya.com

    ×