APTs: The Role of Third-Party Applications


Published on

Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered. There have been a number of ways today's more willful attackers have been able to breach networks to siphon off data over periods of weeks or months. Download these webcast slides from SC Magazine, as they sit down with an industry expert to discuss how third-party apps of various kinds are proving a workable conduit for them.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

APTs: The Role of Third-Party Applications

  1. 1. APTs:The Role of Third-Party Applications Russ Ernst Group Product Manager, Lumension
  2. 2. APT Attack Vectors
  3. 3. Cybercriminals Focus on 3rdParty Apps 7 out of 10 organizations feel that cyber criminals are shifting their efforts toward third-party apps ¾ of Large Enterprise shifting focus from OS based attacks to 3rd party apps Is this a surprise to you?
  4. 4. Cyber Criminals - Focus on 3rd Party Apps59% of Organizations have morethan 10 Third-Party Apps on aTypical Endpoint How Many Are Considered Mission-Critical? 4% 3% 10% 1 to 5 6 to 10 10 to 15 27% 56% 15 to 20 More than 20
  5. 5. Addressing Patch Lag Time to fix – time between vulnerability is publicly disclosed and when vendor provides remediation Time to patch – time between remediation is available and end user machines are patched
  6. 6. 3rd Party Apps Causing Concern Larger companies use more 3rd party apps than smaller companies Only 1 to 5 of these are critical to their operations Apps that cause the most concern: – Adobe Flash and Acrobat – Office – Java – VMware – Internet Explorer – Skype
  7. 7. Third-Party AppsCausing Concern
  8. 8. Wouldn’t it Be Easier to Abandon3rd Party Apps? Turning off Java sounds easy – Apple regularly does it automatically with no notification – Are you sure you’ve removed all instances of Java? Does eliminating 3rd party apps really solve the problem? – What business processes require 3rd party apps?
  9. 9. Banning Third-Party Apps?
  10. 10. Is Visibility into Third-Party AppsImportant?
  11. 11. What’s the Best Practice toPrevent Unauthorized Apps?
  12. 12. What Can You Do Right Now?Only allow business critical apps on specific PCs toreduce the overall enterprise Threat Envelope 1. Identify if there is a real business or usability need for the application before it is approved for users. 2. Identify assets that do not require apps and uninstall unneeded applications. 3. Ensure that all required apps are patched on an approved schedule. 4. Isolate critical systems that are business process sensitive from the production environment as much as possible.
  13. 13. End Users Are Your Weakest Link Be Aware of What You Share – End User Resource Center http://www.lumension.com/be-aware
  14. 14. Focus On The End Game  The best approach is to use mitigating layered controls and processes on endpoints including: – Application control whitelisting to defend against unknown payloads – Enable native memory security controls in Windows including DEP and ASLR to limit the success of generic memory based attacks – Deploy advanced memory-injection attack protection including RMI and Skape/JT to interrupt advanced memory attacks – Use Device control to block USB-borne malware – Utilize Strong patch management practices – Blacklist outdated plugin versions – Adopt the concept of least privilege for end users
  15. 15. Defense-in-Depth Strategy Successful risk mitigation AV Control the Bad starts with a solid vulnerability management Device Control foundation, augmented by Control the Flow additional layered defenses which go beyond the traditiona blacklist approach. HD and Media Encryption Control the Data Application Control Control the Gray Patch and Configuration Management Control the Vulnerability Landscape 15
  16. 16. More Information• Free Security Scanner Tools • Get a Quote (and more) » Vulnerability Scanner – discover all OS and http://www.lumension.com/endpoint- application vulnerabilities on your network management-security-suite/buy-now.aspx#2 » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/special- offer/premium-security-tools.aspx• Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx 16