SlideShare a Scribd company logo

Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava

Download as PPTX, PDF
P
Peter Gubarevich

Application Whitelisting is one of the top Cyber Intrusion Mitigation Strategies. AWL Implementation lowers Cryptolocker and other Ransomware infection possibility to almost zero.

Software
1 of 19
Preventing Malware Infection using Application Whitelisting Presented by Peter Gubarevich MCT, MVP: Enterprise Security CCSI, CEH
Agenda  Application Whitelisting (AWL) Concept  Common AWL Implementation Challenges  Implementing Application Whitelisting in Enterprise  Q&A 2
Ransomware Execution Scenario3 You don’t want to see this in your PC, do you?
Let’s try to open some documents from your USB storage*** 4 *** Can be delivered by any other transport, be it E-mail or Skype
Eventually, you will end up with this5 No, it was not a document. And antivirus has failed to detect this.
Application Whitelisting Concept6 #1 recommendation in NSA IAD’s Top 10 Mitigation Strategies
A surprising number of administrators consider simply installing antivirus software to be enough to provide reliable protection from a malware. Unfortunately, defenses such as antivirus programs are often ineffective because of “blacklisting” technology used. 7
In fact, Blacklisting and Whitelisting are both designed to prevent malware from running Blacklisting  Considers everything is allowed to be launched by default  Only prevents known threats to be launched  Example: Antivirus Software Whitelisting  Considers everything is prevented from launching by default  Only permits launching previously approved software  Example: AppLocker Policies 8
Application Whitelisting Configuration Example  Everything from Windows folder is permitted for launching  Everything from Program Files is permitted for launching  Everything signed by Microsoft or Adobe is permitted for launching  Three Line-Of-Business Application hashes are permitted for launching  Everything else is prohibited 9
What Application Whitelisting really is and what it is not?  It prevents viruses and trojans from being launched from hard disk or USB flash drives, but neither stops you from saving virus to a disk, nor searches for or removes viruses from it;  It prevents viral modules from launching automatically from a user profile, but does not prevent exploiting scripts from within the legitimate software, such as Microsoft Excel;  It prevents exploits from being launched from a disk, but does not stop an attacker from exploiting unpatched flaws in your system;  It prevents unlisted software from running, but does not stop you from manually adding malware to a whitelist;  It prevents unwanted software from being launched by a user, but does not stop him from downloading it. 10
AWL Implementation Challenges Most of them are not technical, though 11
Challenge #1: Cultural Readiness  Management Engagement. The senior leaders must see the value of AWL as a core doctrine, not an additional security restriction;  Many companies do not restrict individuals from installing software. AWL limits who can install programs. Be ready for complaints and requests for exclusions from users;  Many companies do not limit what software can be installed. Not all the software that users find useful or convenient will be allowed. Many of users may want to keep their status quo because of that;  In most cases, AWL represents a cultural shift and new operational realities for IT workforce. AWL requires a particular level of discipline for IT enforced. 12
Challenge #2: Process Readiness  Company is required to maintain a reasonably accurate software inventory, and have a knowledge of specialized applications, network processes and operational requirements;  A standardized application authoring procedure should be established. Then, existing OS image and application distribution framework may get involved;  AWL requires an ability and experience to implement and rollback changes incrementally across the enterprise;  Clear communication mechanisms between users, IT support and AWL project managers must be established. 13
Challenge #3: Technical Readiness  A company must have enough resources to manage project implementation in a timely manner. AWL requires skilled IT Pro workforce availability;  Seamless AWL implementation requires preparation such as reasonably long auditing of currently used applications, especially ones which are rarely executed;  An appropriate AWL methodology must be chosen taking into account supported OSs and application feature requirements;  Additional licensing costs for third-party solutions may be applied. 14
Configuring Application Whitelisting Software Restriction Policies (SRP) in an Active Directory domain 15
16 Demo #1: Configuring SRP Auditing Steps performed:  Configuring SRP Verbose Auditing Policies  Deploying SRP Log Rotation PowerShell Script  Collecting SRP Logs  [Optional] Analyzing SRP Logs using third-party tools
17 Demo #2: Configuring Whitelisting Steps performed:  Configuring SRP Whitelisting Policies  Deploying SRP Event Notification PowerShell Script  Testing Application Whitelisting  [Optional] Testing SRP in a real AWL-Enabled Enterprise
18 Addendum: PowerShell Scripts Download PowerShell Scripts and other files used in this presentation from the following sources:  http://blog.windowsnt.lv or https://srp.windowsnt.lv  peter@optimalsolutions.lv or peter@windowsnt.lv Send AWL-related questions or comments to:
Q&A19

Recommended

Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 ProjectMuhammad Shehata
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 

Recommended

Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 ProjectMuhammad Shehata
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
Windows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and LimitationsWindows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and LimitationsLumension
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsIvanti
 
Can Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successCan Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successSymantec
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security TestingMohamed Ridha CHEBBI, CISSP
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 

More Related Content

What's hot

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
Windows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and LimitationsWindows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and LimitationsLumension
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsIvanti
 
Can Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successCan Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successSymantec
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 

What's hot (20)

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
Windows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and LimitationsWindows 7 AppLocker: Understanding its Capabilities and Limitations
Windows 7 AppLocker: Understanding its Capabilities and Limitations
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
Everything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security ControlsEverything You Need To Know About Ivanti Security Controls
Everything You Need To Know About Ivanti Security Controls
 
Can Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successCan Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster success
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 

Viewers also liked

Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENVladyslav Radetsky
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 

Viewers also liked (9)

Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
DeltaV Virtualization
DeltaV VirtualizationDeltaV Virtualization
DeltaV Virtualization
 

Similar to Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava

Moskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondMoskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondCoreTrace Corporation
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the HackersCheckmarx
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxAardwolf Security
 
APPLICATION WHITELISTING: APPROACHES AND CHALLENGES
APPLICATION WHITELISTING: APPROACHES AND CHALLENGESAPPLICATION WHITELISTING: APPROACHES AND CHALLENGES
APPLICATION WHITELISTING: APPROACHES AND CHALLENGESIJCSEIT Journal
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideLudovic Petit
 
Software engineering-Light presentation
Software engineering-Light presentationSoftware engineering-Light presentation
Software engineering-Light presentationBadr KACIMI
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...owasplondon
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfNathanDjami
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023SofiaCarter4
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the CloudtCell
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxCheckmarx
 

Similar to Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava (20)

Moskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And BeyondMoskowitz Whitepaper Microsoft App Locker And Beyond
Moskowitz Whitepaper Microsoft App Locker And Beyond
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers10 Tips to Keep Your Software a Step Ahead of the Hackers
10 Tips to Keep Your Software a Step Ahead of the Hackers
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
APPLICATION WHITELISTING: APPROACHES AND CHALLENGES
APPLICATION WHITELISTING: APPROACHES AND CHALLENGESAPPLICATION WHITELISTING: APPROACHES AND CHALLENGES
APPLICATION WHITELISTING: APPROACHES AND CHALLENGES
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
 
Security overview 2
Security overview 2Security overview 2
Security overview 2
 
Software engineering-Light presentation
Software engineering-Light presentationSoftware engineering-Light presentation
Software engineering-Light presentation
 
Software Myths
Software MythsSoftware Myths
Software Myths
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...
Decoding Software Composition Analysis (SCA) - Unveiling Pain Points in SCA -...
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 

Recently uploaded

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 

Gubarevich Peter - 11-Feb-2016 - Show IT 2016 @Bratislava

  • 1. Preventing Malware Infection using Application Whitelisting Presented by Peter Gubarevich MCT, MVP: Enterprise Security CCSI, CEH
  • 2. Agenda  Application Whitelisting (AWL) Concept  Common AWL Implementation Challenges  Implementing Application Whitelisting in Enterprise  Q&A 2
  • 3. Ransomware Execution Scenario3 You don’t want to see this in your PC, do you?
  • 4. Let’s try to open some documents from your USB storage*** 4 *** Can be delivered by any other transport, be it E-mail or Skype
  • 5. Eventually, you will end up with this5 No, it was not a document. And antivirus has failed to detect this.
  • 6. Application Whitelisting Concept6 #1 recommendation in NSA IAD’s Top 10 Mitigation Strategies
  • 7. A surprising number of administrators consider simply installing antivirus software to be enough to provide reliable protection from a malware. Unfortunately, defenses such as antivirus programs are often ineffective because of “blacklisting” technology used. 7
  • 8. In fact, Blacklisting and Whitelisting are both designed to prevent malware from running Blacklisting  Considers everything is allowed to be launched by default  Only prevents known threats to be launched  Example: Antivirus Software Whitelisting  Considers everything is prevented from launching by default  Only permits launching previously approved software  Example: AppLocker Policies 8
  • 9. Application Whitelisting Configuration Example  Everything from Windows folder is permitted for launching  Everything from Program Files is permitted for launching  Everything signed by Microsoft or Adobe is permitted for launching  Three Line-Of-Business Application hashes are permitted for launching  Everything else is prohibited 9
  • 10. What Application Whitelisting really is and what it is not?  It prevents viruses and trojans from being launched from hard disk or USB flash drives, but neither stops you from saving virus to a disk, nor searches for or removes viruses from it;  It prevents viral modules from launching automatically from a user profile, but does not prevent exploiting scripts from within the legitimate software, such as Microsoft Excel;  It prevents exploits from being launched from a disk, but does not stop an attacker from exploiting unpatched flaws in your system;  It prevents unlisted software from running, but does not stop you from manually adding malware to a whitelist;  It prevents unwanted software from being launched by a user, but does not stop him from downloading it. 10
  • 11. AWL Implementation Challenges Most of them are not technical, though 11
  • 12. Challenge #1: Cultural Readiness  Management Engagement. The senior leaders must see the value of AWL as a core doctrine, not an additional security restriction;  Many companies do not restrict individuals from installing software. AWL limits who can install programs. Be ready for complaints and requests for exclusions from users;  Many companies do not limit what software can be installed. Not all the software that users find useful or convenient will be allowed. Many of users may want to keep their status quo because of that;  In most cases, AWL represents a cultural shift and new operational realities for IT workforce. AWL requires a particular level of discipline for IT enforced. 12
  • 13. Challenge #2: Process Readiness  Company is required to maintain a reasonably accurate software inventory, and have a knowledge of specialized applications, network processes and operational requirements;  A standardized application authoring procedure should be established. Then, existing OS image and application distribution framework may get involved;  AWL requires an ability and experience to implement and rollback changes incrementally across the enterprise;  Clear communication mechanisms between users, IT support and AWL project managers must be established. 13
  • 14. Challenge #3: Technical Readiness  A company must have enough resources to manage project implementation in a timely manner. AWL requires skilled IT Pro workforce availability;  Seamless AWL implementation requires preparation such as reasonably long auditing of currently used applications, especially ones which are rarely executed;  An appropriate AWL methodology must be chosen taking into account supported OSs and application feature requirements;  Additional licensing costs for third-party solutions may be applied. 14
  • 15. Configuring Application Whitelisting Software Restriction Policies (SRP) in an Active Directory domain 15
  • 16. 16 Demo #1: Configuring SRP Auditing Steps performed:  Configuring SRP Verbose Auditing Policies  Deploying SRP Log Rotation PowerShell Script  Collecting SRP Logs  [Optional] Analyzing SRP Logs using third-party tools
  • 17. 17 Demo #2: Configuring Whitelisting Steps performed:  Configuring SRP Whitelisting Policies  Deploying SRP Event Notification PowerShell Script  Testing Application Whitelisting  [Optional] Testing SRP in a real AWL-Enabled Enterprise
  • 18. 18 Addendum: PowerShell Scripts Download PowerShell Scripts and other files used in this presentation from the following sources:  http://blog.windowsnt.lv or https://srp.windowsnt.lv  peter@optimalsolutions.lv or peter@windowsnt.lv Send AWL-related questions or comments to:
  • 19. Q&A19