SlideShare a Scribd company logo

Zscaler ThreatLabz dissects the latest SSL security attacks

Zscaler
Zscaler

The occurrence of SSL-based threats are continuing to rise. Hackers are getting more and more creative in how they deliver threats, which creates new inspection challenges. Attend this webcast to discuss the latest attack trends, and best practices you can employ within your Zscaler installation to bolster your security.

Software
1 of 24
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 Zscaler ThreatLabz dissects the latest SSL security attacks WEBCASTS Steve Grossenbacher Sr. Product Marketing Manager | Zscaler sgrossenbacher@Zscaler.com Deepen Desai Sr. Director Security Research & Operations | Zscaler ddesai@zscaler.com
©2017 Zscaler, Inc. All rights reserved.2 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2017 Zscaler, Inc. All rights reserved. Ask your question here…
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3 Zscaler: The Market Leader in Cloud Security Enterprise Customers 2,800 CUSTOMERS Over 200 of the Fortune Global 2000 Global Partners 100 Data centers 40B Daily requests 185 Countries served Cloud Scale The Pioneer in Cloud Security Mature Global Cloud Operations
©2017 Zscaler, Inc. All rights reserved.4 The Rise of the SSL Attack Ironically, increased use of SSL in attempt to make our online lives more secure can create ‘blind spots’ that can actually reduce security… NSS Labs “ ” 70% of all enterprise web traffic over Zscaler is encrypted 70% 54% of the threats Zscaler blocks are hidden inside SSL Traffic 54%
©2017 Zscaler, Inc. All rights reserved.5 • Web properties are quickly adopting SSL by default to stem privacy concerns • SSL is great for privacy, but a challenge for content inspection, whether for enterprise or national security • SSL inspection can cause significant performance degradation on security appliances • Implementing SSL inspection will raise privacy/regulatory concerns, but compromise must be achieved 70% …of all web traffic on Zscaler Cloud is SSL encrypted 66.5% …of all pages loaded on Firefox were using HTTPS 54% …of APT’s use SSL encryption 25% … of Zscaler customers block unscannable files 32% … of Zscaler customers block password protected files ©2017 Zscaler, Inc. All rights reserved. Threats Hiding Deep in Encrypted Communications
• Over 800,000 blocks each day that use SSL. • Primary SSL Attack Types • Malvertising, Exploit Kits • Malware/Adware distribution • Botnet Callbacks • Upward trend expected to continue • 200,000 more blocks per day on average in last 6 months than first half of 2017 An In Depth Threat Study from the World’s Largest Security Cloud Current Malicious SSL Activity Trends 6 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud SSL Trends Figure 1. Total SSL blocks, June 2017 – November 2017
Zscaler Cloud Threat Intelligence - Phishing 7 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud Security Trends • Phishing page hosted on legitimate domain that has been compromised • More legitimate sites support SSL • Newly registered cyber squatted domains to imitate legitimate brands • nnicrosoftoffice.com [real attack] • xn--80ak6aa92e.com [POC] • A 300% increase in Phishing content delivered over SSL compared to 2016
©2017 Zscaler, Inc. All rights reserved.8 SSL/TLS threats case study - Phishing
Zscaler Cloud Threat Intelligence - Malware Zscaler Security Cloud Security Trends • Ransomware epidemic • Global outbreaks – WannaCry, Petya, BadRabbit • Locky, Jaff, PornDroid • Android Mobile Malware • Google Play Store • Banking Trojans, Ransomware
Zscaler Cloud Threat Intelligence – Sandbox & Botnet Callbacks 10 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud Security Trends • Patient-0 payloads seen in Cloud Sandbox • Malicious documents, APKs, executables.. • Many payloads delivered over SSL from Box, Dropbox, AWS, Google.. • Zbot, njRAT (H-Worm), Dridex/Emotet callbacks remains at the top in recent months.
• Distribution of new unique malicious payloads seen in Zscaler Cloud Sandbox leveraging SSL/TLS for C&C activity Taking callbacks to a new level Zscaler Cloud Threat Intelligence – Sandbox SSL/TLS threats • 60 percent were comprised of multiple Banking Trojan families (Dridex/Emotet, Trickbot, Zbot etc.) • 25 percent were comprised of ransomware families • 12 percent were comprised of Infostealer Trojan families (Fareit, Papras, etc.) SSL Blacklist (sslbl.abuse.ch)
©2017 Zscaler, Inc. All rights reserved.12 SSL use in Browser Exploit and Payload Delivery • Using SSL enabled Advertising networks • Used for injecting malicious scripts into legitimate websites • Abuse of free SSL providers: • Leveraging free certificates for enabling HTTPS support in their malicious domains • Bypasses SLL integrity checks in web browser Hiding in the Infection Chain Distribution by Certificate Authorities
©2017 Zscaler, Inc. All rights reserved.13 SSL Certificates and Validity Period • DV vs. OV vs. EV Certificates • Distribution of certificates involved in security blocks by verification method Hiding in the Infection Chain Validity Period Distribution • Majority of the certificates had a shorter validity period (<= 3 months) • Usually free certs
©2017 Zscaler, Inc. All rights reserved.14 SSL/TLS threats case study – Malicious Chrome extension • Delphi based Banking Trojan • Downloads and installs malicious Chrome extension • Capable of setting proxy and stealing/relaying cookies/credentials related to banking sites • Disables Google Chrome’s security warning
©2017 Zscaler, Inc. All rights reserved.15 ©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. Commercial Keylogger Trojan Live Infection Demo
©2017 Zscaler, Inc. All rights reserved.16 Security Best Practices • 70% of total traffic is SSL/TLS encrypted – Zscaler Cloud Insight • DV certificates with shorter duration are most abused SSL certs • SSL/TLS encrypted attacks are not just limited to APT campaigns • Multi-layered defense-in-depth strategy is key • SSL/TLS inspection for all secure web transactions is essential
Objectives Ransom ExfiltratePropagate .Exe, Archive or Embedded Script How Files and Websites Spread Malware Infection StageHunting Stage Malware .EXE delivers final payload. Enables final hacking objectives. Enables command and control. 4 User browses trusted web page with compromised content 1 Hackers web servers deliver initial file and keeps exploit server hidden 2 Exploit Server Creates new malware samples on demand to bypass signature detection 3 iFrame redirect Exploit & Call home
Web content scanning, Risk based analysis, App Control Browser Control Risk Based Scoring File, User, Group and QoS Control, Signature-based AV and IPS Inline Content Control Complete Packet ByteScan Malicious Hosts, Sites, Botnets Phishing, GEO, Protocol & ACLs Destination Based Blocking Dynamic & Behavioral Analysis of User ContentSandboxing Breaking the kill chain with Zscaler Recon and Creation Survey defenses Planning attack Create Payload Delivery Via trusted/untrusted sites and web content Exploitation Payload exploits unpatched vulnerability Installation Installing malware onto asset Command & Control (C2) Remote Control. Additional malware downloads Action on Objectives Lateral movement, data exfiltration, disruption, etc. DNS Security Botnet and Callback Detection DLP Security Full SSL Inspection Full SSL Inspection Find and stop more malicious threats
Zscaler - Purpose Built, Global Security Cloud 19©2017 Zscaler, Inc. All rights reserved Los Angeles Dallas Denver Toronto New York Washington DC Atlanta Miami Paris Sao Paulo Johannesburg London Amsterdam Brussels Frankfurt Stockholm Moscow Mumbai Singapore Sydney Hong Kong Tokyo Madrid TaipeiDubai Riyadh Kuala Lumpur Cape Town San Francisco Chicago Lagos Tel Aviv Milan Copenhagen Melbourne Zurich Chennai Tianjin Doha Abu Dhabi Jeddah Al Khobar Warsaw Seattle Oslo Shanghai 40B+ Requests processed/day 100M+ Threats blocked/day 120K+ Unique security updates/day 100 data centers across 5 continents Internet Peering across 150 Vendors O365 Peering Data Center Secure Ongoing third- party testing CertifiedReliable Redundancy within and failover across DCs Transparent Trust portal for service availability monitoring
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20 Direct to Internet Block the bad, protect the good The best approach for SD-WAN and Office 365 Zscaler Internet Access – Fast, secure access to the Internet and SaaS Data Center APPSMPLS HQMOBILE BRANCHIOT Your security stack as a service Data Loss Prevention Cloud Apps (CASB) File Type Controls Data Protection Cloud Firewall URL Filtering Bandwidth Control DNS Filtering Access Control Adv. Protection Cloud Sandbox Anti-Virus DNS Security Threat PreventionReal-time policy engine Polices follow the user Changes are immediately enforced, worldwide Business analytics Global visibility into apps and threats blocked Identify botnet infected machines for remediation Real-time policy and analytics SaaS Open Internet
©2017 Zscaler, Inc. All rights reserved. Traditional Sandboxes vs Zscaler Cloud Sandbox Better Protection, Scalability and Intelligence HQBranchMobile Unlimited Capacity with full SSL inspection HQ Branch Mobile Sandbox Alert Limited Capacity with no SSL inspection ? ? Easily scale across all users/locations Inline architecture holds file until clean Cloud effect shares blocks to all customers Zscaler Cloud Sandbox Users off network go unprotected Sandbox allows files to pass and infect Threat data is often localized and not shared Traditional Sandbox
©2017 Zscaler, Inc. All rights reserved. Case Study: A Transition to Better User Security After full deployment Zscaler caught more threats and eliminated the need for FireEye US Healthcare Provider with 8100 users Zscaler deployment with Cloud Sandbox and SSL Inspection 28 11 8 18 11 7 8 6 3 1 5 12 39 73 60 87 180 202 291 181 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 1 10 100 1000 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Zscaler 100% Deployed FireEye DetectionsZscaler Deployment Zscaler Blocks Advanced Threats Found During Deployment
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION23 A three-step journey to secure IT transformation (BROADBAND) Enable secure SD-WAN / local Internet breakouts – optimize backhaul Deliver a better and more secure user experience TRANSFORM Cloud-enable your network SIMPLIFY Remove point products Phase out gateway appliances at your own pace Reduce cost and management overhead SECURE Up-level your security Make Zscaler your next hop to the Internet Fast to deploy No infrastructure changes required
©2017 Zscaler, Inc. All rights reserved.24 Thank You! Questions and Next Steps 24 ©2017 Zscaler, Inc. All rights reserved. Deepen Desai Sr Director, Security Research & Operations @ddesai_av ddesai@zscaler.com Learn more about Zscaler Cloud Sandboxing Zero-Day Best Practices zscaler.com/resources Zscaler ThreatLabZ Research Blog blog.zscaler.com On Demand Webcasts Secure remote access without the pitfalls of VPN’s zscaler.com/company/webcasts Steve Grossenbacher Sr. Product Marketing Manger @grossenbacher_1 sgrossenbacher@zscaler.com Cloud Sandbox Solution Brief zscaler.com/sandbox How I survived my Office 365 deployment Tuesday, December 19th, 2017 | Americas - 10:00 am PST

Recommended

SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 

Recommended

SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Techowl- Wazuh.pdf
Techowl- Wazuh.pdfTechowl- Wazuh.pdf
Techowl- Wazuh.pdf
AbhishekChaudhary518667
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
Splunk
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
Zscaler
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
MITRE ATT&CK
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
Zscaler
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
Zscaler
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 

More Related Content

What's hot

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
MITRE ATT&CK
 

What's hot (20)

Techowl- Wazuh.pdf
Techowl- Wazuh.pdfTechowl- Wazuh.pdf
Techowl- Wazuh.pdf
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 

Similar to Zscaler ThreatLabz dissects the latest SSL security attacks

Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
NGINX, Inc.
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 

Similar to Zscaler ThreatLabz dissects the latest SSL security attacks (20)

Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Moving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospitalMoving from appliances to cloud security with phoenix children's hospital
Moving from appliances to cloud security with phoenix children's hospital
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
Unified threat management 4 july 17
Unified threat management 4 july 17Unified threat management 4 july 17
Unified threat management 4 july 17
 
Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17Unified threat management cisco 21 jun 17
Unified threat management cisco 21 jun 17
 
Cisco security 27 jun 17
Cisco security 27 jun 17Cisco security 27 jun 17
Cisco security 27 jun 17
 
Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17Unified threat management cisco 1 july 17
Unified threat management cisco 1 july 17
 
Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17Unified threat management cisco 5 july 17
Unified threat management cisco 5 july 17
 
Cisco security3 july17
Cisco security3 july17Cisco security3 july17
Cisco security3 july17
 
Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17Unified threat management cisco 25 july 17
Unified threat management cisco 25 july 17
 

More from Zscaler

The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
Zscaler
 

More from Zscaler (20)

Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
Three ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-chThree ways-zero-trust-security-redefines-partner-access-ch
Three ways-zero-trust-security-redefines-partner-access-ch
 
Office 365 kelly services
Office 365 kelly servicesOffice 365 kelly services
Office 365 kelly services
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Schneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copySchneider electric powers security transformation with one simple app copy
Schneider electric powers security transformation with one simple app copy
 
Top 5 mistakes deploying o365
Top 5 mistakes deploying o365Top 5 mistakes deploying o365
Top 5 mistakes deploying o365
 
Three Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the CloudThree Key Steps for Moving Your Branches to the Cloud
Three Key Steps for Moving Your Branches to the Cloud
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
O365 quick with fast user experience
O365 quick with fast user experienceO365 quick with fast user experience
O365 quick with fast user experience
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Migration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
 
Office 365 deployment
Office 365 deploymentOffice 365 deployment
Office 365 deployment
 
The secure, direct to-internet branch
The secure, direct to-internet branchThe secure, direct to-internet branch
The secure, direct to-internet branch
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 

Recently uploaded

The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Recently uploaded (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 

Zscaler ThreatLabz dissects the latest SSL security attacks

  • 1. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 Zscaler ThreatLabz dissects the latest SSL security attacks WEBCASTS Steve Grossenbacher Sr. Product Marketing Manager | Zscaler sgrossenbacher@Zscaler.com Deepen Desai Sr. Director Security Research & Operations | Zscaler ddesai@zscaler.com
  • 2. ©2017 Zscaler, Inc. All rights reserved.2 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2017 Zscaler, Inc. All rights reserved. Ask your question here…
  • 3. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION3 Zscaler: The Market Leader in Cloud Security Enterprise Customers 2,800 CUSTOMERS Over 200 of the Fortune Global 2000 Global Partners 100 Data centers 40B Daily requests 185 Countries served Cloud Scale The Pioneer in Cloud Security Mature Global Cloud Operations
  • 4. ©2017 Zscaler, Inc. All rights reserved.4 The Rise of the SSL Attack Ironically, increased use of SSL in attempt to make our online lives more secure can create ‘blind spots’ that can actually reduce security… NSS Labs “ ” 70% of all enterprise web traffic over Zscaler is encrypted 70% 54% of the threats Zscaler blocks are hidden inside SSL Traffic 54%
  • 5. ©2017 Zscaler, Inc. All rights reserved.5 • Web properties are quickly adopting SSL by default to stem privacy concerns • SSL is great for privacy, but a challenge for content inspection, whether for enterprise or national security • SSL inspection can cause significant performance degradation on security appliances • Implementing SSL inspection will raise privacy/regulatory concerns, but compromise must be achieved 70% …of all web traffic on Zscaler Cloud is SSL encrypted 66.5% …of all pages loaded on Firefox were using HTTPS 54% …of APT’s use SSL encryption 25% … of Zscaler customers block unscannable files 32% … of Zscaler customers block password protected files ©2017 Zscaler, Inc. All rights reserved. Threats Hiding Deep in Encrypted Communications
  • 6. • Over 800,000 blocks each day that use SSL. • Primary SSL Attack Types • Malvertising, Exploit Kits • Malware/Adware distribution • Botnet Callbacks • Upward trend expected to continue • 200,000 more blocks per day on average in last 6 months than first half of 2017 An In Depth Threat Study from the World’s Largest Security Cloud Current Malicious SSL Activity Trends 6 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud SSL Trends Figure 1. Total SSL blocks, June 2017 – November 2017
  • 7. Zscaler Cloud Threat Intelligence - Phishing 7 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud Security Trends • Phishing page hosted on legitimate domain that has been compromised • More legitimate sites support SSL • Newly registered cyber squatted domains to imitate legitimate brands • nnicrosoftoffice.com [real attack] • xn--80ak6aa92e.com [POC] • A 300% increase in Phishing content delivered over SSL compared to 2016
  • 8. ©2017 Zscaler, Inc. All rights reserved.8 SSL/TLS threats case study - Phishing
  • 9. Zscaler Cloud Threat Intelligence - Malware Zscaler Security Cloud Security Trends • Ransomware epidemic • Global outbreaks – WannaCry, Petya, BadRabbit • Locky, Jaff, PornDroid • Android Mobile Malware • Google Play Store • Banking Trojans, Ransomware
  • 10. Zscaler Cloud Threat Intelligence – Sandbox & Botnet Callbacks 10 ©2017 Zscaler, Inc. All rights reserved Zscaler Security Cloud Security Trends • Patient-0 payloads seen in Cloud Sandbox • Malicious documents, APKs, executables.. • Many payloads delivered over SSL from Box, Dropbox, AWS, Google.. • Zbot, njRAT (H-Worm), Dridex/Emotet callbacks remains at the top in recent months.
  • 11. • Distribution of new unique malicious payloads seen in Zscaler Cloud Sandbox leveraging SSL/TLS for C&C activity Taking callbacks to a new level Zscaler Cloud Threat Intelligence – Sandbox SSL/TLS threats • 60 percent were comprised of multiple Banking Trojan families (Dridex/Emotet, Trickbot, Zbot etc.) • 25 percent were comprised of ransomware families • 12 percent were comprised of Infostealer Trojan families (Fareit, Papras, etc.) SSL Blacklist (sslbl.abuse.ch)
  • 12. ©2017 Zscaler, Inc. All rights reserved.12 SSL use in Browser Exploit and Payload Delivery • Using SSL enabled Advertising networks • Used for injecting malicious scripts into legitimate websites • Abuse of free SSL providers: • Leveraging free certificates for enabling HTTPS support in their malicious domains • Bypasses SLL integrity checks in web browser Hiding in the Infection Chain Distribution by Certificate Authorities
  • 13. ©2017 Zscaler, Inc. All rights reserved.13 SSL Certificates and Validity Period • DV vs. OV vs. EV Certificates • Distribution of certificates involved in security blocks by verification method Hiding in the Infection Chain Validity Period Distribution • Majority of the certificates had a shorter validity period (<= 3 months) • Usually free certs
  • 14. ©2017 Zscaler, Inc. All rights reserved.14 SSL/TLS threats case study – Malicious Chrome extension • Delphi based Banking Trojan • Downloads and installs malicious Chrome extension • Capable of setting proxy and stealing/relaying cookies/credentials related to banking sites • Disables Google Chrome’s security warning
  • 15. ©2017 Zscaler, Inc. All rights reserved.15 ©2017 Zscaler, Inc. All rights reserved. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. Commercial Keylogger Trojan Live Infection Demo
  • 16. ©2017 Zscaler, Inc. All rights reserved.16 Security Best Practices • 70% of total traffic is SSL/TLS encrypted – Zscaler Cloud Insight • DV certificates with shorter duration are most abused SSL certs • SSL/TLS encrypted attacks are not just limited to APT campaigns • Multi-layered defense-in-depth strategy is key • SSL/TLS inspection for all secure web transactions is essential
  • 17. Objectives Ransom ExfiltratePropagate .Exe, Archive or Embedded Script How Files and Websites Spread Malware Infection StageHunting Stage Malware .EXE delivers final payload. Enables final hacking objectives. Enables command and control. 4 User browses trusted web page with compromised content 1 Hackers web servers deliver initial file and keeps exploit server hidden 2 Exploit Server Creates new malware samples on demand to bypass signature detection 3 iFrame redirect Exploit & Call home
  • 18. Web content scanning, Risk based analysis, App Control Browser Control Risk Based Scoring File, User, Group and QoS Control, Signature-based AV and IPS Inline Content Control Complete Packet ByteScan Malicious Hosts, Sites, Botnets Phishing, GEO, Protocol & ACLs Destination Based Blocking Dynamic & Behavioral Analysis of User ContentSandboxing Breaking the kill chain with Zscaler Recon and Creation Survey defenses Planning attack Create Payload Delivery Via trusted/untrusted sites and web content Exploitation Payload exploits unpatched vulnerability Installation Installing malware onto asset Command & Control (C2) Remote Control. Additional malware downloads Action on Objectives Lateral movement, data exfiltration, disruption, etc. DNS Security Botnet and Callback Detection DLP Security Full SSL Inspection Full SSL Inspection Find and stop more malicious threats
  • 19. Zscaler - Purpose Built, Global Security Cloud 19©2017 Zscaler, Inc. All rights reserved Los Angeles Dallas Denver Toronto New York Washington DC Atlanta Miami Paris Sao Paulo Johannesburg London Amsterdam Brussels Frankfurt Stockholm Moscow Mumbai Singapore Sydney Hong Kong Tokyo Madrid TaipeiDubai Riyadh Kuala Lumpur Cape Town San Francisco Chicago Lagos Tel Aviv Milan Copenhagen Melbourne Zurich Chennai Tianjin Doha Abu Dhabi Jeddah Al Khobar Warsaw Seattle Oslo Shanghai 40B+ Requests processed/day 100M+ Threats blocked/day 120K+ Unique security updates/day 100 data centers across 5 continents Internet Peering across 150 Vendors O365 Peering Data Center Secure Ongoing third- party testing CertifiedReliable Redundancy within and failover across DCs Transparent Trust portal for service availability monitoring
  • 20. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION20 Direct to Internet Block the bad, protect the good The best approach for SD-WAN and Office 365 Zscaler Internet Access – Fast, secure access to the Internet and SaaS Data Center APPSMPLS HQMOBILE BRANCHIOT Your security stack as a service Data Loss Prevention Cloud Apps (CASB) File Type Controls Data Protection Cloud Firewall URL Filtering Bandwidth Control DNS Filtering Access Control Adv. Protection Cloud Sandbox Anti-Virus DNS Security Threat PreventionReal-time policy engine Polices follow the user Changes are immediately enforced, worldwide Business analytics Global visibility into apps and threats blocked Identify botnet infected machines for remediation Real-time policy and analytics SaaS Open Internet
  • 21. ©2017 Zscaler, Inc. All rights reserved. Traditional Sandboxes vs Zscaler Cloud Sandbox Better Protection, Scalability and Intelligence HQBranchMobile Unlimited Capacity with full SSL inspection HQ Branch Mobile Sandbox Alert Limited Capacity with no SSL inspection ? ? Easily scale across all users/locations Inline architecture holds file until clean Cloud effect shares blocks to all customers Zscaler Cloud Sandbox Users off network go unprotected Sandbox allows files to pass and infect Threat data is often localized and not shared Traditional Sandbox
  • 22. ©2017 Zscaler, Inc. All rights reserved. Case Study: A Transition to Better User Security After full deployment Zscaler caught more threats and eliminated the need for FireEye US Healthcare Provider with 8100 users Zscaler deployment with Cloud Sandbox and SSL Inspection 28 11 8 18 11 7 8 6 3 1 5 12 39 73 60 87 180 202 291 181 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 1 10 100 1000 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Zscaler 100% Deployed FireEye DetectionsZscaler Deployment Zscaler Blocks Advanced Threats Found During Deployment
  • 23. ©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION23 A three-step journey to secure IT transformation (BROADBAND) Enable secure SD-WAN / local Internet breakouts – optimize backhaul Deliver a better and more secure user experience TRANSFORM Cloud-enable your network SIMPLIFY Remove point products Phase out gateway appliances at your own pace Reduce cost and management overhead SECURE Up-level your security Make Zscaler your next hop to the Internet Fast to deploy No infrastructure changes required
  • 24. ©2017 Zscaler, Inc. All rights reserved.24 Thank You! Questions and Next Steps 24 ©2017 Zscaler, Inc. All rights reserved. Deepen Desai Sr Director, Security Research & Operations @ddesai_av ddesai@zscaler.com Learn more about Zscaler Cloud Sandboxing Zero-Day Best Practices zscaler.com/resources Zscaler ThreatLabZ Research Blog blog.zscaler.com On Demand Webcasts Secure remote access without the pitfalls of VPN’s zscaler.com/company/webcasts Steve Grossenbacher Sr. Product Marketing Manger @grossenbacher_1 sgrossenbacher@zscaler.com Cloud Sandbox Solution Brief zscaler.com/sandbox How I survived my Office 365 deployment Tuesday, December 19th, 2017 | Americas - 10:00 am PST

Editor's Notes

  1. 10% increase Google predicted 80% of traffic to all Google property will be SSL Mozila page loads over HTTPS is 66.5%
  2. AV, sandboxing, IDS/IPS, DLP, etc.. are rendered useless without the ability to decrypt SSL
  3. Compromised sites, Squatted domains..
  4. Self signed, compromised, etc
  5. 21 => 45
  6. Platform approach a key piece
  7. Zscaler Cloud Sandbox easily scale protection to all users regardless of location. Typical centralized appliances are not able to deliver complete protection for users off network. Malware can exploit the system, and then spread laterally when connected to the network. Additionally, centralized appliances usually remain in tap mode and rarely make it inline, which limits their effectiveness. Malware is allowed to pass, and detection occurs after the fact By way of it’s architecture, Zscaler delivers a sandbox that always sits inline. Files can be quarantined and confirmed sandbox clean before delivery. Lastly, Zscaler Cloud Sandbox delivers the Cloud-effect which shares new threat detections across the cloud in seconds. Add to all this the fact that Zscaler can accommodate all a customers SSL traffic with no capacity limitation, and Zscaler is the clear winner over traditional appliance based solutions.
  8. As one of our customers deployed Zscaler, they noticed a change in their security logs. They were so excited that the forward the data to us without us even asking. We often get unsolicited feedback from customers on how excited they are about their Zscaler installation. In this case, you can see this customer did a controlled rollout of Zscaler over a 6 month period. As you can see, the more they deployed Zscaler, threat blocks increased on the Zscaler side, and FireEye detection reduced. There are a couple interesting notes about this case study: 1. Zscaler was able to block FAR more threats than FireEye due to the fact that all users on and off network can be covered 2. Many of the alerts FireEye saw after deployment were found to benign 3. The value of SSL inspection can’t be overstated. Customer found far more threats. FireEye is unable to inspect SSL traffic without costly additional hardware. With Zscaler at full deployment and actively blocking FAR more threats that FireEye ever was detecting (not blocking), it seems FireEye’s days are numbered!
  9. With Zscaler it’s simple to get started. In fact, we’ve cut over 40,000 in 1 weekend night and 160,000 users over 60 days. All you need to do to make Zscaler your next hop to the Internet is to make Zscaler your default route. A number of customers did this to block threats that were going undetected by their current security appliances without making any policy changes. Some also start by securing their mobile workers, then migrating their office locations. This allows them to take their security from a 6 or 7 to a 9 or 9.5 out of 10. No one is perfect. One ZPA customer got started with one of the uses cases before replacing their entire VPN infrastructure. The second phase of the journey involves phasing out security appliances to reduce cost and complexity. This can be done at your pace, but more often than not, this is typically shortly after or in tandem with starting to send traffic to Zscaler. With Zscaler in place, the third phase of the journey is about routing traffic locally via Internet breakouts to Zscaler. By routing traffic locally companies can optimize their MPLS spend and deliver a more secure and better user experience. Office 365 has been a key accelerator for local breakouts as Microsoft now recommends routing traffic locally and doing local DNS. So users are connecting to the closest Office 365 pop and on their CDN Network as fast as possible. ExpressRoute is now only recommending for very specific use cases. Microsoft also cautions against hub-and spoke-architectures with centralized proxies for a variety of reasons.