Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Imunify360 Webinar
Jan 11, 2016
Hosting Industry Survey revealed...
13%
19%
25%
28%
37%
45%
48%
49%
53%
61%
67%
DNS Poisoning
Information disclosure
Privi...
The state of security in
hosting
 Distributed attacks are on the rise
○ Not only DDoS
○ Distributed brute force attacks
○...
 Existing tools are not capable to
handle
○ Single server
○ Dumb
• No history
• No behavior analytics
• No heuristics
The...
 Too many sources of incidents
 Too many decisions to make
 No way to correlate
Too many decisions to make
 Centralized dashboard
 Herd protection
 Sandboxing
 Heuristics
 Machine learning
 All that without re-inventing the...
 Firewall ‒ Herd immunity
○ Machine learning
○ 17K+ IPs blocked
automatically
○ Large # of honeypots
○ Better immunity wi...
 Reduce false positive
○ Use captcha to automatically unblock
○ Train AI to reduce false positives...
Firewall ‒ Protecti...
 OSSEC for IDS
o ML to decrease false positives
IDS
 Very popular
 More features than Imunify360
 Huge expertise
We will integrate it into Imunify360
Best of both words:
...
 Mod_security
○ OWASP
○ Comodo
○ Atomic
 Herd immunity → Feeds into
correlation engine → firewall
○ Machine learning
○ M...
 Maldet protection scanning
○ Automated scans
○ On upload scans
• PHP
o Attack IP detection (ext attributes)
• FTP
• SSH
...
 Patch management
○ KernelCare
• Kernel
• OpenSSL (soon)
• GLIBC (soon)
○ HardenedPHP
○ Security configuration / RPM
vers...
 Covered by WAF
 Covered by Softaculous
 Covered by Patchman
 Main issues:
o plugins, not web apps
o 0-day vulnerabili...
Limit what webapps can do:
 Today webapps can do whatever unprivileged linux user can do
○ Does wordpress need to be able...
 AV vendors know that signatures
don’t work
 Sandboxing & heuristics used on
desktop for 10+ years
 Not used on web ser...
 Train ML on ‘good behaviors’
 Automatically detect bad
behaviors
 Lock down after training
Sandboxing Stage II:
heuris...
 Train on each site individually
 Re-train on upgrades
○ User managed lock/unlock
 Use client’s IP ‘reputation’ for
goo...
Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on J...
 Is your IP on any of the
blacklists
○ SPAM
○ Botnet
 Is any of hosted domains on
the blacklists:
○ Malware
○ Phishing
○...
Why is that important?
Configurable
 Use all related info to detect attacks
 Use machine learning to correlate
information
 Use multiple layers to detect, ...
Imunify360 Imunify Sensor
Maximum security with sophisticated attack
detection
Basic security with lightweight attack
dete...
 Dedicated / VPS
 Shared
 cPanel
 DirectAdmin
 Plesk
Good For Web Servers
Goal: zero
configuration, good
for novice, ...
Pricing
Imunify360
Retail: $35/month
Service Provider: $9/month
Imunify Sensor
Retail: $9/month
Service Provider: $2/month
Resources:
 Imunify360.com
 Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server-
security-comparison
 Sur...
Keeping web servers safe and profitable with Imunify360
Upcoming SlideShare
Loading in …5
×

Keeping web servers safe and profitable with Imunify360

1,000 views

Published on

Imunify360 is the next-generation Linux Web server security solution. It uses herd immunity and the 6-layer approach providing total protection against attacks.

Published in: Technology
  • Be the first to comment

Keeping web servers safe and profitable with Imunify360

  1. 1. Imunify360 Webinar Jan 11, 2016
  2. 2. Hosting Industry Survey revealed... 13% 19% 25% 28% 37% 45% 48% 49% 53% 61% 67% DNS Poisoning Information disclosure Privilege escalation XSS attacks and similar Comment SPAM Website Defacement Code/SQL Injections Brute force attacks Remote exploit Malware infection DoS/DDoS Over 60% reported customers worry about security. Top reported issues:
  3. 3. The state of security in hosting  Distributed attacks are on the rise ○ Not only DDoS ○ Distributed brute force attacks ○ Distributed port scans ○ Distributed OS & Application fingerprinting ○ Distributed vulnerability scans
  4. 4.  Existing tools are not capable to handle ○ Single server ○ Dumb • No history • No behavior analytics • No heuristics The state of security in hosting
  5. 5.  Too many sources of incidents  Too many decisions to make  No way to correlate Too many decisions to make
  6. 6.  Centralized dashboard  Herd protection  Sandboxing  Heuristics  Machine learning  All that without re-inventing the wheel Imunify360
  7. 7.  Firewall ‒ Herd immunity ○ Machine learning ○ 17K+ IPs blocked automatically ○ Large # of honeypots ○ Better immunity with each additional server Protection Vectors ‒ Firewall
  8. 8.  Reduce false positive ○ Use captcha to automatically unblock ○ Train AI to reduce false positives... Firewall ‒ Protection Layers
  9. 9.  OSSEC for IDS o ML to decrease false positives IDS
  10. 10.  Very popular  More features than Imunify360  Huge expertise We will integrate it into Imunify360 Best of both words:  Same herd immunity  Same captcha / training  Same CSF flexibility Firewall ‒ CSF
  11. 11.  Mod_security ○ OWASP ○ Comodo ○ Atomic  Herd immunity → Feeds into correlation engine → firewall ○ Machine learning ○ Most attacks will not reach WAF, will be blocked at firewall WAF ‒ Protection Layers
  12. 12.  Maldet protection scanning ○ Automated scans ○ On upload scans • PHP o Attack IP detection (ext attributes) • FTP • SSH ○ Backup integration / automated recovery of infected files Malware scanning ‒ Protection Vectors
  13. 13.  Patch management ○ KernelCare • Kernel • OpenSSL (soon) • GLIBC (soon) ○ HardenedPHP ○ Security configuration / RPM version scans Patch Management ‒ Protection Layers
  14. 14.  Covered by WAF  Covered by Softaculous  Covered by Patchman  Main issues: o plugins, not web apps o 0-day vulnerabilities Outdated web apps? Reliance on knowing more than attacker
  15. 15. Limit what webapps can do:  Today webapps can do whatever unprivileged linux user can do ○ Does wordpress need to be able same things as strange, gcc or name server? ○ Filter/limit syscalls available ○ Filter/limit filesystem operations/access Protection layer ‒ Sandboxing Different approach No 0-day privilege escalations No turning a web app into a ‘bot’ part of the botnet.
  16. 16.  AV vendors know that signatures don’t work  Sandboxing & heuristics used on desktop for 10+ years  Not used on web servers  Huge improvement in server security Sandboxing ‒ because signatures don’t work
  17. 17.  Train ML on ‘good behaviors’  Automatically detect bad behaviors  Lock down after training Sandboxing Stage II: heuristics + AI Prevent majority of injection & defacement attacks
  18. 18.  Train on each site individually  Re-train on upgrades ○ User managed lock/unlock  Use client’s IP ‘reputation’ for good vs bad  Use ‘banking style’ notifications (e-mail, sms, phone) for site owner Sandboxing Stage II: AI
  19. 19. Possible attack against yoursite.com detected We have detected possible attack against yoursite.com Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP] [+more info on the attack] Was it you? ‘Bad Action’ Notifications YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
  20. 20.  Is your IP on any of the blacklists ○ SPAM ○ Botnet  Is any of hosted domains on the blacklists: ○ Malware ○ Phishing ○ SPAM Reputation management
  21. 21. Why is that important?
  22. 22. Configurable
  23. 23.  Use all related info to detect attacks  Use machine learning to correlate information  Use multiple layers to detect, and defend against the attacker  Minimize human involvement ○ Minimize decision making 360° defense
  24. 24. Imunify360 Imunify Sensor Maximum security with sophisticated attack detection Basic security with lightweight attack detection Centralized Incident Management dashboard Firewall Advanced Firewall with herd immunity Standard Firewall Smart Intrusion Detection System IDS/IPS Patch management Intelligent Web application sandboxing KernelCare HardenedPHP Complete feature comparison at imunify360.com Imunify360 vs Imunify Sensor
  25. 25.  Dedicated / VPS  Shared  cPanel  DirectAdmin  Plesk Good For Web Servers Goal: zero configuration, good for novice, better than expert...
  26. 26. Pricing Imunify360 Retail: $35/month Service Provider: $9/month Imunify Sensor Retail: $9/month Service Provider: $2/month
  27. 27. Resources:  Imunify360.com  Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server- security-comparison  Survey: https://www.cloudlinux.com/images/content/resources/Hosting- Industry-Survey-Results-2016.pdf Questions?

×