The Next Cyber Security Threat is Here - AreYou Prepared?APTs– AdvancedPersistentThreatsPart1 –Learn5 or 13 Waysto Prevent...
Schedule of Events8:30am to 9:00am – Sign In & Breakfast9:00am to 11:30am – Education Sessions)11:30am to 12:30pm – lunch(...
RedZone’s Chief Lieutenant SeriesSister of The CIO Executive Series which is a TOP IT ExecutiveNetwork specializing in bri...
President and Founder• RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits MagazineKeep In Touch With Bill:@Th...
About James CrifasiLive Tweet from the event!@TheRedZoneCIO• CTO of RedZone Technologies• Co-founder ThunderDG• Co-founder...
SponsorsRedZone TechnologiesAssessment: IT Architecture and DesignIntegration: Security| Disaster Recovery| Infrastructure...
Agenda – 5 of 13 Methods to Prevent APTs –Advanced Persistent Threats1. MDM, BYOD & Mobility2. Password - Roles Based Acce...
Agenda – 5 of 13 Methods to Prevent APTs –Advanced Persistent Threats1. VMWare Horizon Suite – View 5 | VDI2. Thycotic Sof...
Set The StageLive Tweet from the event!@TheRedZoneCIO
Reality Shift in ITLive Tweet from the event!@TheRedZoneCIO• System communication is fundamentally changing – manytransact...
Reality Shift for AttackersLive Tweet from the event!@TheRedZoneCIO• Cyber criminals are becoming organized and profit-dri...
What is an APTAdvanced Persistent ThreatLive Tweet from the event!@TheRedZoneCIOAPTs are silent. They leave clues and trai...
Economics of PhishingLive Tweet from the event!@TheRedZoneCIOHundreds of millions $!Source: Bill Duane Talk on Authenticat...
Go Hunting!Live Tweet from the event!@TheRedZoneCIOChange the rules of the game by becoming proactive in rooting outmalwar...
Make It Hard….Live Tweet from the event!@TheRedZoneCIOfor these malicious Advanced Persistent Threats (APTs) to operate in...
Make It Hard….Live Tweet from the event!@TheRedZoneCIO“Most costly breaches come fromsimplefailures, not from attackeringe...
Where Do You Start?Live Tweet from the event!@TheRedZoneCIO
Security Defense? Whack-A-Mole? No!Live Tweet from the event!@TheRedZoneCIO
PlanLive Tweet from the event!@TheRedZoneCIO
Cunning – Be DifferentLive Tweet from the event!@TheRedZoneCIO
Security ScoreboardLive Tweet from the event!@TheRedZoneCIO
Security ScoreboardLive Tweet from the event!@TheRedZoneCIO
#1Live Tweet from the event!@TheRedZoneCIOBYOD | MDM | Mobile SecurityVMWare Horizon Suite
Live Tweet from the event!@TheRedZoneCIOPoint Solutions vs. Integrated
VMWare Horizon SuiteLive Tweet from the event!@TheRedZoneCIO• Centralized data!• Control and enforce data policy centrally...
VMWare Horizon SuiteLive Tweet from the event!@TheRedZoneCIO
Horizon View & MirageLive Tweet from the event!@TheRedZoneCIO
Key Features of Horizon SuiteLive Tweet from the event!@TheRedZoneCIO1. Single end-user workspace• Easy, secure access to ...
VMWare and APT DefenseLive Tweet from the event!@TheRedZoneCIO1. Can you deliver a secure desktop in minutes?• Efficiency ...
Key Features of Horizon SuiteLive Tweet from the event!@TheRedZoneCIO• Enterprise-Level Security• Data encryption on mobil...
Lessons Learned From OurExperience With Horizon SuiteLive Tweet from the event!@TheRedZoneCIO1. Beta lockdown and engineer...
#2Live Tweet from the event!@TheRedZoneCIOPasswords & RBACThycotic SoftwareSecret Server
Passwords | RBACLive Tweet from the event!@TheRedZoneCIOGAME OVER IF THE DOMAIN CONTROLLER ISCOMPROMISED!
Secret Server & RBACLive Tweet from the event!@TheRedZoneCIOIn the wrong hands, privileged accountsrepresent the biggest t...
Live Tweet from the event!@TheRedZoneCIOSource:www.unitedmedia.com/comics/dilbert
Privileged AccountsLive Tweet from the event!@TheRedZoneCIO• UNIX / Linux RootAccounts• Windows LocalAdmin Accounts• AD• D...
Privileged Accounts – Why Worry?Live Tweet from the event!@TheRedZoneCIO• Powerful accounts that run your network• The pas...
What is Secret Server?Live Tweet from the event!@TheRedZoneCIO• Web-based password repository• Distribute, organize & auto...
Mission Impossible AccessLive Tweet from the event!@TheRedZoneCIO
How Secret Server WorksLive Tweet from the event!@TheRedZoneCIO
Secret Server ROILive Tweet from the event!@TheRedZoneCIO
What’s In It For Me?Live Tweet from the event!@TheRedZoneCIO• Accountability• Access Management• Risk Management• Security...
#3Live Tweet from the event!@TheRedZoneCIOSecurity – Configuration and ChangeControlC3
C3 – Configuration and ChangeControlLive Tweet from the event!@TheRedZoneCIO• Systems are down – What happened?• Are you d...
C3 – Configuration and ChangeControlLive Tweet from the event!@TheRedZoneCIO• Audit Changes?• Who made the change?• What c...
C3 | Configuration Change ControlLive Tweet from the event!@TheRedZoneCIO
C3 | Configuration Change ControlLive Tweet from the event!@TheRedZoneCIO
C3 FeaturesLive Tweet from the event!@TheRedZoneCIO• Sends emails to specified individuals when changes are made to thenet...
Benefits of RZ Managing C3Live Tweet from the event!@TheRedZoneCIORedZone audits all C3 systems monthly, in which we...• R...
#4Live Tweet from the event!@TheRedZoneCIOOutbound HijackersBlue Coat
Outbound HijackersLive Tweet from the event!@TheRedZoneCIO• Prevent and silence outbound hijackers• There are over 300 kno...
Outbound Protection MethodsLive Tweet from the event!@TheRedZoneCIO• Firewall• PC• Network
Outbound Hijackers & Blue CoatLive Tweet from the event!@TheRedZoneCIO
#5Live Tweet from the event!@TheRedZoneCIODCS Policy | Security Policies andEnd User Education and AwarenessThunderDG
Live Tweet from the event!@TheRedZoneCIODo You Have A DCS Policy?
Live Tweet from the event!@TheRedZoneCIO“In the absence of security education orexperience, people (employees, users,custo...
DCS PoliciesLive Tweet from the event!@TheRedZoneCIO• Implement and enforce DCS Policies to prevent “drive by” malwareinfe...
ThunderDG & DCS PolicyManagementLive Tweet from the event!@TheRedZoneCIOComplete solution for employee policy management w...
ThunderDGLive Tweet from the event!@TheRedZoneCIO
ThunderDGLive Tweet from the event!@TheRedZoneCIO
How ThunderDG WorksLive Tweet from the event!@TheRedZoneCIO
Features & Benefits of ThunderDGLive Tweet from the event!@TheRedZoneCIOThunderDG allows you to…• Send internal policies &...
Questions?Live Tweet from the event!@TheRedZoneCIO
Upcoming EventsLive Tweet from the event!@TheRedZoneCIOVirtual Roundtable Collaboration - Wednesday, April 24th from 9am t...
Upcoming EventsLive Tweet from the event!@TheRedZoneCIOPhysical Event – Open To All MembersAPT Crimeware & Malware | Part ...
Upcoming EventsLive Tweet from the event!@TheRedZoneCIOPhysical Event – Open To All MembersAPT Crimeware & Malware | Part ...
Continue The DiscussionFollow the CIO Executive Series Group on LinkedIn!Follow @TheRedZoneCIO on Twitter!Live Tweet from ...
ContactsKristine WilsonManaging Coordinator | CIO Executive SeriesMarketing Manager | RedZone Technologies(410) 897-9494kw...
Upcoming SlideShare
Loading in …5
×

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

3,445 views

Published on

Is there a magic security bullet anymore? Can we ever feel safe because we have a UTM or Layer 7 Firewalls? Can one security product vendor get it all done for you? What is the right combination of products and processes that can achieve the highest possible security posture for your organization?

These are questions that CIO’s and IT Executives have been asking themselves as of late with the rise of advanced persistent threats (APTs). Unlike traditional Malware and Viruses, new Crimeware and APTs completely hijack your equipment and operate in stealth so that they are more capable of going undetected.

This topic has become an issue of National Security; the biggest businesses in the US are struggling, even with their dedicated security teams.

So, what is a medium business of 100-5000 users to do?

Don’t wait for your installed products to find Malware and Crimeware! Traditional tools are woeful and inadequate.

Over the next 3 months, the CIO Executive Series will review 13 new approaches to Malware/Crimeware defense in order to better prepare you for the upcoming battle you’re sure to fight.

We will help you change the rules of the game by becoming proactive in rooting out malware!

Make it hard for these malicious APTs to operate in stealth.

GO HUNTING!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,445
On SlideShare
0
From Embeds
0
Number of Embeds
2,508
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

  1. 1. The Next Cyber Security Threat is Here - AreYou Prepared?APTs– AdvancedPersistentThreatsPart1 –Learn5 or 13 Waysto PreventAPTsModerator:BillMurphyandJamesCrifasiLive Tweet from the event!@TheRedZoneCIO
  2. 2. Schedule of Events8:30am to 9:00am – Sign In & Breakfast9:00am to 11:30am – Education Sessions)11:30am to 12:30pm – lunch(sponsored by ThunderDG & Thycotic Software)Live Tweet from the event!@TheRedZoneCIO
  3. 3. RedZone’s Chief Lieutenant SeriesSister of The CIO Executive Series which is a TOP IT ExecutiveNetwork specializing in bringing CIO’s together tocollaborate, network, and stay current on industry trends.Just under 300 senior C-Suite IT executive membersFounded in 2000 | 13 years of experience bringing CIO’s togetherHost a number of events – both virtual and physical – each yearHost a “Special Event” annually | Past events have included:A Golf Outing, Dinner & ReceptionsLive Tweet from the event!@TheRedZoneCIO
  4. 4. President and Founder• RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits MagazineKeep In Touch With Bill:@TheRedZoneCIOCIO Executive Series Groupbillm@redzonetech.netAbout Bill MurphyLive Tweet from the event!@TheRedZoneCIO
  5. 5. About James CrifasiLive Tweet from the event!@TheRedZoneCIO• CTO of RedZone Technologies• Co-founder ThunderDG• Co-founder MA DR• University of Maryland Graduate | B.A. Criminology &Criminal Justice | B.S. Computer Science – AlgorithmicTheory & AI | M.S. Interdisciplinary Management• Keep In Touch With James: jcrifasi@redzonetech.net
  6. 6. SponsorsRedZone TechnologiesAssessment: IT Architecture and DesignIntegration: Security| Disaster Recovery| InfrastructureManaged Service ProgramsCloud Brokerage(410) 897-9494www.redzonetech.netThunderDGEmployee Policy Management, Education, and Awarenesswww.thunderdg.comThycotic SoftwarePassword Managementwww.thycotic.comLive Tweet from the event!@TheRedZoneCIO
  7. 7. Agenda – 5 of 13 Methods to Prevent APTs –Advanced Persistent Threats1. MDM, BYOD & Mobility2. Password - Roles Based Access Control to apps, servers & network devices3. Configuration and Change Control4. Prevent and Silence Outbound Hijackers5. DCS policies - Security Education, Training, AwarenessLive Tweet from the event!@TheRedZoneCIO
  8. 8. Agenda – 5 of 13 Methods to Prevent APTs –Advanced Persistent Threats1. VMWare Horizon Suite – View 5 | VDI2. Thycotic Software – Password Security3. C3 – Security Change Control for switches and routers4. Bluecoat - Prevent and Silence Outbound Hijackers5. ThunderDG – Policy and Education.Live Tweet from the event!@TheRedZoneCIO
  9. 9. Set The StageLive Tweet from the event!@TheRedZoneCIO
  10. 10. Reality Shift in ITLive Tweet from the event!@TheRedZoneCIO• System communication is fundamentally changing – manytransactions occur over the web• Network defenses are covering a shrinking portion of the attacksurface• Cloud is changing our notion of a perimeter• Worker mobility is redefining the IT landscape• Security Model good people vs. bad people to enabling partial trust• There are more “levels” of access: Extranets, partneraccess, customer access
  11. 11. Reality Shift for AttackersLive Tweet from the event!@TheRedZoneCIO• Cyber criminals are becoming organized and profit-driven• An entire underground economy exists to supportcybercrime• Attackers are shifting their methods to exploit both• technical and human weaknesses• Attackers after much more than traditional monetizabledata (PII, etc.)• Hacktivism• State-sponsored attacks• IP attacks/breaches
  12. 12. What is an APTAdvanced Persistent ThreatLive Tweet from the event!@TheRedZoneCIOAPTs are silent. They leave clues and trails but are essentiallydesigned not to be found.• Spear Phishing• Phishing• Rootkits• Traditional Hacker Tool Variants• Worms• Etc.
  13. 13. Economics of PhishingLive Tweet from the event!@TheRedZoneCIOHundreds of millions $!Source: Bill Duane Talk on Authentication
  14. 14. Go Hunting!Live Tweet from the event!@TheRedZoneCIOChange the rules of the game by becoming proactive in rooting outmalware..
  15. 15. Make It Hard….Live Tweet from the event!@TheRedZoneCIOfor these malicious Advanced Persistent Threats (APTs) to operate instealth.
  16. 16. Make It Hard….Live Tweet from the event!@TheRedZoneCIO“Most costly breaches come fromsimplefailures, not from attackeringenuity”- RSA 2013 Conf Chair Hugh Thompson
  17. 17. Where Do You Start?Live Tweet from the event!@TheRedZoneCIO
  18. 18. Security Defense? Whack-A-Mole? No!Live Tweet from the event!@TheRedZoneCIO
  19. 19. PlanLive Tweet from the event!@TheRedZoneCIO
  20. 20. Cunning – Be DifferentLive Tweet from the event!@TheRedZoneCIO
  21. 21. Security ScoreboardLive Tweet from the event!@TheRedZoneCIO
  22. 22. Security ScoreboardLive Tweet from the event!@TheRedZoneCIO
  23. 23. #1Live Tweet from the event!@TheRedZoneCIOBYOD | MDM | Mobile SecurityVMWare Horizon Suite
  24. 24. Live Tweet from the event!@TheRedZoneCIOPoint Solutions vs. Integrated
  25. 25. VMWare Horizon SuiteLive Tweet from the event!@TheRedZoneCIO• Centralized data!• Control and enforce data policy centrally• Embrace all devices• Stop doing MDM & get into data application management• User centric philosophy• Address application, data, VDI within one solution set
  26. 26. VMWare Horizon SuiteLive Tweet from the event!@TheRedZoneCIO
  27. 27. Horizon View & MirageLive Tweet from the event!@TheRedZoneCIO
  28. 28. Key Features of Horizon SuiteLive Tweet from the event!@TheRedZoneCIO1. Single end-user workspace• Easy, secure access to all apps/data from anymobile device2. Centralized IT Management3. File Sharing Capabilities• Offline & online• Document versioning, commenting & auditingcapabilities
  29. 29. VMWare and APT DefenseLive Tweet from the event!@TheRedZoneCIO1. Can you deliver a secure desktop in minutes?• Efficiency with security is important to keep costs low.2. IT being able to get the user back to a last known Golden Image iscritical!
  30. 30. Key Features of Horizon SuiteLive Tweet from the event!@TheRedZoneCIO• Enterprise-Level Security• Data encryption on mobile devices• Endpoint registration & remote wipecapabilities• Integration with Horizon View• Easy access to Virtual Desktops & apps viaHorizon View• Access View from any HTML5 browser viaremote protocol
  31. 31. Lessons Learned From OurExperience With Horizon SuiteLive Tweet from the event!@TheRedZoneCIO1. Beta lockdown and engineering review2. Make changes once to all departmental profiles3. One of the key values of VDI is the ability torestore a workstation back to a Goldenimage, which is free of Malware/Crimeware.
  32. 32. #2Live Tweet from the event!@TheRedZoneCIOPasswords & RBACThycotic SoftwareSecret Server
  33. 33. Passwords | RBACLive Tweet from the event!@TheRedZoneCIOGAME OVER IF THE DOMAIN CONTROLLER ISCOMPROMISED!
  34. 34. Secret Server & RBACLive Tweet from the event!@TheRedZoneCIOIn the wrong hands, privileged accountsrepresent the biggest threat to enterprisesbecause these accounts can breach personaldata, complete unauthorized transactions, causedenial-of-service attacks, and hide activity bydeleting audit data.- Information Security Magazine, 2009
  35. 35. Live Tweet from the event!@TheRedZoneCIOSource:www.unitedmedia.com/comics/dilbert
  36. 36. Privileged AccountsLive Tweet from the event!@TheRedZoneCIO• UNIX / Linux RootAccounts• Windows LocalAdmin Accounts• AD• Database• Server• Router• Firewall• Service Accounts are difficult to manage because theydon’t belong to a specific person• Access & Passwords are shared by a team of administrators• No accountabilityPrivileged Account Challenges
  37. 37. Privileged Accounts – Why Worry?Live Tweet from the event!@TheRedZoneCIO• Powerful accounts that run your network• The passwords are not being changed• Extremely difficult to know where they are beingused• Needed for emergency situations• Vulnerable to multiple types of attacks
  38. 38. What is Secret Server?Live Tweet from the event!@TheRedZoneCIO• Web-based password repository• Distribute, organize & automaticallyupdate privileged accounts from acentral location• Complete reporting & auditing capabilities toshow who has access & when passwords are beingused
  39. 39. Mission Impossible AccessLive Tweet from the event!@TheRedZoneCIO
  40. 40. How Secret Server WorksLive Tweet from the event!@TheRedZoneCIO
  41. 41. Secret Server ROILive Tweet from the event!@TheRedZoneCIO
  42. 42. What’s In It For Me?Live Tweet from the event!@TheRedZoneCIO• Accountability• Access Management• Risk Management• Security• Compliance• Reduced Labor costs
  43. 43. #3Live Tweet from the event!@TheRedZoneCIOSecurity – Configuration and ChangeControlC3
  44. 44. C3 – Configuration and ChangeControlLive Tweet from the event!@TheRedZoneCIO• Systems are down – What happened?• Are you dependent on the guy with the mostcertifications to bail you out?
  45. 45. C3 – Configuration and ChangeControlLive Tweet from the event!@TheRedZoneCIO• Audit Changes?• Who made the change?• What changed?
  46. 46. C3 | Configuration Change ControlLive Tweet from the event!@TheRedZoneCIO
  47. 47. C3 | Configuration Change ControlLive Tweet from the event!@TheRedZoneCIO
  48. 48. C3 FeaturesLive Tweet from the event!@TheRedZoneCIO• Sends emails to specified individuals when changes are made to thenetwork configuration and highlights what those changes were• Allows you to quickly visually identify system changes• Consolidates all changes into a single change alert• Allows for companies/organizations to hire less experienced (and lessexpensive) talent so that they can be less dependent on certified (moreexpensive) individuals• System is managed by RedZone
  49. 49. Benefits of RZ Managing C3Live Tweet from the event!@TheRedZoneCIORedZone audits all C3 systems monthly, in which we...• Review the change logs & talk to the client to make sure that their ITprofessionals are receiving the change reports• Ensure a valid backup for each system C3 is monitoring is taking place *• Check that all of the clients’ existing devices are recognized and checked byC3and that they haven’t add any new devices to, or removed any old devicesfrom, the networkBecause, let’s face it, machines and automation are great, but if systems are notbeing maintained by actual people, they can become inefficient or – even worse– a handicap.*Note: None of your data ever leaves your network; RedZone will never back upyour system to our network
  50. 50. #4Live Tweet from the event!@TheRedZoneCIOOutbound HijackersBlue Coat
  51. 51. Outbound HijackersLive Tweet from the event!@TheRedZoneCIO• Prevent and silence outbound hijackers• There are over 300 known hacker tools that are designed not to befound• Find the trails they leave behind• Silence Outbound Hijackers Management• There are specific sites to which an employee can go• There is a tight acceptable use of internet• Outbound Protocol Management & Control• Lockdown of outbound UDP, for example• Bluecoat Application Identification
  52. 52. Outbound Protection MethodsLive Tweet from the event!@TheRedZoneCIO• Firewall• PC• Network
  53. 53. Outbound Hijackers & Blue CoatLive Tweet from the event!@TheRedZoneCIO
  54. 54. #5Live Tweet from the event!@TheRedZoneCIODCS Policy | Security Policies andEnd User Education and AwarenessThunderDG
  55. 55. Live Tweet from the event!@TheRedZoneCIODo You Have A DCS Policy?
  56. 56. Live Tweet from the event!@TheRedZoneCIO“In the absence of security education orexperience, people (employees, users,customers, …) naturally make poorsecuritydecisions with technology”- Hugh Thompson, RSA Conf 2013
  57. 57. DCS PoliciesLive Tweet from the event!@TheRedZoneCIO• Implement and enforce DCS Policies to prevent “drive by” malwareinfections• What alarms go off when someone clicks something?• Policy, as well as complimentary training, is a major element inhelping people be more secure because it ensures people fullyunderstand the policy and why it is in place
  58. 58. ThunderDG & DCS PolicyManagementLive Tweet from the event!@TheRedZoneCIOComplete solution for employee policy management w/ 3 key features1. Electronic delivery, storage & tracking of employee policies2. Electronic signing of employee policies3. Integration with employee training portal to ensure fullunderstanding of policies
  59. 59. ThunderDGLive Tweet from the event!@TheRedZoneCIO
  60. 60. ThunderDGLive Tweet from the event!@TheRedZoneCIO
  61. 61. How ThunderDG WorksLive Tweet from the event!@TheRedZoneCIO
  62. 62. Features & Benefits of ThunderDGLive Tweet from the event!@TheRedZoneCIOThunderDG allows you to…• Send internal policies & contracts to thousands of signers instantly• Send documents for both approval & signature in 1 easy step• Create custom forms & workflows to help comply with companystandards• Create a document library for standard forms & contracts• Access complete document history & auditSo you can…• Increase ROI• Save time and money via the paperless, automated process• Gain insight into your entire policy signing process• Improve performance & enforce best practices
  63. 63. Questions?Live Tweet from the event!@TheRedZoneCIO
  64. 64. Upcoming EventsLive Tweet from the event!@TheRedZoneCIOVirtual Roundtable Collaboration - Wednesday, April 24th from 9am to10amMobile Device Management PoliciesLet us know if you’re interested in attending and we’ll be sure toemail you the link to register.
  65. 65. Upcoming EventsLive Tweet from the event!@TheRedZoneCIOPhysical Event – Open To All MembersAPT Crimeware & Malware | Part 2You just attended Part 1 (we will provide a recap of the event on thewebsite shortly and will email you when that is available).In Part 2, we will be reviewing:• Application Whitelisting• Data Loss Prevention (DLP)• End User Policy Education, Training & Awareness• Aggressive Patching for Servers, Workstations & 3rd Party AppsWednesday, May 15th from 8:30am to 12:30pmEggspectations in ColumbiaWe will email you with registration information as soon as it’s available.
  66. 66. Upcoming EventsLive Tweet from the event!@TheRedZoneCIOPhysical Event – Open To All MembersAPT Crimeware & Malware | Part 3This will be the third and final installment of the APT Crimeware & MalwareEvent Series and will focus on:• Dropbox & Cloud Storage Mitigation• Multi-Factor Authentication• File Permission Security Audit• Deep Defense APT• How to Go Hunting!Wednesday, June 12th from 8:30am to 12:30pmEggspectations in ColumbiaWe will email you with registration information as soon as it’s available.
  67. 67. Continue The DiscussionFollow the CIO Executive Series Group on LinkedIn!Follow @TheRedZoneCIO on Twitter!Live Tweet from the event!@TheRedZoneCIO
  68. 68. ContactsKristine WilsonManaging Coordinator | CIO Executive SeriesMarketing Manager | RedZone Technologies(410) 897-9494kwilson@redzonetech.netLive Tweet from the event!@TheRedZoneCIO

×