The ever-escalating threats to your business posed by ransomware and all forms of malware cannot be ignored. Cyber-criminals are employing every technology and tactic available to defeat your security systems and then go completely unnoticed as they systematically penetrate and catalog your systems and data to methodically prepare for a coordinated, carefully orchestrated, multipronged attack. The IBM i can be a rich target of valuable data for these bad actors. Malware attacks are active, not static. Traditional automated scanning, alerting and remediation practices are no longer enough. Instead, the focus needs to be upon securing critical assets and data stores using a multi-layered defensive approach. In practical terms, this means employing every possible security tool and tactic available, in a coordinated, programmatic way. Join us for this on-demand webinar to better understand: o The risks of relying on an “identify and remediate” approach to malware o A different approach to more effectively prevent malware o How a multi-layered security strategy can protect IBM i from malware threats

1. Defending Your IBM i
Against Malware
The Rules Have Changed
Bill Hammond | Director, Product Marketing
Gavriel Meir-Levi | Sales Director, Security Products

2. Housekeeping
Webinar Audio
• Today’s webcast audio is streamed through your
computer speakers
• If you need technical assistance with the web interface
or audio, please reach out to us using the Q&A box
Questions Welcome
• Submit your questions at any time during the
presentation using the Q&A box. If we don't get to your
question, we will follow-up via email
Recording and slides
• This webinar is being recorded. You will receive an email
following the webinar with a link to the recording and
slides
2

3. Evolving Threat

4. ReBoot Required
4
The very nature of cyber threats has changed
• Countering requires a business-wide paradigm shift
Two fundamental changes required:
• Everyone understands why advanced threats are very
different, how they actually work
o Executives, L.O.B. leaders, Employees
o Partners, Vendors
• Commitment to informed, cooperative and integrated
IT security planning management practices.

5. Malware and Ransomware
5
• A growing range of cyber-attack products and services
• Marketed and sold by a wide range of ‘companies’
• Steady, organized industrialization of cyber-attack tools and
services
• Ransomware as a Service sector
• Operating in the very efficient ‘Dark Web’ marketplace
• Highly developed, broadly marketed, extremely profitable,
industrial-scale
We are not up against a few, exceptionally clever and
evil “bad actors”

6. Architecture
of Malware
Attacks
Actively guided
and executed
Stealthy, nearly
invisible
• Not chunks of malicious code /payloads
• Not a single, standardized sequence of
actions
• Skilled human hacker gains access, studies
your systems
• Fully customized and carefully timed and
sequenced
• Nearly impossible to distinguish from
‘normal’ user or application activity
• Main activity is… inactivity
• Quietly evaluates potential targets,
learns your security patterns and
gaps, considers tactics
Immediate
monetary reward
Crypto-Currency
enabled
• Direct payment from victim, not resale of
information
• (Actually, they often do that as well,
even after ransom is paid)
• Hackers world-wide investing heavily in
malware skills development, computing
and network resources
• The “Unmarked Bills” for all 21st
century cyber-extortion
• Easily traded and /or converted to
conventional currencies
• Crypto transactions are (currently)
effectively beyond the reach of law
enforcement agencies and modern
global financial controls.
6

7. Ransomware Business Model
7
Ransomware
Target
3rd Party
Partners
Ransomware
Software
Developer
* Diagram from Get IT Solutions blog.com

8. Ransomware Business Model
8
Ransomware
Target
3rd Party
Partners
Ransomware
Software
Developer
The network is
compromised by 3rd Party
Ransomware Partners. It’s
the partner’s job to get the
ransomware software onto
the network. Security Best
Practices such as Basic
MFA does help… but it
won’t lock down the IBM i
completely.
* Diagram from Get IT Solutions blog.com

9. The rules have changed
9
Cyber Thieves scoff at ‘Best Practices’
• No way to develop and deploy standardized “profiles” or
“signatures”
• Automated scanning, alerting and remediation ‘necessary
but not sufficient’
• More time-consuming hands-on or ad hoc systems
surveillance is also a losing battle plan.

10. Multi-layered defense is required
10
Next-generation IT Security strategy
• Assume any security methods and tools you deploy will be
defeated by human intelligence and creativity
• Focus on securing critical assets and data stores using a
multi-layered, sequential defensive approach.
Existing IT security tools and systems are not obsolete or
unneeded
• Key is applying them in a new context
• Sequential, layered defenses, employing every security
option you have available, but in a coordinated,
programmatic way

11. Malware Protection

12. Anatomy of a Ransomware Attack
12

13. Anatomy of a Ransomware Attack
13
IFS

14. Anatomy of a Ransomware Attack
14
IFS
Advanced
MFA

15. Assure
Advanced
MFA
5250 FTP
• Protection against compromised
• Credentials
• Workstations
• Sessions
• Add System Access Manager
• Starting of check printers
• Accessing and updating data
• IP ranges
• Time of day/week
• File Shares
• Authentication
• Initial Program
• Modified Sign on via Telnet
• Advanced
• System Access Manager
• Authentication
• Advanced
• System Access Manager
ODBC NetServer
• Authentication
• Advanced
• System Access Manager
• Advanced
• System Access Manager
• File Share
• File Share Directory
15

16. Anatomy of a Ransomware Attack
16
IFS
Advanced
MFA
Elevated Authority
Management

17. Anatomy of a Ransomware Attack
17
IFS
Advanced
MFA
Elevated Authority
Management
SIEM

18. Anatomy of a Ransomware Attack
18
IFS
Advanced
MFA
Elevated Authority
Management
SIEM

19. The threat to IBM i
19
IBM i has a sterling reputation for system security and data
protection
• But even IBM itself says that IBM i highly securable, not
inherently secure.
• Still requires all appropriate security options it offers are
properly implemented.
IBM i no longer a Security Island
• IBM i hardware, applications and data are increasingly
integrating with other platforms
• Web partners, service providers, cloud-based e-commerce
systems, more…

20. Malware on IBM i
• No (current) malware for IBM i ‘proper’
– that is, the operating system itself
• IBM i can be affected by malware in
the IFS in two ways
• An infected object is stored in the IFS
• Malware enters the system from an
infected workstation to a mapped drive
(that is, IBM i) via a file share on the IFS
20

21. Three Key Use Cases
1. Ransomware Defense
• Advanced Multi-Factor Authentication
• Reporting & Alerting
• Lock Down IFS Directory
2. Advanced MFA
• Secure ODBC
• Secure FTP
3. Basic MFA
• Secures Telnet
• Integrate with RSA, Okta Radius, Duo and others
• Management “Four Eyes” Principle
21

22. Build a multi-layered defense

23. Advanced MFA protects against
credential theft
23
• Credential theft can happen in several ways
• An intruder is in the network and sniffs cleartext user ids and passwords off
the network
• An intruder knows of an application that stores cleartext passwords and
steals those
• Credential stuffing …
• An intruder finds user ids and passwords have been stolen from somewhere else,
sold on the dark web and attempts to use them at another organization
• This is often successful because many people re-use the same password multiple
places – banks, amazon and other online retailers and then at work
Multi-factor Authentication can prevent all of these!
Even if an intruder has a valid
user id / password combination,
they won’t have the second
authentication piece.

24. Protect
external and
internal points
of entry
Heavy focus on
defending
against “insider”
threats
IBM i platform
includes
extensive options
for access control
Granting/revoking
Elevated Authority
Avoid reliance
upon basic
password-based
authentication
24

25. Harden the
ultimate
targets:
Data at rest
and in motion
Ransomware is
about finding
and “kidnapping”
your data via
encryption
Stealthy, nearly
invisible
Applies to all your
data, wherever it
exists, and at all
times
25

26. Always be
monitoring
Seemingly
normal
anomalies may
indicate attack
already in
progress
Elevated
privileges
acquired,
leveraged to
continue
“exploring”
Approach
systems
surveillance and
security analysis
as a fuzzy-logic
process
Upgrade access
control rules
26

27. Integrate and coordinate security
27
Security Information and Event Management (SIEM) solutions
are integral to security
• IBM i is deeply integrated operationally with all your other
systems and platforms,
• IBM i security must also be fully integrated enterprise
security plans and systems.
Challenges to integrating IBM i include:
• Wide range of security log sources, proprietary data formats
• Specialized, platform-specific skills
Best approach: Third-party solution to automate monitoring
and presentation of IBM i security data to your SIEM solution

28. How Precisely can help

29. Assure Security for IBM i
• Defending against the increasing sophistication and complexity
of today’s security threats, including malware requires a
comprehensive, multi-layered approach.
• The key is to maximize the strength of each layer of your
defenses, and then ask:
“If this layer is breached, what do I have
in place to prevent further damage?”
• Assure Security delivers market-leading IBM i security
capabilities that help your organization successfully comply
with increasingly stringent cybersecurity regulations and
effectively address current and emerging security threats.
29

30. 30
30
Assure Security
Data Privacy
Assure Encryption
Assure Secure File
Transfer
Assure Monitoring
and Reporting
Assure Db2 Data
Monitor
Access Control
Assure System
Access Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Monitoring Malware Defense
Assure System
Access Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Assure Monitoring
and Reporting
Assure Encryption
Assure
Security
addresses
top security
concerns

31. 31
Malware
Defense
Assure System Access Manager
Secure all points of entry into to your
system including network access,
database access, command line access
and more
Assure Monitoring and Reporting
Simplify analysis of IBM i journals to
monitor for security incidents and generate
reports and alerts
Assure Elevated Authority
Manager
Automatically elevate user authority as-
needed and on a limited basis
Assure Multi-Factor Authentication
Strengthen login security by requiring
multiple forms of authentication
Assure Encryption
Transform human-readable database
fields into unreadable cypher text using
industry-certified encryption & key
management solutions

32. For more information
on defending against
malware
32
https://www.precisely.com/resource-center/ebooks/how-malware-is-reshaping-
ibm-i-security-the-rules-have-changed

33. Q & A

34. 34