Please contact Noklek Finley or Doug Finley to discuss Naknan's endpoint security solutions. Naknan offers integrated whitelisting, patch management, and other controls to prevent malware execution and enforce compliance. Their solutions audit endpoints, update whitelists automatically during patching, and provide command/control of individual systems. Naknan differentiates itself through automated whitelist maintenance and its ability to schedule commands remotely.
Don Maclean, Chief Cybersecurity Technologist, DLT Solutions, and Mav Turner, IT Security Business Unit, SolarWinds, share the most important things you can do to keep your networks and data safe, and what tools are available to help.
Using recent real-world examples, Eystein Stenberg, CTO at Mender.io, discusses the opportunity of connected cars and walk the audience through the following:
- Key opportunities OEM’s have for connected vehicles, as demonstrated by Tesla’s ability to provide over-the-air (OTA) software updates
- The anatomy of the Jeep Cherokee hack: the technical details of how the Jeep Cherokee was hacked and steps you can take to reduce your attack surface
- Best practices on delivering over-the-air software updates with failover management.
We will cover specific benefits for OEM’s and their customers for connecting their vehicles. Many of the functions of Tesla’s Autopilot’s suite of autonomous driving functions were delivered over-the-air (OTA) as software. According to Elon Musk, these features have reduced the chances of having an accident by 50 per cent. Tesla is also able to drive additional revenue streams from their software that can be delivered over-the-air. For the Model S, customers have the option to purchase Autopilot, which starts at $2,500 USD.
Don Maclean, Chief Cybersecurity Technologist, DLT Solutions, and Mav Turner, IT Security Business Unit, SolarWinds, share the most important things you can do to keep your networks and data safe, and what tools are available to help.
Using recent real-world examples, Eystein Stenberg, CTO at Mender.io, discusses the opportunity of connected cars and walk the audience through the following:
- Key opportunities OEM’s have for connected vehicles, as demonstrated by Tesla’s ability to provide over-the-air (OTA) software updates
- The anatomy of the Jeep Cherokee hack: the technical details of how the Jeep Cherokee was hacked and steps you can take to reduce your attack surface
- Best practices on delivering over-the-air software updates with failover management.
We will cover specific benefits for OEM’s and their customers for connecting their vehicles. Many of the functions of Tesla’s Autopilot’s suite of autonomous driving functions were delivered over-the-air (OTA) as software. According to Elon Musk, these features have reduced the chances of having an accident by 50 per cent. Tesla is also able to drive additional revenue streams from their software that can be delivered over-the-air. For the Model S, customers have the option to purchase Autopilot, which starts at $2,500 USD.
Some common best practices for parishes that share pastors and/or pastoral staff. From a New Media Forum on October 24, 2012 in the Archdiocese of Boston. http://www.pilotnewmedia.com/parishwebsites
Applying formal methods to existing software by B.MonateMahaut Gouhier
"Applying formal methods to existing software: what can you expect?" Talk by Benjamin Monate, Co-founder and CTO of TrustInSoft, at the 2018 Sound Static Analysis for Security Workshop, in the NIST, USA, on June 27th.
This work has been supported by the Core Infrastructure Initiative of the Linux foundation.
Learn more about TrustInSoft
https://trust-in-soft.com/
Tools and Mechanisms for Network Security in an Organization.
Physical Security, Administrative Security and Technical Security measures have been described.
Security Testing Tools are Nessus, THC Hydra, Kismet, Nikto, WireShark and NMAP.
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
See this side-by-side comparison of FortiClient vs. Kaspersky Endpoint Security for Business based on preference data from user reviews. FortiClient rates 4.4/5 stars with 200 reviews. By contrast, Kaspersky Endpoint Security for Business rates 4.3/5 stars with 183 reviews. Each product's score is calculated with real-time data from verified user reviews, to help you make the best choice between these two options, and decide which one is best for your business needs.
HMI/SCADA 리스크 감소
돌발적인 가동중지를 최소화하고 조직을 보호할 수 있는 핵심 단계
Decrease your HMI/SCADA risk
Key steps to minimize unplanned downtime and protect your organization
Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground
Some of the most famous information breaches over the past few years have been a result of entry through embedded and IoT system environments. Often these breaches are a result of unexpected system architecture and service connectivity on the network that allows the hacker to enter through an embedded device and make their way to the financial or corporate servers. Experts in embedded security discuss key security issues for embedded systems and how to address them.
All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself.
Some common best practices for parishes that share pastors and/or pastoral staff. From a New Media Forum on October 24, 2012 in the Archdiocese of Boston. http://www.pilotnewmedia.com/parishwebsites
Applying formal methods to existing software by B.MonateMahaut Gouhier
"Applying formal methods to existing software: what can you expect?" Talk by Benjamin Monate, Co-founder and CTO of TrustInSoft, at the 2018 Sound Static Analysis for Security Workshop, in the NIST, USA, on June 27th.
This work has been supported by the Core Infrastructure Initiative of the Linux foundation.
Learn more about TrustInSoft
https://trust-in-soft.com/
Tools and Mechanisms for Network Security in an Organization.
Physical Security, Administrative Security and Technical Security measures have been described.
Security Testing Tools are Nessus, THC Hydra, Kismet, Nikto, WireShark and NMAP.
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
See this side-by-side comparison of FortiClient vs. Kaspersky Endpoint Security for Business based on preference data from user reviews. FortiClient rates 4.4/5 stars with 200 reviews. By contrast, Kaspersky Endpoint Security for Business rates 4.3/5 stars with 183 reviews. Each product's score is calculated with real-time data from verified user reviews, to help you make the best choice between these two options, and decide which one is best for your business needs.
HMI/SCADA 리스크 감소
돌발적인 가동중지를 최소화하고 조직을 보호할 수 있는 핵심 단계
Decrease your HMI/SCADA risk
Key steps to minimize unplanned downtime and protect your organization
Having been a Penetration Tester for the last 15+ years I have seen many environments and technologies. I have had the pleasure / hell of testing systems I’ve never even heard of and the agony of defeat on a major scale. Instead of just going over the what we used to work our way in, I want to go over the tricks the BLUE team used to keep us out! We will go over the technologies and techniques that have turned our traditional paths to root from minutes to months and the tricks that got us “caught” along the way. Not all pentests are a dream and the nightmares CAN / DO happen. So, let’s talk about how YOUR environment can become an attackers worst nightmare instead of their favorite playground
Some of the most famous information breaches over the past few years have been a result of entry through embedded and IoT system environments. Often these breaches are a result of unexpected system architecture and service connectivity on the network that allows the hacker to enter through an embedded device and make their way to the financial or corporate servers. Experts in embedded security discuss key security issues for embedded systems and how to address them.
All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself.
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
Japan is recently experiencing a rise in targeted attacks. However, it is rare that details of such attacks are revealed. Under this circumstance, JPCERT/CC has been investigating the attack operations targeting Japanese organizations including the government and leading enterprises. We have especially been tracking two distinct cases over a prolonged period.
The first case, which became public in 2015, drew nationwide attention for victimizing several Japanese organizations. In this case, the attacker conducts sophisticated attacks through network intrusion and targeting weak points of the organizations.
The second case has been continuously targeting certain Japanese organizations since 2013. Although this case has not drawn as much attention, the attacker has advanced techniques and uses various interesting attack methods.
This presentation will introduce the above two attack operations, including attack techniques we revealed through prolonged investigation, the malware/tools being used, as well as useful techniques/tools for analyzing related malware.
Whitepaper Abstract
This white paper explains why application whitelisting is being rapidly adopted as a security and control solution for control systems.
In three major sections, the paper:
Provides a detailed perspective on how application whitelisting technology works.
Discusses the use and benefits of whitelisting technologies in control system and Energy environments.
Explains how the technology is adapting to function in environments where controlled software changes are needed.
3. Malware Outbreaks Growing
• Constant morphing
● Constant attacks
● No target is too small
● Damage to victims goes far beyond money
● Government (and trial lawyers) growing interest
● Everyone is at risk
4. Today's Paradigm
● We know what malware looks like;
● Our users won't accept changes that impact the way they work;
● We can train our users so well they'll never make a mistake;
● And, our techs and SysAdmins;
● With just a little more effort we can deploy all patches to all
devices on time every time, without fail;
● We've always used blacklists; they work;
● We're smarter than the bad guys; and,
● We just got breached.
5. A New Paradigm
● We can't recognize everything that's bad;
● Users can accept reasonable changes because they all know an
identity-theft victim;
● We can know what is permitted on each computer;
● Whitelisting works because
✔ We now do it at the executable level (executables and shared
libraries);
✔ White lists can be updated each time a patch or update is
deployed;
✔ White list maintenance is mostly automated;
✔ Whitelisting is augmented with other endpoint controls.
● No matter what kind of malware gets in because of user errors,
misconfigurations, or missing patches, it can't execute.
6.
7. Security Assistant
● Stops everything not on white list
● Deploys patches, automates whitelist maintenance
● Audits endpoints by opening each file on all drives
● Semi-NAC
●Console window for every endpoint with schedule-capable
commands
8. Full Stop
● Stops everything not on white list
✔ Monitors hard drive writes (including browser cache)
✔ Quarantines if executable/shared library & not on white list
✔ Monitors process starts
✔ Blocks if starting program not on white list
✔ Monitors removable media
✔ Blocks execution if not on white list
9. Integrated Patch/Whitelist
Maintenance
● Deploys patches, automates whitelist maintenance
✔ Provisional whitelist includes pre- and post-patch file
information, as well as the patch itself;
✔ Post-patch whitelist removes information for pre-patch
conditions and the patch;
✔ ADDED VALUE – Endpoint restored to pre-patch restore
point is immediately obvious; no more unknown lost patches.
10. Full System Audit
Audits endpoints by opening each file on all drives
●
✔ Maps results to FDCC patch requirements Vulnerabilities Identified
✔ Maps results to CVE-type patchable vulnerabilities
✔ Can map to any similar standard or requirement
✔ Shows authorized software Consensus Audit Guidelines
Critical Control #2
✔ Shows unauthorized software
✔ "Click-to-Remove" builds script to remove unwanted files/applications, runs
when initiated from GUI
11. Network-Related
● Semi-NAC
✔ Monitor network traffic
✔ Each node "knows" other devices on same subnet
✔ Reports and refuses to communicate with unknown devices on same subnet
✔ Early 2010, not limited to same subnet
12. Command Window
● Window into every node
✔ Do anything you could if you were at the node
✔ Schedule console commands; no commands excepted
✔ Highly secure and very mature interface
✔ Gives complete control of each node, realtime and/or scheduled
13. Critical Infrastructure
FERC Critical Infrastructure Protection Requirements -- CIP-007-2
R3. Security Patch Management — establish, document and implement a security patch
management program for tracking, evaluating, testing, and installing applicable cyber
security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).
R3.1. document the assessment of security patches and security upgrades
R3.2. document the implementation of security patches.
R4. Malicious Software Prevention — use anti-virus software and other malicious
software (“malware”) prevention [and removal] tools
R4.1. implement anti-virus and malware prevention tools.
R4.2. implement a process for the update of anti-virus and malware prevention
“signatures.”
Similar requirements in other CIP documents.
14. Consensus Audit Guidelines
● Critical Control 2: Know all authorized and unauthorized
software; enforce whitelist – FULL
● Critical Control 10: Continuous Vulnerability Testing and
Remediation – PARTIAL (no H/W configuration checking)
● Critical Control 12: Anti-Malware Defenses – FULL
● Critical Control 15: Data Leakage Protection – PARTIAL (log
each USB drive inserted; write-to-removable media can be
prevented; block execution of malware which steals
data/information)
15. What Makes Us Different?
● Whitelisting with integrated Patch Management, making possible
● Automated whitelist maintenance
● Patch Compliance reporting without false positives (FDCC, CVE,
others)
● Event scheduling Shut down apps, change user mode,
● Command console on target node
schedule & execute any console command
● Network Access Control Detect/report newcomers on network
Each node has its own white list, updated as patches, updates, and applications are deployed.
Command console gives you a console window on the target node, and event scheduling lets
you schedule any input that the target node's console will accept, as if you were there.
Network Access Control discriminates between new authorized and new unauthorized
devices, although both are initially unknown.
16. End-User Impacts
● Can't run "non-business" applications
● Can't install off-whitelist software
● Can't download software from the web
● Can't run file-sharing and IM applications
● Can't get infected by web browsing or opening
infected email or attachments
Once users understand the importance of culture changes,
they go along
Approved "Add To Whitelist" policy and procedure must
be published to all
17. Organization Impacts
● No malware infections
● No patchable vulnerabilities
● No unauthorized software
● "Proof of Compliance" endpoint audits
● More orderly use of IT staff (fewer fire drills)
Increased security at all endpoints makes your
organization a less attractive target.
18. Demo
● Insert removable media – detected, reported, logged
● Execute file on removable media – blocked, reported,
logged
● Copy executable from removable media to hard
drive – quarantined, reported, logged
● Browse infected web site (assist malware
download as necessary) – download quarantined
● Repeat at other infected web sites – quarantined
Shouldn't your organization be so well protected?
19. Naknan Corporate Contacts
• Noklek Finley, President & CEO
- Doug Finley, Vice President 281-990-0030, Ext. 12
1300-A Bay Area Blvd., Suite 233
Houston, TX 77058
281-990-0030
www.naknan.com
Business Development Team:
Romani Perera, Business Development Romani_Perera@naknan.com
Timi Finley John, Director-Support Services Timi_Finley@naknan.com