Symantec, profile picture
Uploaded bySymantec
PDF, PPTX519 views

Protecting Against Ransomware

The document outlines a webinar series by Symantec focusing on endpoint protection against ransomware, emphasizing various strategies and technologies to mitigate risks. Key topics include the ransomware attack chain, detection capabilities, and protective measures such as user education, email security, and comprehensive backup solutions. It also highlights the use of advanced machine learning and behavior-based prevention methods to enhance security.

Embed presentation

Download as PDF, PPTX
Part 2: Protecting against Ransomware Jonathan Korba Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
5-Part Webinar Series: Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response May 18, 2017 https://www.symantec.com/about/webcasts
Agenda 3 What is Ransomware and what are the risks? How does Symantec Endpoint Protection 14 block Ransomware? Demos: SEP 14 in action
Copyright © 2016 Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Ransomware Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
While end-users see Word files as harmless they can hide macro-viruses 5 Copyright © 2016 Symantec Corporation
6 Copyright © 2016 Symantec Corporation
7
8 Drive-by-Downloads Malicious Email Infection Vectors How is Ransomware getting in?
Ransomware Attack Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption 9 Copyright © 2016 Symantec Corporation
SEP 14 Protection across Ransomware Attack Kill Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption Download Insight, AV: Machine Learning, Emulator IPS, Memory Exploit Mitigation IPS SONAR, Application Control 10 Copyright © 2016 Symantec Corporation
Emulation Capabilities Fast and accurate detection of hidden malware Copyright © 2016 Symantec Corporation 11 Packer Packer Executable No Emulation Emulation Emulation Environment Packed, not recognized Payload Recognized Emulation Environment Unpacking Executable Emulates file execution to cause threats to reveal themselves Lightweight solution runs in milliseconds with high efficacy Malware hides behind custom polymorphic packers Emulator ‘unpacks’ the malware in a virtual environment Executable
Memory Exploit Mitigation Blocks zero-day attacks by hardening the operation system 12 Signature-less and works regardless of the flaw/bug/vulnerability Preemptively blocks exploit techniques, foiling attempts of attackers to take over a machine Patch Released Patch Applied Vulnerability Discovered Vulnerability Disclosed ZONE OF EXPLOITATION WEEKS MONTHS “Memory Exploit Mitigation” 1. Java Exploit Protection 2. Heap Spray 3. SEHOP Copyright © 2016 Symantec Corporation
13
Demo: IPS Blocks Outbound Communications from Ransomware Copyright © 2016 Symantec Corporation 14
Demo: Application Control Blocks Ransomware the uses Office Documents Copyright © 2016 Symantec Corporation 15
Protection Against Ransomware • User Education • Email/Gateway Security • OS/App Patching • Maintain an endpoint security solution – File reputation analysis – Static file malware prevention with Machine Learning – Exploit prevention – Behavior-based prevention – Application Control • Limit end user access to mapped drives – make read only and password protect • Deploy and secure a comprehensive backup solution 16 Copyright © 2016 Symantec Corporation
Q&A 17
Thank you! Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Jonathan Korba Systems Engineer Symantec 18

More Related Content

PPTX
Ransomware: Can you protect against attacks?
byOsirium Limited
 
PDF
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
byVijay Sarathy Rangayyan
 
PPTX
Preventing lateral spread of ransomware
byOsirium Limited
 
PPTX
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
byStorage Switzerland
 
PDF
Ransomware - Information And Protection Guide - Executive Summary
byBright Technology
 
PPTX
Technical guidance to prevent wanna cry ransomware attack
byAvanzo net
 
PPTX
Wannacry & Petya ransomware
byRaghavendra P.V
 
PDF
Ransomware: Attack, Human Impact and Mitigation
byMaaz Ahmed Shaikh
 
Ransomware: Can you protect against attacks?
byOsirium Limited
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
byVijay Sarathy Rangayyan
 
Preventing lateral spread of ransomware
byOsirium Limited
 
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
byStorage Switzerland
 
Ransomware - Information And Protection Guide - Executive Summary
byBright Technology
 
Technical guidance to prevent wanna cry ransomware attack
byAvanzo net
 
Wannacry & Petya ransomware
byRaghavendra P.V
 
Ransomware: Attack, Human Impact and Mitigation
byMaaz Ahmed Shaikh
 

What's hot

PPTX
What is Ransomware? How You Can Protect Your System
byClickSSL
 
PPTX
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
byQualys
 
PPTX
Ransomware: A Perilous Malware
byHTS Hosting
 
PDF
AI for Ransomware Detection & Prevention Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
PPTX
Ransomware Resiliency, Recoverability and Availability
byLai Yoong Seng
 
PDF
Advanced Threat Protection – ultimátní bezpečnostní řešení
byMarketingArrowECS_CZ
 
PDF
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
byJames Anderson
 
PPTX
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
byOK2OK
 
PPTX
seminar report on What is ransomware
byJawhar Ali
 
PDF
Ransomware and tips to prevent ransomware attacks
bydinCloud Inc.
 
PPTX
Industry reactions to wanna cry ransomware attacks
bykevinmass30
 
PPTX
Cybersecurity…real world solutions
byErnestStaats
 
PDF
Cisa ransomware guide
byanpapathanasiou
 
PPTX
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
byQuick Heal Technologies Ltd.
 
PPTX
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 
PDF
Web App Attacks - Stats & Remediation
byQualys
 
PPT
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PDF
Defending Servers - Cyber security webinar part 3
byF-Secure Corporation
 
PPTX
September 2012 Security Vulnerability Session
byKaseya
 
What is Ransomware? How You Can Protect Your System
byClickSSL
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
byQualys
 
Ransomware: A Perilous Malware
byHTS Hosting
 
AI for Ransomware Detection & Prevention Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
Ransomware Resiliency, Recoverability and Availability
byLai Yoong Seng
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
byMarketingArrowECS_CZ
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
byJames Anderson
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
byOK2OK
 
seminar report on What is ransomware
byJawhar Ali
 
Ransomware and tips to prevent ransomware attacks
bydinCloud Inc.
 
Industry reactions to wanna cry ransomware attacks
bykevinmass30
 
Cybersecurity…real world solutions
byErnestStaats
 
Cisa ransomware guide
byanpapathanasiou
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
byQuick Heal Technologies Ltd.
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 
Web App Attacks - Stats & Remediation
byQualys
 
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Defending Servers - Cyber security webinar part 3
byF-Secure Corporation
 
September 2012 Security Vulnerability Session
byKaseya
 

Viewers also liked

PDF
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
bySymantec
 
PDF
The New Threat on Campus: Ransomware Locks Down Education
byCode42
 
PDF
How to Help Your Customers Protect Themselves from Ransomware Attacks
bySolarwinds N-able
 
PDF
Understanding CryptoLocker (Ransomware) with a Case Study
bysecurityxploded
 
PPTX
Ransomware by lokesh
byLokesh Bysani
 
PPTX
Ransomware - Impact, Evolution, Prevention
byMohammad Yahya
 
PPTX
13 Ransomware Statistics That Will Make You Rethink Data Protection
byWorksighted
 
PDF
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
PPT
la computadora
bywachitamayra
 
PPTX
Inteligencia artificial mishelle
bymishelle22
 
DOCX
Efe
byFrnklhyn Panta
 
PPTX
Powerrrrrrrrrrrrr (1)
bymarinaemily962
 
PDF
buscadores de intenet hecho por miguel
byMiguel Alessandro
 
PPTX
Las tics
byxianacasas
 
PPTX
RSS
byConstanzavergaraquintero
 
PPTX
Steven gallego final
bysgallego21
 
PDF
SQL Pyme para empresas de alimentación
byDistrito K
 
DOCX
Redes locales basico
bySami0816
 
ODP
Herramientas digitales unidad ii diapositivas rss
bydiegoher16
 
PPTX
emprendimiento
byagv1d243j
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
bySymantec
 
The New Threat on Campus: Ransomware Locks Down Education
byCode42
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
bySolarwinds N-able
 
Understanding CryptoLocker (Ransomware) with a Case Study
bysecurityxploded
 
Ransomware by lokesh
byLokesh Bysani
 
Ransomware - Impact, Evolution, Prevention
byMohammad Yahya
 
13 Ransomware Statistics That Will Make You Rethink Data Protection
byWorksighted
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
la computadora
bywachitamayra
 
Inteligencia artificial mishelle
bymishelle22
 
Efe
byFrnklhyn Panta
 
Powerrrrrrrrrrrrr (1)
bymarinaemily962
 
buscadores de intenet hecho por miguel
byMiguel Alessandro
 
Las tics
byxianacasas
 
RSS
byConstanzavergaraquintero
 
Steven gallego final
bysgallego21
 
SQL Pyme para empresas de alimentación
byDistrito K
 
Redes locales basico
bySami0816
 
Herramientas digitales unidad ii diapositivas rss
bydiegoher16
 
emprendimiento
byagv1d243j
 

Similar to Protecting Against Ransomware

PPTX
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
byAdrian Sanabria
 
PDF
Bescherm jezelf tegen ransomware
bySophos Benelux
 
PDF
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
bySymantec
 
PDF
Symantec Endpoint Protection
bySymantec
 
PDF
Thinking of choosing Sophos?
bySymantec
 
PDF
Symantec Endpoint Protection Presentation Slide
byVLODI
 
PPTX
Technology Overview - Symantec Endpoint Protection (SEP)
byIftikhar Ali Iqbal
 
PDF
Thinking of choosing Trend Micro?
bySymantec
 
PPTX
SYMANTEC ENDPOINT PROTECTION Administration Introduction
byDsunte Wilson
 
PDF
OSB120 Beat Ransomware
byIvanti
 
PPTX
WannaCry: How to Protect Yourself
byCheck Point Software Technologies
 
PDF
How ransomware can hold your business hostage
byTom Mellish
 
PDF
5 Steps for Preventing Ransomware
byRapidSSLOnline.com
 
PPT
Redefining Endpoint Security
byBurak DAYIOGLU
 
PPTX
Hvordan stopper du CryptoLocker?
bySteinar Aandal-Vanger
 
PDF
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
bySymantec
 
PDF
Corporations - the new victims of targeted ransomware
byCyber Security Alliance
 
PPTX
The State of Endpoint Security Today
byJustine Shaffer
 
PPTX
Taking the battle to Ransomware with Sophos Intercept X
bySophos Benelux
 
PDF
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
byIBM Security
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
byAdrian Sanabria
 
Bescherm jezelf tegen ransomware
bySophos Benelux
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
bySymantec
 
Symantec Endpoint Protection
bySymantec
 
Thinking of choosing Sophos?
bySymantec
 
Symantec Endpoint Protection Presentation Slide
byVLODI
 
Technology Overview - Symantec Endpoint Protection (SEP)
byIftikhar Ali Iqbal
 
Thinking of choosing Trend Micro?
bySymantec
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
byDsunte Wilson
 
OSB120 Beat Ransomware
byIvanti
 
WannaCry: How to Protect Yourself
byCheck Point Software Technologies
 
How ransomware can hold your business hostage
byTom Mellish
 
5 Steps for Preventing Ransomware
byRapidSSLOnline.com
 
Redefining Endpoint Security
byBurak DAYIOGLU
 
Hvordan stopper du CryptoLocker?
bySteinar Aandal-Vanger
 
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
bySymantec
 
Corporations - the new victims of targeted ransomware
byCyber Security Alliance
 
The State of Endpoint Security Today
byJustine Shaffer
 
Taking the battle to Ransomware with Sophos Intercept X
bySophos Benelux
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
byIBM Security
 

More from Symantec

PDF
Symantec Enterprise Security Products are now part of Broadcom
bySymantec
 
PDF
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
bySymantec
 
PDF
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
bySymantec
 
PDF
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
bySymantec
 
PDF
Symantec Webinar | National Cyber Security Awareness Month - Own IT
bySymantec
 
PDF
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
bySymantec
 
PDF
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
bySymantec
 
PDF
Symantec Mobile Security Webinar
bySymantec
 
PDF
Symantec Webinar Cloud Security Threat Report
bySymantec
 
PDF
Symantec Cloud Security Threat Report
bySymantec
 
PDF
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
bySymantec
 
PDF
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
bySymantec
 
PDF
Symantec Webinar | Tips for Successful CASB Projects
bySymantec
 
PDF
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
bySymantec
 
PDF
Symantec Webinar: GDPR 1 Year On
bySymantec
 
PDF
Symantec ISTR 24 Webcast 2019
bySymantec
 
PDF
Symantec Best Practices for Cloud Security: Insights from the Front Lines
bySymantec
 
PDF
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
bySymantec
 
PDF
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
bySymantec
 
PDF
GDPR Breach Notification Demystifying What the Regulators Want
bySymantec
 
Symantec Enterprise Security Products are now part of Broadcom
bySymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
bySymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
bySymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
bySymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
bySymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
bySymantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
bySymantec
 
Symantec Mobile Security Webinar
bySymantec
 
Symantec Webinar Cloud Security Threat Report
bySymantec
 
Symantec Cloud Security Threat Report
bySymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
bySymantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
bySymantec
 
Symantec Webinar | Tips for Successful CASB Projects
bySymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
bySymantec
 
Symantec Webinar: GDPR 1 Year On
bySymantec
 
Symantec ISTR 24 Webcast 2019
bySymantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
bySymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
bySymantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
bySymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
bySymantec
 

Recently uploaded

PDF
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PPTX
Cyber security chapter 1 for learning and educating to the students who want ...
byGulMohammadi
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Cyber security chapter 1 for learning and educating to the students who want ...
byGulMohammadi
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 

Protecting Against Ransomware

  • 1.
    Part 2: Protectingagainst Ransomware Jonathan Korba Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
  • 2.
    5-Part Webinar Series:Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response May 18, 2017 https://www.symantec.com/about/webcasts
  • 3.
    Agenda 3 What is Ransomwareand what are the risks? How does Symantec Endpoint Protection 14 block Ransomware? Demos: SEP 14 in action
  • 4.
    Copyright © 2016Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Ransomware Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
  • 5.
    While end-users seeWord files as harmless they can hide macro-viruses 5 Copyright © 2016 Symantec Corporation
  • 6.
    6 Copyright © 2016Symantec Corporation
  • 7.
  • 8.
    8 Drive-by-Downloads Malicious Email InfectionVectors How is Ransomware getting in?
  • 9.
    Ransomware Attack Chain 1.Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption 9 Copyright © 2016 Symantec Corporation
  • 10.
    SEP 14 Protectionacross Ransomware Attack Kill Chain 1. Malware Delivery 2. Malware installed 3. Call C&C Server 4. Encryption Download Insight, AV: Machine Learning, Emulator IPS, Memory Exploit Mitigation IPS SONAR, Application Control 10 Copyright © 2016 Symantec Corporation
  • 11.
    Emulation Capabilities Fast andaccurate detection of hidden malware Copyright © 2016 Symantec Corporation 11 Packer Packer Executable No Emulation Emulation Emulation Environment Packed, not recognized Payload Recognized Emulation Environment Unpacking Executable Emulates file execution to cause threats to reveal themselves Lightweight solution runs in milliseconds with high efficacy Malware hides behind custom polymorphic packers Emulator ‘unpacks’ the malware in a virtual environment Executable
  • 12.
    Memory Exploit Mitigation Blockszero-day attacks by hardening the operation system 12 Signature-less and works regardless of the flaw/bug/vulnerability Preemptively blocks exploit techniques, foiling attempts of attackers to take over a machine Patch Released Patch Applied Vulnerability Discovered Vulnerability Disclosed ZONE OF EXPLOITATION WEEKS MONTHS “Memory Exploit Mitigation” 1. Java Exploit Protection 2. Heap Spray 3. SEHOP Copyright © 2016 Symantec Corporation
  • 13.
  • 14.
    Demo: IPS BlocksOutbound Communications from Ransomware Copyright © 2016 Symantec Corporation 14
  • 15.
    Demo: Application Control Blocks Ransomware the usesOffice Documents Copyright © 2016 Symantec Corporation 15
  • 16.
    Protection Against Ransomware •User Education • Email/Gateway Security • OS/App Patching • Maintain an endpoint security solution – File reputation analysis – Static file malware prevention with Machine Learning – Exploit prevention – Behavior-based prevention – Application Control • Limit end user access to mapped drives – make read only and password protect • Deploy and secure a comprehensive backup solution 16 Copyright © 2016 Symantec Corporation
  • 17.
  • 18.
    Thank you! Copyright ©2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Jonathan Korba Systems Engineer Symantec 18