SlideShare a Scribd company logo

Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals

Download as PPTX, PDF
ExtraHop Networks
ExtraHop Networks

Ransomware attacks doubled in 2015 and the trend is sure to continue. To meet this growing threat, enterprises must gain real-time visibility into anomalous behaviour. This session explains how organisations can detect and mitigate ransomware attacks using wire data.

Technology
1 of 19
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals Raja Mukerji Co-Founder and President, ExtraHop Networks
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals Raja Mukerji Co-Founder and President, ExtraHop Networks
Ransomware: Easy Money for Criminals 1. A user’s machine gets infected with malware Client Attacker Mail Server File Share Client ClientClient 2. The malware downloads an encryption program 3. Begins encrypting files on the client 4. Spreads to network shares that the client is connected to 5. Spreads infected document(s) to other users/systems 6. Ransom is paid using Bitcoin, which is extremely difficult to track
Ransomware: Fast and Easy for Criminals Ransomware Facts Ransomware now makes up about 60 percent of malware infections encountered by Malwarebytes anti-virus software The CryptoLocker strain of ransomware is responsible for $325 million in damages so far. Hollywood Presbyterian Medical Center paid a $17,000 ransom after shifting to paper processes for one week. The FBI has offered a $3 million reward for the arrest of Evgeniy Bogachev, believed to be linked to ransomware viruses. 0 100000 200000 300000 400000 Q4 2014 Q1 2015 Q2 2015 Q3 2015 Number of users attacked by Trajon-Ransom malware tracked by Kaspersky Lab
The Problem: An M&M Security Model
? Rogue Devices with Credentials
Ideal Solution Is Zero Trust
Traditional Firewall SDN routing Clients Servers Firewall
Agent-Based Firewall Clients Servers Agent-Based Firewall ?
Detect Ransomware Behavior on the Network Client Attacker Mail Server File Share SMTPHTTP CIFS CIFS Client ClientClient 1. Detect ransomware activity on the network by analysing all CIFS WRITE operations in real time 2. Trace the infection to identify all infected clients and systems 3. Investigate the incident to identify “patient zero,” the source of the malware, and the attack vector
Analyze Data in Flight to Understand Risk Most importantly … catch ransomware attacks live, in real time
East-West Traffic Growth Source: Cisco Global Cloud Index 0 2 4 6 8 10 Zetabytes Traffic within the Datacenter (East-West)
Wire Data Analytics at Scale
Wire Data = Risk Visibility CVE Detection Shellshock HTTP.sys Turla malware Heartbleed FREAK SSL/TLS POODLE Logjam Compliance SSH tunneling Non-standard ICMP Non-standard DNS Non-standard HTTP Disallowed file types Invalid file extension writes Blacklisted traffic Encryption Profile Certificate expiration Key length Outdated SSL sessions MD5/SHA-1 cert signing SSL traffic by port Email encryption Wild card certificates Protocol Activity Unencrypted FTP Telnet Gopher TACACS SNMP v1, v2, v2c Finger IRC Application & User Behavior Privileged user logins Unauthorized connections Lateral network traversal Brute force attacks Storage/DB access Fraudulent transactions Large data transfers Unstructured Packets Structured Wire Data
Architecture Matters Continuous Packet Capture Stream Processing How it works Write to disk first, then analyze Analyze first, then write to disk Performance limits Disk speed Bus throughput and RAM Lookback Data typically stored for days Data typically stored for months Packet capture Capture packets for all flows Capture packets for the flows you want Cost More, bigger appliances with more storage (Up to 200+ TB on 3U appliance) Fewer, smaller appliances with less storage (2.4 TB on 2U appliance) CPUDisk Wire CPU Disk Wire
Ransomware Detection Types • Type 1: Checks for known file extensions that are commonly associated with ransomware attacks • Type 2: Compares all file extensions against a “whitelist” to uncover potential attacks • Type 3: Looks for WRITE activity that exceeds a configurable threshold • Type 4: Advanced detection of instructional files typically associated with ransomware variants that are left behind during an attack
Rewind and Analyze (i.e. Forensics)
Questions? See an ExtraHop demo at booth #XXX

Recommended

Democratising Security: Update Your Policies or Update Your CV
Democratising Security: Update Your Policies or Update Your CVDemocratising Security: Update Your Policies or Update Your CV
Democratising Security: Update Your Policies or Update Your CVExtraHop Networks
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Networks
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Networks
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleExtraHop Networks
 
ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop Networks
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 

Recommended

Democratising Security: Update Your Policies or Update Your CV
Democratising Security: Update Your Policies or Update Your CVDemocratising Security: Update Your Policies or Update Your CV
Democratising Security: Update Your Policies or Update Your CVExtraHop Networks
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Networks
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Networks
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleExtraHop Networks
 
ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop Networks
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouHortonworks
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunk
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunk
 
PaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overviewPaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overviewCisco DevNet
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
A Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational IntelligenceA Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational IntelligenceStephen Collins
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administratorSyaiful Ahdan
 
SplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with SplunkSplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with SplunkSplunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-onSplunk
 
Level Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseLevel Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseSplunk
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012Splunk
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 

More Related Content

What's hot

Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouHortonworks
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunk
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunk
 
PaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overviewPaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overviewCisco DevNet
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterAlgoSec
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
A Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational IntelligenceA Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational IntelligenceStephen Collins
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administratorSyaiful Ahdan
 
SplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with SplunkSplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with SplunkSplunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-onSplunk
 
Level Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseLevel Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseSplunk
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012Splunk
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 

What's hot (20)

Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXP
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
 
PaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overviewPaNDA - a platform for Network Data Analytics: an overview
PaNDA - a platform for Network Data Analytics: an overview
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Simplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data CenterSimplifying Security Management in the Virtual Data Center
Simplifying Security Management in the Virtual Data Center
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
A Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational IntelligenceA Framework for Infrastructure Visibility, Analytics & Operational Intelligence
A Framework for Infrastructure Visibility, Analytics & Operational Intelligence
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administrator
 
SplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with SplunkSplunkLive! München 2016 - Getting started with Splunk
SplunkLive! München 2016 - Getting started with Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
 
Level Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseLevel Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk Enterprise
 
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
SplunkLive! Cincinnati - Hurricane Labs - Oct 2012
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 

Similar to Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals

Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Denise Bailey
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.pptSeniorGaming
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Meeting02_RoT.pptx
Meeting02_RoT.pptxMeeting02_RoT.pptx
Meeting02_RoT.pptxothmanomar13
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 

Similar to Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals (20)

Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
cyber crime
cyber crimecyber crime
cyber crime
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.ppt
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
 
Meeting02_RoT.pptx
Meeting02_RoT.pptxMeeting02_RoT.pptx
Meeting02_RoT.pptx
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 

More from ExtraHop Networks

Fast 360 assessment sample report
Fast 360 assessment sample reportFast 360 assessment sample report
Fast 360 assessment sample reportExtraHop Networks
 
Stream Analytics for Data in Motion
Stream Analytics for Data in MotionStream Analytics for Data in Motion
Stream Analytics for Data in MotionExtraHop Networks
 
How to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT OperationsHow to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT OperationsExtraHop Networks
 
Managed Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire DataManaged Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire DataExtraHop Networks
 
Conga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHopConga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHopExtraHop Networks
 
ExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheetExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheetExtraHop Networks
 
ExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheetExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheetExtraHop Networks
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015ExtraHop Networks
 
Web Application Troubleshooting Guide
Web Application Troubleshooting GuideWeb Application Troubleshooting Guide
Web Application Troubleshooting GuideExtraHop Networks
 
Hl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical InsightsHl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical InsightsExtraHop Networks
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...ExtraHop Networks
 
How to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data AnalyticsHow to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data AnalyticsExtraHop Networks
 

More from ExtraHop Networks (14)

Fast 360 assessment sample report
Fast 360 assessment sample reportFast 360 assessment sample report
Fast 360 assessment sample report
 
Stream Analytics for Data in Motion
Stream Analytics for Data in MotionStream Analytics for Data in Motion
Stream Analytics for Data in Motion
 
City of Geel Case Study
City of Geel Case StudyCity of Geel Case Study
City of Geel Case Study
 
Zonar Case Study
Zonar Case StudyZonar Case Study
Zonar Case Study
 
How to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT OperationsHow to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT Operations
 
Managed Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire DataManaged Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire Data
 
Conga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHopConga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHop
 
ExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheetExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheet
 
ExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheetExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheet
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015
 
Web Application Troubleshooting Guide
Web Application Troubleshooting GuideWeb Application Troubleshooting Guide
Web Application Troubleshooting Guide
 
Hl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical InsightsHl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical Insights
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
 
How to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data AnalyticsHow to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data Analytics
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals

  • 1. Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals Raja Mukerji Co-Founder and President, ExtraHop Networks
  • 2. Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals Raja Mukerji Co-Founder and President, ExtraHop Networks
  • 3. Ransomware: Easy Money for Criminals 1. A user’s machine gets infected with malware Client Attacker Mail Server File Share Client ClientClient 2. The malware downloads an encryption program 3. Begins encrypting files on the client 4. Spreads to network shares that the client is connected to 5. Spreads infected document(s) to other users/systems 6. Ransom is paid using Bitcoin, which is extremely difficult to track
  • 4. Ransomware: Fast and Easy for Criminals Ransomware Facts Ransomware now makes up about 60 percent of malware infections encountered by Malwarebytes anti-virus software The CryptoLocker strain of ransomware is responsible for $325 million in damages so far. Hollywood Presbyterian Medical Center paid a $17,000 ransom after shifting to paper processes for one week. The FBI has offered a $3 million reward for the arrest of Evgeniy Bogachev, believed to be linked to ransomware viruses. 0 100000 200000 300000 400000 Q4 2014 Q1 2015 Q2 2015 Q3 2015 Number of users attacked by Trajon-Ransom malware tracked by Kaspersky Lab
  • 5.
  • 6. The Problem: An M&M Security Model
  • 7. ? Rogue Devices with Credentials
  • 8. Ideal Solution Is Zero Trust
  • 11. Detect Ransomware Behavior on the Network Client Attacker Mail Server File Share SMTPHTTP CIFS CIFS Client ClientClient 1. Detect ransomware activity on the network by analysing all CIFS WRITE operations in real time 2. Trace the infection to identify all infected clients and systems 3. Investigate the incident to identify “patient zero,” the source of the malware, and the attack vector
  • 12. Analyze Data in Flight to Understand Risk Most importantly … catch ransomware attacks live, in real time
  • 13. East-West Traffic Growth Source: Cisco Global Cloud Index 0 2 4 6 8 10 Zetabytes Traffic within the Datacenter (East-West)
  • 15. Wire Data = Risk Visibility CVE Detection Shellshock HTTP.sys Turla malware Heartbleed FREAK SSL/TLS POODLE Logjam Compliance SSH tunneling Non-standard ICMP Non-standard DNS Non-standard HTTP Disallowed file types Invalid file extension writes Blacklisted traffic Encryption Profile Certificate expiration Key length Outdated SSL sessions MD5/SHA-1 cert signing SSL traffic by port Email encryption Wild card certificates Protocol Activity Unencrypted FTP Telnet Gopher TACACS SNMP v1, v2, v2c Finger IRC Application & User Behavior Privileged user logins Unauthorized connections Lateral network traversal Brute force attacks Storage/DB access Fraudulent transactions Large data transfers Unstructured Packets Structured Wire Data
  • 16. Architecture Matters Continuous Packet Capture Stream Processing How it works Write to disk first, then analyze Analyze first, then write to disk Performance limits Disk speed Bus throughput and RAM Lookback Data typically stored for days Data typically stored for months Packet capture Capture packets for all flows Capture packets for the flows you want Cost More, bigger appliances with more storage (Up to 200+ TB on 3U appliance) Fewer, smaller appliances with less storage (2.4 TB on 2U appliance) CPUDisk Wire CPU Disk Wire
  • 17. Ransomware Detection Types • Type 1: Checks for known file extensions that are commonly associated with ransomware attacks • Type 2: Compares all file extensions against a “whitelist” to uncover potential attacks • Type 3: Looks for WRITE activity that exceeds a configurable threshold • Type 4: Advanced detection of instructional files typically associated with ransomware variants that are left behind during an attack
  • 18. Rewind and Analyze (i.e. Forensics)
  • 19. Questions? See an ExtraHop demo at booth #XXX

Editor's Notes

  1. http://www.govtech.com/security/Ransomware-Infections-Are-Becoming-an-Epidemic.html https://securelist.com/files/2015/12/KSB_2015_Statistics_FINAL_EN.pdf 337,205 users affected in Q3 2015
  2. … but, Apple Watch