Zscaler, profile picture
Uploaded byZscaler
3,635 views

Stopping zero day threats

The document outlines the concept of zero-day threats, which are vulnerabilities not yet known to software vendors, and discusses the lifecycle of such vulnerabilities, including their discovery and the exploitation process used by attackers. It provides examples of notable zero-day vulnerabilities and emphasizes the rise of sophisticated attacks that leverage these weaknesses, highlighting the need for enhanced security measures and continuous monitoring. Additionally, the document reviews the current state of enterprise security defenses, exposing gaps and recommending advanced threat protection strategies to mitigate the risks associated with zero-day exploits.

Technology
Related topics:
Cloud Security Insights Internet Security
In this document
Powered by AI

Introduction to the presentation focusing on zero-day threats by Zscaler, Inc.

Defines zero-day threat as unknown security hole, highlighting attack codes without patches.

Explains the lifecycle from discovery, vendor notification, patch release to public awareness.

Outlines the stages of a cyber attack, emphasizing the role of zero-day and unpatched vulnerabilities.

Lists notable zero-day vulnerabilities across popular software like Acrobat and Internet Explorer.

Reports on the prolonged duration of data breaches in organizations, highlighting serious security issues.

Chronicles significant events during the OPM data breach investigation revealing its extensive impacts.

Details the scale of the OPM breach, affecting up to 18 million individuals and the type of data compromised.

Discusses the marketplace for zero-day vulnerabilities, highlighting the economic aspects across different markets.

Presents data on pricing of zero-day exploits, particularly from government agency perspectives.

Describes the 'Rain Forest Puppy' policy on disclosing zero-day vulnerabilities ethically by researchers.

Introduction to emerging trends and behaviors in advanced threats targeting organizations.

Highlights trends in data breaches, particularly in retail and healthcare, along with their implications.

Discusses the evolving nature of advanced threats that complicate enterprise security measures.

Detailing how attacks have grown in complexity, emphasizing tactics and technological measures used.

Reports on detection metrics illustrating the volume of advanced threats discovered in a single month.

Lists common behaviors of malware observed in sandboxes, indicating their malicious intent.

Highlights a case study on a Chinese APT group targeting various industries through sophisticated methods.

Describes the characteristics and methods of CryptoWall ransomware attacks and their operations.

General strategy discussion on effectively combating zero-day threats in cybersecurity.

Covers statistics indicating the inadequacy of current defenses against malware and data exfiltration.

Discusses the rise of SSL traffic and associated blind spots in security measures for organizations.

Critiques alert-based strategies, suggesting automatic blocking of threats instead of relying solely on alerts.

Reiterates kill chain elements and discusses methods to block malicious activities proactively.

Lists best practices for stopping advanced persistent threats during inbound and outbound traffic.

Outlines Zscaler's proactive measures to protect against threats and security breaches.

Describes detection strategies used by Zscaler to monitor and identify compromised devices.

Details Zscaler's remediation efforts aimed at minimizing the impact of security incidents.

Explains Zscaler's approach to sandboxing for effective behavior analysis of unknown files.

Summarizes key features of Zscaler's APT protection, including behavioral analysis and forensics.

Provides background information regarding Zscaler and its role in cybersecurity.

Highlights the complexity and costs associated with traditional security infrastructures.

Describes Zscaler's cloud security model ensuring comprehensive security with real-time visibility.

Summarizes features of the Zscaler cloud security platform, emphasizing integrated services.

Cites opinions from industry analysts regarding cloud security effectiveness.

Discusses the value Zscaler provides to stakeholders, focusing on various roles within an organization.

Stresses the importance of uniform security measures across diverse devices and locations.

Encouragement for attendees to engage in free security health assessments and live demos.

Wraps up the presentation with a thank you note to the audience.

Embed presentation

Stopping Zero Day Threats Zscaler, Inc.
Defining the “zero-day” (software) threat The term “zero-day” refers to the number of days that the software vendor has known about the hole - ZERO. A security hole in software that is not yet known to the software maker or to Information Security vendors NO PATCH – NO SIGNATURE Code that attackers use to take advantage of a zero-day vulnerability to compromise a system for their benefit DROP - CONTROL - DISABLE Zero-day vulnerability Zero-day exploit
Zero-Day Vulnerability Lifecycle Lifecycle of a zero-day vulnerability New vulnerability discovered “in the wild” Someone informs the vendor about the vulnerability You install patches and update signatures Public is aware of the riskPublic unaware of risk You are safe…You are vulnerable… Patch Gap Most Vulnerable Vendor releases security patches to the public, CVE posted
Kill chain analysis of an advanced threat 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system • Zero-day vulnerabilities • Unpatched vulnerabilities
Example of a zero-day vulnerability ‣ Acrobat Reader - CVE-2014-0512 : Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors ‣ Internet Explorer 9 through 11 Exploit - CVE-2016-0072 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,” ‣ Microsoft Server Service Vulnerability - allowed remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code ‣ Wordpress Cross-Site Scripting Vulnerability - allows attackers to execute arbitrary code or cause a denial of service (memory corruption) ‣ Operation Snowman Exploit - targets IE 10 with Adobe Flash, the vulnerability allows the attacker to modify one byte of memory at an arbitrary address ‣ Microsoft Office - CVE-2016-0052: allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability,"
Sophisticated breaches can go undetected for a long time Data breaches tend to continue for months and even years 18 Days 106 Days 180 Days 246 Days 266 Days
US Office of Personnel Management (OPM) Data Breach - Timeline 2014 2015Jul Aug Sep Oct Nov Dec Jan Initial OPM breach OPM investigates a breach of its computer networks dating back to July 2014. Authorities trace the intrusion to China. Inspector General Report A report by OPM’s Office of the Inspector General on the agency’s compliance with Federal Information Security Management Act finds “significant” deficiencies in the department’s IT security. KeyPoint Initial Detection Feb Mar Apr May Jun KeyPoint, a company that took over background checks for USIS, suffers breach. OPM states that there is “no conclusive evidence to confirm sensitive information was removed from the system.” OPM became aware of an intrusion affecting its systems and data in April 2015 and launched an investigation with its agency partners, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Subsequent Detection OPM became aware of the potential compromise of data related to personnel records for current and former Federal employees Public Disclosure
US OPM Sensitive Personal Information (SPI) Data Breach ‣ Who was affected? • “Current, former, and prospective Federal government employees, and those for whom a Federal background investigation was conducted” • Original est. – 4.2M records, adjusted to 18M ‣ What was stolen? • “Name, SSN, date and place of birth and current and former addresses... could include the type of information you would typically find in a personnel file, such as job assignme nts, training records ‣ Head scratcher • "If there is anyone to blame, it is the perpetrators," OPM Director Katherine Archuleta told members of a Senate panel
Black market White market Gray market Zero-day vulnerabilities = $$$ in the marketplaces • Cybercrime Organizations • Buy and sell exploit code • Goal: break into systems, steal data • Vendor bug bounty programs • Buy and sell vulnerability info • Goal: fix security holes • Military and intelligence agencies • Buy zero-day exploits and vulnerability info • Goal: surveillance and offensive ops
The market for zero-day exploits Forbes: Price List for Zero-Day Exploits – Government Agencies Gray market Black market White market
Zero Day Disclosure - “Rain Forest Puppy” policy • Ethical hackers and researchers often follow the policy and give the vendor five working days to respond • The reporter should help the vendor reproduce the bug • The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for doing so • When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug • If the vendor fails to contact the reporter in those five days, the recommendation is to disclose
Advanced threat trends and behavior
Data Breach Trends • Data breaches are on the rise • 2014-15 saw a significant jump of breaches in the retail and healthcare sectors • Breach disclosure laws have contributed to greater exposure in the mainstream press • There were more identity breach victims, but less money was directly stolen Source: http://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
SecurityAttackersEnterprises Attacks 2006 2016 Why are Advanced Threats so hard to stop? Enterprise security has failed to keep pace with the evolving threat landscape Sedentary Workforce  PCs and laptops  Corporate network  VPN connectivity required for remote employees  Corp. owned devices Dynamic Workforce  Smartphones and tablets  Working from free wifi networks and 3G/4G connections  BYOD Rogue Individuals  Motivated by the challenge  No financial gain Organized Criminals  Well funded  Highly skilled  Criminal organizations  Financial/political gain Loud and Noisy  Server side vulnerabilities  Attacks were obvious and a brief duration  Damage could be costly but easy to clean up Quiet and stealthy  Exploiting client-side vulns and social engineering  Leveraging end users as a catalyst  Goal - data exfiltration • URL filtering • Anti-virus • URL filtering • Anti-virus
Attacks are deeper and more sophisticated than ever before Loading Stage Spam & phishing e-mail Social Networking sites SEO poisoning Compromised websites Malvertising on legitimate sites Landing Stage Identification of client side technologies O/S, browser and plugins versions installed Determine effectiveness of payloads Often requires no user intervention Malware Payload Delivery Anti-VM and Anti-Analysis features Detection of known antivirus drivers Multiple levels of highly obfuscated JavaScript code Dynamic construction of exploit payload URLs only when a vulnerability is found Short lived exploit payload URLs often restricted to one visit per IP address Obfuscated and repackaged exploit/malware payloads
17,412 new advanced threats detected by Zscaler behavioral analysis in just 30 days (Jan 2016) Over 750 billion transactions in one month • 2 billion+ threats blocked • 1,199,188 suspicious objects extracted from traffic and sent to sandboxes • 17,412 new advanced threats detected and blocked for all cloud users simultaneously
Not playing nice in the sandbox 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 50000 Executes massive amount of sleeps in a loop Dropped PE files which have not been started or loaded Contains long sleeps Uploads sensitive system information Checks for kernel debuggers Reads the hosts file Enables driver privileges Queries the volume information Checks free space Looks for software installed Contains strings which match to known bank URLs Requests potentially dangerous permissions Uses a known web browser user agent for HTTP communication Creates mutexes Executes native commands Tries to load missing DLLs Kills processes Tries to detect sandboxes and other dynamic analysis tools Top Malware Behaviors Monitored in Sandbox
Case Study: Chinese APT Group Emissary Panda Chinese APT group “Emissary Panda”, known for stealing Intellectual Property data from target companies Attacks seen on Zscaler Cloud • Investigation started with ABA block on content from a compromised Government site (watering hole) • Attack Chain shows use of Hacking Team’s leaked 0- day exploits • Installs a SSL based Remote Access Trojan (RAT) upon success Multiple Industries Targeted • Energy & Construction • Financial Services Firm • Pharmaceutical More at – research.zscaler.com (Aug ‘15) 210.209.89.162 /rs/ie.html 210.209.89.162 /rs/swfobject.js 210.209.89.162 /rs/out.swf 210.209.89.162 /rs/svchost.exe reis.railnet.gov.in/ APT attack infrastructure Compromised site
Case Study: CryptoWall • Version 3.0 first observed June 2015, version 4.0 Nov 2015 • Binary digitally signed (MDG Advertising) • Uses strong encryption to encrypt all files on HDD, attached devices and network shares • Imagine a domain admin getting infected… • CryptoWall features: • Asymmetric (public-key) encryption to encrypt user documents, making recovery infeasible • Ransom starts at U$500 and increases over time • One file will be decrypted for free… • Ransom collected in bitcoins or as pre-paid cash vouchers / cards • Usage of anonymizing networks like Tor & i2p • New versions even have chat-based support!
Stopping Zero Day Threats
How good are my defenses? Current security controls are not working 93% of organizations had infected computers communicating with C&C servers of malware coming in the network was unknown to antivirus vendors52% 79% of organizations were experiencing data exfiltration Source: KPMG enterprise security, August 2014
Think encryption is going to keep you safe? ‣ SSL traffic is becoming pervasive, but most organizations are blind to it • 40% percent of Internet traffic is now encrypted with SSL, growing to more than 50% in 2016 ‣ The most sophisticated threats are using SSL • 16% of all traffic blocked uses SSL • 54% of advanced threats use SSL ‣ If your policies do not include SSL inspection, all your security tools are half-blind SSL traffic on enterprise networks is growing rapidly & creating security blind spots
Strategies based on alerting are doomed to failure ‣ Alerting allows infections to happen – with no guarantee you’ll notice them ‣ Alerting based strategies lead to SOC overload – which of the 1,000 alerts do you pay attention to? ‣ All threats and violations must be automatically blocked Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It Alert Fatigue
Kill chain analysis of an advanced threat Malicious websites can be blocked – “sometimes” Identify and block outbound data exfiltration Behavioral Analysis can detect malicious behavior By definition, can’t identify zero-day vulnerability Identify and block outbound CnC communications 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system
Best practices for stopping APTs in Internet traffic Defense in depth Inline Antivirus & Anti-spyware Deep Content Inspection Browser and Plugin Vulnerabilities Page-Level Risk Analysis Block Malicious URLs and Files Sandboxing Botnet calls, malicious URLs, data exfiltration, SSL, etc. OUTBOUND TRAFFICINBOUND TRAFFIC Viruses, APTs, Adware, Spyware, Malicious Javascript, Exploits, Malformed Files, XSS, etc Known Threats Unknown ThreatsZero-day threats
Zscaler Advanced Threat Protection Protect – stop infections from happening ‣ Always in-line – can always block ‣ Multiple layers of security with automated in- line SSL inspection ‣ Behavioral analysis for zero day files ‣ File quarantine - first global victim is protected ‣ Instant cloud-wide blocking of new threats ‣ Lock down all ports & protocols with built-in NG firewall
Zscaler Advanced Threat Protection Detect – identify compromised devices ‣ Monitor infection trends ‣ Isolate infected machines ‣ Identify types of attacks ‣ Track users with risky behavior ‣ Show value of the solution to the CxO
Zscaler Advanced Threat Protection Remediate – minimize impact and heal ‣ Stop data exfiltration attempts, including over SSL ‣ Lock down unauthorized ports and protocols ‣ Block botnet CnC communications ‣ Complete visibility, even to cloud applications ‣ Easy to use, detailed forensics ‣ Correlation across users /devices / locations
How Zscaler sandboxing works Block or Allow “known” files: • Malware identified by AV, threat database, or static analysis • Benign files identified by whitelist or file type Unknown files go through Behavioral Analysis : • “Detonate” in a virtual sandbox • Capture and analyze behavior • Identify malware vs benign • Update threat database • Automatically block malware • Automatically pass benign files
Zscaler APT Protection Key Highlights: Behavioral Analysis Report Quarantine – ensures no one gets infected with zero day attack Forensics analysis with key features to make remediation easy: • Screen captures during malware execution • Packet captures for detailed analysis • Detection evading techniques used • Memory and process analysis • Networking level activity
About Zscaler
Backhaul traffic through the data center Slow, complex, & expensive Mobile HQ Remote Offices Too many gateways to buy, deploy & manage Build a perimeter around every office HQ Remote Offices Security appliances: two challenging choices
Exploits APTMalware Public Cloud SaaS Private Cloud Botnets Real-time global visibility (threats, apps, users) Single policy definition point (context) Mobile Employee HQ Remote Offices Full inline inspection (SSL) All ports, all protocols Off Network PAC / Mobile Agent On Network GRE/IPSEC Traffic forwarding Two use cases: Zscaler: putting a perimeter around the Internet So you don’t need to put a perimeter around every office and every device
Web security Advanced threat protection Cloud app visibility & control Cloud Firewall Bandwidth Controls Data loss prevention Context-aware policies Global real-time analytics SSL inspection Threat Correlation Multi-tenant distributed carrier-grade cloud (Peering relationships) Zscaler cloud security platform Cloud Sandbox Purpose-built, integrated services consolidate and simplify the appliance mess
Industry analysts agree… “…on-premises web content security can’t protect digital business…” “…largest global cloud footprint with more than 100 enforcement nodes…”
Zscaler delivers value to all stakeholders CISO: BETTER SECURITY Scan and score every byte (SSL) Always up-to-date Correlation of threat prevention techniques Consistent policies globally Full audit controls- every user, device, & app in all locations CIO/CTO: SIMPLIFICATION No patch management or EOS issues No shipping, staging, updating Checkbox to enable new features No maintenance windows Elastic scale CFO: FASTER ROI Minimize CAPEX investment – no boxes to purchase Reduce OPEX – no boxes to maintain END USER: IMPROVED EXPERIENCE Faster response times Localized Internet content Single admin console Real-time global reports Performance SLA
Consider Three Users… • We must seek security solutions that ensure consistent policy, protection and visibility, regardless of device or location. • Cloud provides the opportunity to level the playing field. Office Coffee Shop Airport Device PC / Laptop Laptop Tablet/ smartphone Protection IDS, IPS, FW, SWG, DLP, etc. Host based AV and firewall Nothing Visibility Location based reporting Nothing Nothing
Next Steps 37 Free Security Health Check Risk free evaluation of your security infrastructure Go to: http://www.zscaler.com/securitypreview Live Product Demos Register here: https://www.zscaler.com/productdemos
Thank you!

More Related Content

PDF
Sigma and YARA Rules
byLionel Faleiro
 
PPTX
Proactive Approach to OT incident response - HOUSECCON 2023
byChris Sistrunk
 
PDF
100+ Cyber Security Interview Questions and Answers in 2022
byTemok IT Services
 
PDF
Threat Hunting, Detection, and Incident Response in the Cloud
byBen Johnson
 
PDF
Global Cyber Security Or Critical Risk Dashboard
bySlideTeam
 
PPTX
CyberSecurity Portfolio Management
byPriyanka Aash
 
PPTX
The Diamond Model for Intrusion Analysis - Threat Intelligence
byThreatConnect
 
PDF
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 
Sigma and YARA Rules
byLionel Faleiro
 
Proactive Approach to OT incident response - HOUSECCON 2023
byChris Sistrunk
 
100+ Cyber Security Interview Questions and Answers in 2022
byTemok IT Services
 
Threat Hunting, Detection, and Incident Response in the Cloud
byBen Johnson
 
Global Cyber Security Or Critical Risk Dashboard
bySlideTeam
 
CyberSecurity Portfolio Management
byPriyanka Aash
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
byThreatConnect
 
The Measure of Success: Security Metrics to Tell Your Story
byPriyanka Aash
 

What's hot

PPSX
Security Awareness Training
byWilliam Mann
 
PPTX
Cybersecurity
byEng Hasan Shamroukh CISCO Exams Author
 
PPTX
Cyber Kill Chain.pptx
byVivek Chauhan
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
ODP
Cyber security awareness
byJason Murray
 
PDF
Cyber Security Maturity Assessment
byDoreen Loeber
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PPT
Building An Information Security Awareness Program
byBill Gardner
 
PDF
Cyber security training
byWilmington University
 
PDF
Threat Hunting
bySplunk
 
PPTX
Cloud Security Architecture.pptx
byMoshe Ferber
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPTX
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
PDF
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
PPTX
Cloud with Cyber Security
byNiki Upadhyay
 
PDF
Data Loss Threats and Mitigations
byApril Mardock CISSP
 
PPTX
Patch Management Best Practices
byIvanti
 
PPT
OWASP Top 10 And Insecure Software Root Causes
byMarco Morana
 
PPSX
Web security
bykareem zock
 
PPT
Software Security Engineering
byMarco Morana
 
Security Awareness Training
byWilliam Mann
 
Cybersecurity
byEng Hasan Shamroukh CISCO Exams Author
 
Cyber Kill Chain.pptx
byVivek Chauhan
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Cyber security awareness
byJason Murray
 
Cyber Security Maturity Assessment
byDoreen Loeber
 
Introduction to penetration testing
byNezar Alazzabi
 
Building An Information Security Awareness Program
byBill Gardner
 
Cyber security training
byWilmington University
 
Threat Hunting
bySplunk
 
Cloud Security Architecture.pptx
byMoshe Ferber
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
Cloud with Cyber Security
byNiki Upadhyay
 
Data Loss Threats and Mitigations
byApril Mardock CISSP
 
Patch Management Best Practices
byIvanti
 
OWASP Top 10 And Insecure Software Root Causes
byMarco Morana
 
Web security
bykareem zock
 
Software Security Engineering
byMarco Morana
 

Viewers also liked

PPT
DDoS Attacks
byJignesh Patel
 
PPTX
Ddos attacks
bycommunication-eg
 
PPT
spyware
byAkhil Kumar
 
PPT
Spyware Adware1
byrubal_9
 
PPT
DDoS Attacks and Countermeasures
bythaidn
 
PPTX
What is a 0 day exploit?
byGuinsly Mondesir
 
PPT
Ransomware webinar may 2016 final version external
byZscaler
 
PPTX
Introduction to the municipal freedom of information and protection of privac...
byGuinsly Mondesir
 
DDoS Attacks
byJignesh Patel
 
Ddos attacks
bycommunication-eg
 
spyware
byAkhil Kumar
 
Spyware Adware1
byrubal_9
 
DDoS Attacks and Countermeasures
bythaidn
 
What is a 0 day exploit?
byGuinsly Mondesir
 
Ransomware webinar may 2016 final version external
byZscaler
 
Introduction to the municipal freedom of information and protection of privac...
byGuinsly Mondesir
 

Similar to Stopping zero day threats

PPTX
Cyber-Espionage: Understanding the Advanced Threat Landscape
byAaron White
 
PPTX
Analyzing Cyber-Attacks: Case Studies of Five Organizations
byBoston Institute of Analytics
 
PPTX
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
PPTX
Cyber security # Lec 1
byKabul Education University
 
PPTX
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
PDF
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
byDevOps.com
 
PPTX
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
byTamaOlan1
 
PPTX
COMPUTER APPLICATIONS Module 4.pptx
byArti Parab Academics
 
PPTX
PowerPoint on advanced network threats.pptx
byAngieloBecenia1
 
PDF
Zero Day Vulnerabilities: A threat to security.
bychrish87
 
PPT
Out of the Blue: Responding to New Zero-Day Threats
byPeter Wood
 
PDF
Axxera End Point Security Protection
byShawn Crimson
 
PDF
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
byBriskinfosec Technology and Consulting
 
PDF
Issa jason dablow
byISSA LA
 
PDF
The State of Data Security
byRazor Technology
 
PPT
V
byTino Cionni
 
PDF
Thy myth of hacking Oracle
byErmando
 
PDF
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
byHappiest Minds Technologies
 
PDF
wp-follow-the-data
byNumaan Huq
 
PDF
wp-analyzing-breaches-by-industry
byNumaan Huq
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
byAaron White
 
Analyzing Cyber-Attacks: Case Studies of Five Organizations
byBoston Institute of Analytics
 
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
Cyber security # Lec 1
byKabul Education University
 
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
byDevOps.com
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
byTamaOlan1
 
COMPUTER APPLICATIONS Module 4.pptx
byArti Parab Academics
 
PowerPoint on advanced network threats.pptx
byAngieloBecenia1
 
Zero Day Vulnerabilities: A threat to security.
bychrish87
 
Out of the Blue: Responding to New Zero-Day Threats
byPeter Wood
 
Axxera End Point Security Protection
byShawn Crimson
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
byBriskinfosec Technology and Consulting
 
Issa jason dablow
byISSA LA
 
The State of Data Security
byRazor Technology
 
V
byTino Cionni
 
Thy myth of hacking Oracle
byErmando
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
byHappiest Minds Technologies
 
wp-follow-the-data
byNumaan Huq
 
wp-analyzing-breaches-by-industry
byNumaan Huq
 

More from Zscaler

PPTX
SD-WAN plus cloud security
byZscaler
 
PPTX
Migration to microsoft_azure_with_zscaler
byZscaler
 
PPTX
Dissecting ssl threats
byZscaler
 
PPTX
Three ways-zero-trust-security-redefines-partner-access-ch
byZscaler
 
PPTX
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
PDF
Three Key Steps for Moving Your Branches to the Cloud
byZscaler
 
PPTX
Ma story then_now_webcast_10_17_18
byZscaler
 
PPTX
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
PPTX
Zscaler mondi webinar
byZscaler
 
PPTX
Top 5 predictions webinar
byZscaler
 
PPTX
Schneider electric powers security transformation with one simple app copy
byZscaler
 
PPTX
Three ways-zero-trust-security-redefines-partner-access-v8
byZscaler
 
PPTX
Get an office 365 expereience your users will love v8.1
byZscaler
 
PPTX
Office 365 deployment
byZscaler
 
PDF
Top 5 mistakes deploying o365
byZscaler
 
PPTX
Moving from appliances to cloud security with phoenix children's hospital
byZscaler
 
PPTX
How sdp delivers_zero_trust
byZscaler
 
PPTX
O365 quick with fast user experience
byZscaler
 
PPTX
Office 365 kelly services
byZscaler
 
PDF
Zenith Live - Security Lab - Phantom
byZscaler
 
SD-WAN plus cloud security
byZscaler
 
Migration to microsoft_azure_with_zscaler
byZscaler
 
Dissecting ssl threats
byZscaler
 
Three ways-zero-trust-security-redefines-partner-access-ch
byZscaler
 
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
Three Key Steps for Moving Your Branches to the Cloud
byZscaler
 
Ma story then_now_webcast_10_17_18
byZscaler
 
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
Zscaler mondi webinar
byZscaler
 
Top 5 predictions webinar
byZscaler
 
Schneider electric powers security transformation with one simple app copy
byZscaler
 
Three ways-zero-trust-security-redefines-partner-access-v8
byZscaler
 
Get an office 365 expereience your users will love v8.1
byZscaler
 
Office 365 deployment
byZscaler
 
Top 5 mistakes deploying o365
byZscaler
 
Moving from appliances to cloud security with phoenix children's hospital
byZscaler
 
How sdp delivers_zero_trust
byZscaler
 
O365 quick with fast user experience
byZscaler
 
Office 365 kelly services
byZscaler
 
Zenith Live - Security Lab - Phantom
byZscaler
 

Recently uploaded

PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 

Stopping zero day threats

  • 1.
    Stopping Zero DayThreats Zscaler, Inc.
  • 2.
    Defining the “zero-day”(software) threat The term “zero-day” refers to the number of days that the software vendor has known about the hole - ZERO. A security hole in software that is not yet known to the software maker or to Information Security vendors NO PATCH – NO SIGNATURE Code that attackers use to take advantage of a zero-day vulnerability to compromise a system for their benefit DROP - CONTROL - DISABLE Zero-day vulnerability Zero-day exploit
  • 3.
    Zero-Day Vulnerability Lifecycle Lifecycleof a zero-day vulnerability New vulnerability discovered “in the wild” Someone informs the vendor about the vulnerability You install patches and update signatures Public is aware of the riskPublic unaware of risk You are safe…You are vulnerable… Patch Gap Most Vulnerable Vendor releases security patches to the public, CVE posted
  • 4.
    Kill chain analysisof an advanced threat 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system • Zero-day vulnerabilities • Unpatched vulnerabilities
  • 5.
    Example of azero-day vulnerability ‣ Acrobat Reader - CVE-2014-0512 : Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors ‣ Internet Explorer 9 through 11 Exploit - CVE-2016-0072 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,” ‣ Microsoft Server Service Vulnerability - allowed remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code ‣ Wordpress Cross-Site Scripting Vulnerability - allows attackers to execute arbitrary code or cause a denial of service (memory corruption) ‣ Operation Snowman Exploit - targets IE 10 with Adobe Flash, the vulnerability allows the attacker to modify one byte of memory at an arbitrary address ‣ Microsoft Office - CVE-2016-0052: allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability,"
  • 6.
    Sophisticated breaches cango undetected for a long time Data breaches tend to continue for months and even years 18 Days 106 Days 180 Days 246 Days 266 Days
  • 7.
    US Office ofPersonnel Management (OPM) Data Breach - Timeline 2014 2015Jul Aug Sep Oct Nov Dec Jan Initial OPM breach OPM investigates a breach of its computer networks dating back to July 2014. Authorities trace the intrusion to China. Inspector General Report A report by OPM’s Office of the Inspector General on the agency’s compliance with Federal Information Security Management Act finds “significant” deficiencies in the department’s IT security. KeyPoint Initial Detection Feb Mar Apr May Jun KeyPoint, a company that took over background checks for USIS, suffers breach. OPM states that there is “no conclusive evidence to confirm sensitive information was removed from the system.” OPM became aware of an intrusion affecting its systems and data in April 2015 and launched an investigation with its agency partners, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Subsequent Detection OPM became aware of the potential compromise of data related to personnel records for current and former Federal employees Public Disclosure
  • 8.
    US OPM SensitivePersonal Information (SPI) Data Breach ‣ Who was affected? • “Current, former, and prospective Federal government employees, and those for whom a Federal background investigation was conducted” • Original est. – 4.2M records, adjusted to 18M ‣ What was stolen? • “Name, SSN, date and place of birth and current and former addresses... could include the type of information you would typically find in a personnel file, such as job assignme nts, training records ‣ Head scratcher • "If there is anyone to blame, it is the perpetrators," OPM Director Katherine Archuleta told members of a Senate panel
  • 9.
    Black market White market Gray market Zero-day vulnerabilities =$$$ in the marketplaces • Cybercrime Organizations • Buy and sell exploit code • Goal: break into systems, steal data • Vendor bug bounty programs • Buy and sell vulnerability info • Goal: fix security holes • Military and intelligence agencies • Buy zero-day exploits and vulnerability info • Goal: surveillance and offensive ops
  • 10.
    The market forzero-day exploits Forbes: Price List for Zero-Day Exploits – Government Agencies Gray market Black market White market
  • 11.
    Zero Day Disclosure- “Rain Forest Puppy” policy • Ethical hackers and researchers often follow the policy and give the vendor five working days to respond • The reporter should help the vendor reproduce the bug • The reporter should delay notifying the general community about the bug if the vendor provides feasible reasons for doing so • When issuing an alert or fix, the vendor should give the reporter proper credits about reporting the bug • If the vendor fails to contact the reporter in those five days, the recommendation is to disclose
  • 12.
  • 13.
    Data Breach Trends •Data breaches are on the rise • 2014-15 saw a significant jump of breaches in the retail and healthcare sectors • Breach disclosure laws have contributed to greater exposure in the mainstream press • There were more identity breach victims, but less money was directly stolen Source: http://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
  • 14.
    SecurityAttackersEnterprises Attacks 2006 2016 Why areAdvanced Threats so hard to stop? Enterprise security has failed to keep pace with the evolving threat landscape Sedentary Workforce  PCs and laptops  Corporate network  VPN connectivity required for remote employees  Corp. owned devices Dynamic Workforce  Smartphones and tablets  Working from free wifi networks and 3G/4G connections  BYOD Rogue Individuals  Motivated by the challenge  No financial gain Organized Criminals  Well funded  Highly skilled  Criminal organizations  Financial/political gain Loud and Noisy  Server side vulnerabilities  Attacks were obvious and a brief duration  Damage could be costly but easy to clean up Quiet and stealthy  Exploiting client-side vulns and social engineering  Leveraging end users as a catalyst  Goal - data exfiltration • URL filtering • Anti-virus • URL filtering • Anti-virus
  • 15.
    Attacks are deeperand more sophisticated than ever before Loading Stage Spam & phishing e-mail Social Networking sites SEO poisoning Compromised websites Malvertising on legitimate sites Landing Stage Identification of client side technologies O/S, browser and plugins versions installed Determine effectiveness of payloads Often requires no user intervention Malware Payload Delivery Anti-VM and Anti-Analysis features Detection of known antivirus drivers Multiple levels of highly obfuscated JavaScript code Dynamic construction of exploit payload URLs only when a vulnerability is found Short lived exploit payload URLs often restricted to one visit per IP address Obfuscated and repackaged exploit/malware payloads
  • 16.
    17,412 new advancedthreats detected by Zscaler behavioral analysis in just 30 days (Jan 2016) Over 750 billion transactions in one month • 2 billion+ threats blocked • 1,199,188 suspicious objects extracted from traffic and sent to sandboxes • 17,412 new advanced threats detected and blocked for all cloud users simultaneously
  • 17.
    Not playing nicein the sandbox 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 50000 Executes massive amount of sleeps in a loop Dropped PE files which have not been started or loaded Contains long sleeps Uploads sensitive system information Checks for kernel debuggers Reads the hosts file Enables driver privileges Queries the volume information Checks free space Looks for software installed Contains strings which match to known bank URLs Requests potentially dangerous permissions Uses a known web browser user agent for HTTP communication Creates mutexes Executes native commands Tries to load missing DLLs Kills processes Tries to detect sandboxes and other dynamic analysis tools Top Malware Behaviors Monitored in Sandbox
  • 18.
    Case Study: ChineseAPT Group Emissary Panda Chinese APT group “Emissary Panda”, known for stealing Intellectual Property data from target companies Attacks seen on Zscaler Cloud • Investigation started with ABA block on content from a compromised Government site (watering hole) • Attack Chain shows use of Hacking Team’s leaked 0- day exploits • Installs a SSL based Remote Access Trojan (RAT) upon success Multiple Industries Targeted • Energy & Construction • Financial Services Firm • Pharmaceutical More at – research.zscaler.com (Aug ‘15) 210.209.89.162 /rs/ie.html 210.209.89.162 /rs/swfobject.js 210.209.89.162 /rs/out.swf 210.209.89.162 /rs/svchost.exe reis.railnet.gov.in/ APT attack infrastructure Compromised site
  • 19.
    Case Study: CryptoWall •Version 3.0 first observed June 2015, version 4.0 Nov 2015 • Binary digitally signed (MDG Advertising) • Uses strong encryption to encrypt all files on HDD, attached devices and network shares • Imagine a domain admin getting infected… • CryptoWall features: • Asymmetric (public-key) encryption to encrypt user documents, making recovery infeasible • Ransom starts at U$500 and increases over time • One file will be decrypted for free… • Ransom collected in bitcoins or as pre-paid cash vouchers / cards • Usage of anonymizing networks like Tor & i2p • New versions even have chat-based support!
  • 20.
  • 21.
    How good aremy defenses? Current security controls are not working 93% of organizations had infected computers communicating with C&C servers of malware coming in the network was unknown to antivirus vendors52% 79% of organizations were experiencing data exfiltration Source: KPMG enterprise security, August 2014
  • 22.
    Think encryption isgoing to keep you safe? ‣ SSL traffic is becoming pervasive, but most organizations are blind to it • 40% percent of Internet traffic is now encrypted with SSL, growing to more than 50% in 2016 ‣ The most sophisticated threats are using SSL • 16% of all traffic blocked uses SSL • 54% of advanced threats use SSL ‣ If your policies do not include SSL inspection, all your security tools are half-blind SSL traffic on enterprise networks is growing rapidly & creating security blind spots
  • 23.
    Strategies based onalerting are doomed to failure ‣ Alerting allows infections to happen – with no guarantee you’ll notice them ‣ Alerting based strategies lead to SOC overload – which of the 1,000 alerts do you pay attention to? ‣ All threats and violations must be automatically blocked Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It Alert Fatigue
  • 24.
    Kill chain analysisof an advanced threat Malicious websites can be blocked – “sometimes” Identify and block outbound data exfiltration Behavioral Analysis can detect malicious behavior By definition, can’t identify zero-day vulnerability Identify and block outbound CnC communications 1 Reconnaissance Harvesting email and IP addresses, Surveying defenses 2 Weaponization Coupling exploit with attack Infrastructure - deliverable payload 3 Delivery Delivering weaponized bundle to the victim via email, web – drive-by-download 5 Installation Installing malware on the asset 6 Command & Control (C2) Command channel for remote manipulation of victim’s system or additional malware downloads 7 Action on Objectives Lateral movement, data exfiltration, disruption, etc. 4 Exploitation Exploiting a vulnerability to execute code on victim’s system
  • 25.
    Best practices forstopping APTs in Internet traffic Defense in depth Inline Antivirus & Anti-spyware Deep Content Inspection Browser and Plugin Vulnerabilities Page-Level Risk Analysis Block Malicious URLs and Files Sandboxing Botnet calls, malicious URLs, data exfiltration, SSL, etc. OUTBOUND TRAFFICINBOUND TRAFFIC Viruses, APTs, Adware, Spyware, Malicious Javascript, Exploits, Malformed Files, XSS, etc Known Threats Unknown ThreatsZero-day threats
  • 26.
    Zscaler Advanced ThreatProtection Protect – stop infections from happening ‣ Always in-line – can always block ‣ Multiple layers of security with automated in- line SSL inspection ‣ Behavioral analysis for zero day files ‣ File quarantine - first global victim is protected ‣ Instant cloud-wide blocking of new threats ‣ Lock down all ports & protocols with built-in NG firewall
  • 27.
    Zscaler Advanced ThreatProtection Detect – identify compromised devices ‣ Monitor infection trends ‣ Isolate infected machines ‣ Identify types of attacks ‣ Track users with risky behavior ‣ Show value of the solution to the CxO
  • 28.
    Zscaler Advanced ThreatProtection Remediate – minimize impact and heal ‣ Stop data exfiltration attempts, including over SSL ‣ Lock down unauthorized ports and protocols ‣ Block botnet CnC communications ‣ Complete visibility, even to cloud applications ‣ Easy to use, detailed forensics ‣ Correlation across users /devices / locations
  • 29.
    How Zscaler sandboxingworks Block or Allow “known” files: • Malware identified by AV, threat database, or static analysis • Benign files identified by whitelist or file type Unknown files go through Behavioral Analysis : • “Detonate” in a virtual sandbox • Capture and analyze behavior • Identify malware vs benign • Update threat database • Automatically block malware • Automatically pass benign files
  • 30.
    Zscaler APT ProtectionKey Highlights: Behavioral Analysis Report Quarantine – ensures no one gets infected with zero day attack Forensics analysis with key features to make remediation easy: • Screen captures during malware execution • Packet captures for detailed analysis • Detection evading techniques used • Memory and process analysis • Networking level activity
  • 31.
  • 32.
    Backhaul traffic throughthe data center Slow, complex, & expensive Mobile HQ Remote Offices Too many gateways to buy, deploy & manage Build a perimeter around every office HQ Remote Offices Security appliances: two challenging choices
  • 33.
    Exploits APTMalware Public Cloud SaaS PrivateCloud Botnets Real-time global visibility (threats, apps, users) Single policy definition point (context) Mobile Employee HQ Remote Offices Full inline inspection (SSL) All ports, all protocols Off Network PAC / Mobile Agent On Network GRE/IPSEC Traffic forwarding Two use cases: Zscaler: putting a perimeter around the Internet So you don’t need to put a perimeter around every office and every device
  • 34.
    Web security Advanced threat protection Cloudapp visibility & control Cloud Firewall Bandwidth Controls Data loss prevention Context-aware policies Global real-time analytics SSL inspection Threat Correlation Multi-tenant distributed carrier-grade cloud (Peering relationships) Zscaler cloud security platform Cloud Sandbox Purpose-built, integrated services consolidate and simplify the appliance mess
  • 35.
    Industry analysts agree… “…on-premisesweb content security can’t protect digital business…” “…largest global cloud footprint with more than 100 enforcement nodes…”
  • 36.
    Zscaler delivers valueto all stakeholders CISO: BETTER SECURITY Scan and score every byte (SSL) Always up-to-date Correlation of threat prevention techniques Consistent policies globally Full audit controls- every user, device, & app in all locations CIO/CTO: SIMPLIFICATION No patch management or EOS issues No shipping, staging, updating Checkbox to enable new features No maintenance windows Elastic scale CFO: FASTER ROI Minimize CAPEX investment – no boxes to purchase Reduce OPEX – no boxes to maintain END USER: IMPROVED EXPERIENCE Faster response times Localized Internet content Single admin console Real-time global reports Performance SLA
  • 37.
    Consider Three Users… •We must seek security solutions that ensure consistent policy, protection and visibility, regardless of device or location. • Cloud provides the opportunity to level the playing field. Office Coffee Shop Airport Device PC / Laptop Laptop Tablet/ smartphone Protection IDS, IPS, FW, SWG, DLP, etc. Host based AV and firewall Nothing Visibility Location based reporting Nothing Nothing
  • 38.
    Next Steps 37 Free SecurityHealth Check Risk free evaluation of your security infrastructure Go to: http://www.zscaler.com/securitypreview Live Product Demos Register here: https://www.zscaler.com/productdemos
  • 39.