The document discusses cybersecurity strategies to combat malware and advanced persistent threats, highlighting risks associated with traditional malware, bots, and ransomware. It emphasizes the importance of technical and procedural controls, incident response, and continuous improvement in security practices. The content serves as a guide for organizations to strengthen their cybersecurity posture through assessments, governance frameworks, and effective communication of security protocols.

1. © 2016 JURINNOV, LLC All Rights Reserved.
The Prescription for Protection
Avoid Treatment Errors to the Malware Problem
Advanced Persistent Threats Summit
Eric Vanderburg and Bogdan Salamakha
JUNE 15, 2016

2. © 2016 JURINNOV, LLC All Rights Reserved.
Eric Vanderburg
Director of Cybersecurity
Over 40 certifications
Licensed private investigator
MBA with an IS concentration
BS, Technology
AAB, Computer Information Systems
18 years experience in information assurance
and cybersecurity
Author
Expert witness

3. © 2016 JURINNOV, LLC All Rights Reserved.
Bogdan Salamakha
Penetration Tester and Security Researcher
MPSC (Metasploit Pro Certified Specialist)
Penetration tester and security researcher
Operates JURINNOV’s honeynet
Specializations include:
Vulnerability assessment
Ethical hacking
Security analysis
Incident response

4. © 2016 JURINNOV, LLC All Rights Reserved.
Traditional Malware
Your data or your money
Encrypts or blocks access to
data and demands money to
gain access
Examples:
 Reveton
 CryptoLocker
 CryptoWall
General viruses, trojans
and worms
• Spread quickly
• Destroy data
• Open backdoors
• Make computers sluggish
• Hijacks browser sessions
• Steals data
Coordinated malware
• The cloud for crooks
• Over 700 million bots
worldwide
• 12% of bots active
• Malicious bots responsible
for 29% of worldwide
Internet traffic
• 90% of security events are
from bot activity
Ransomware Bots

5. Right Client - Authentication
They come to you in sheep's clothing, but inwardly they are
ferocious wolves.
-Matthew 7:15 NIV

6. © 2016 JURINNOV, LLC All Rights Reserved.
Right Client - Authentication
Drive by malware
• Web filtering
• Block Javascript for sites unless you need it
• Ad blocking
• Browser updates
Software downloads
• AppLocker
• Java application signature verification
• Microsoft code signing
• Utilize official app stores
• Microsoft Store
• Ubuntu Software Center

7. © 2016 JURINNOV, LLC All Rights Reserved.
Right Client - Authentication
Mobile apps
• Utilize official repositories
• Read reviews
• Developer reputation
• Developer professionalism
Email attachments
• Discretionary execution
• Protected mode
• Macros

8. Right Route – Gaps and Strategies
Productivity is never an accident. It is always the result of a
commitment to excellence, intelligent planning, and focused effort.
-Paul J. Meyer

9. © 2016 JURINNOV, LLC All Rights Reserved.
Right Route – Gaps and Strategies
•Gap assessments
• SWOT
• Priorities
• Vision
•Data inventory  Data classification
• Patient information
• Engineering documents
• Competitive advantage information / IP
• Financial information

10. © 2016 JURINNOV, LLC All Rights Reserved.
Right Route – Gaps and Strategies
• Identify best practices
• Security governance framework
• Policies and procedures
• Top level support
• Trained staff
• Identify required third parties

11. © 2016 JURINNOV, LLC All Rights Reserved.
What is greatest threat for your industry?

12. Right Drug – Security Controls
I am dying from the treatment of too many physicians.
-Alexander the Great

13. © 2016 JURINNOV, LLC All Rights Reserved.
Right Drug
Technical
controls
Procedural
controls
Training

14. © 2016 JURINNOV, LLC All Rights Reserved.
Network Security
NAC
Firewall
IPS / IDS
Content
security
Wireless
Monitoring
Security
Management
Compliance
Security
Operations
System
Management
Vulnerability
Management
Patch
Management
Change
Management
Data Security
Encryption
DLP
Database
Security
Identity and
Access
Management
Federation
Web access
management
Provisioning
Directories
Authentication
Virtualization
Segmentation
Hypervisor
isolation
Parent/child
relationships
Hypervisor
authentication
Cloud
Provider
resiliency
Data
exchange
protocols
Incident
detection /
notification
Application
Security
Security
Development
Web Application
Assessment
Application
Testing
Web
Application
Firewalls
Endpoint
Security
Remote
Access / VPN
Device
Control
Disk
Encryption
Mobile
Security
A/V
Right Drug – Technical Controls

15. © 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Procedural Controls
•Incident response
• Ticket escalation and tracking
• Customize for:
• Traditional malware
• Bots
• Ransomware
• Procedures

16. © 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Procedural Controls
•Investigative procedures
• Evidence handling
• Third party services
•Notification procedures
• Customer notifications
• Legal requirements
• Public relations
•Incident debriefs
•Table top exercise / scenario

17. © 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Training
• Incident reporting
• Recognizing spam and phishing
• Data classifications
• Data sensitivity levels
• Data availability levels
• Storage locations
• Transmission restrictions
• Passwords
• Warning signs

18. Right Dose – Security and Business Balance
I tried being reasonable, I didn't like it.
–Clint Eastwood

19. © 2016 JURINNOV, LLC All Rights Reserved.
Right Dose – Finding the Balance
• Defining an acceptable minimum
• Compliance requirements
• Due diligence
• Industry standards
• Competitive analysis
•Risk analysis
• Impact + likelihood vs. cost to remediate
Acceptable Minimum
Risk
analysis
Competitors
Compliance
& Standards

20. © 2016 JURINNOV, LLC All Rights Reserved.
Right Dose – Security and Business Balance
• Combining similar controls
• Streamlining existing controls
• SSO
• Automation
• Start with security
• Solicit feedback and involvement

21. Right Time – Staying up to Date
“The early bird gets the worm, but the second mouse gets the
cheese.”
― Willie Nelson

22. © 2016 JURINNOV, LLC All Rights Reserved.
Right Time – Staying up to Date
• Don’t stop now!
• Awareness
• Continuous improvement and Metrics
• Updates and NAC
• Right place in the adoption curve

23. © 2016 JURINNOV, LLC All Rights Reserved.
Questions