Transcript
IT Sikkerhed
McAfee Confidential
Agenda • Den generelle status for IT-sikkerhed • Tips og gode råd • Hvad kan du gøre for at sikre dig selv, din computer, mobil og tablet bedre? • Hvordan kan du genkende hvis der er nogle ”phishing” /fiske emails eller telefonopkald • Kodeord - Password: Hvordan laver du forskellige sikre password du let kan huske. • Programmer der kan hjælpe med at huske password • Er IT-kriminelle i stand til at bryde ind hvor som helst og lamme samfundet? • El og-vandforsyning, hospitalsvæsen, bankverdenen, kommunerne og staten
• Sådan arbejder et IT-sikkerheds firma • IT-sikkerhed i fremtiden • Spørgsmål og svar McAfee Confidential
McAfee Confidential
3
McAfee Confidential
4
McAfee Confidential
5
Sikkerhed er mange ting • Forskellen • At føle sig sikker • At være sikker • Budskabet har betydning for modtageren • Folks opfattelse og forståelse af sikkerhed • Er problemet selvforskyldt? • Kører du på vinterdæk om vinteren? • Kører du bilen til service, syn etc. • Hvor mange sikkerhedsteknologier har du i bilen? McAfee Confidential
Det reelle trusselsbillede • Hvordan ser det ud? • Hvad kan vi forvente? • Ransomware, Sociale medie, Mobility, Mac OS, Android ... • Hvad skal vi være opmærksomme på? • Informationer • Prioritering af sikkerhed, er vi parate?
McAfee Confidential
Et ord som dækker it-sikkerhedsudfordringerne
Kompleksitet Vi arbejder for at lukke alle huller, it-kriminelle skal bare finde et.... Sikkerhed må og kan ikke ses og håndteres som ”siloer” Bedste sikkerhed er en samlet helhedsløsning McAfee Confidential
Kompleksiteten • Forbrugerstyret IT (Consumerization of IT) • Brugerne anvender deres private enheder til arbejde • Kombiner Windows og Mac – iOS, Android ...
• Sociale medier • Mail og messenger indbygget i web
• Diversitet af enheder • Smartphones, Tablets, operativsystemer • Cloud • Dropbox, OneDrive, Google Drive, iCloud, delt mellem mange enheder • App eksplosion • Mere end mail og web
McAfee Confidential
Hvordan ser trusselsbilledet ud
McAfee Confidential
McAfee Confidential
Hvem er målet • Dig via din computer eller mobil/tablet
McAfee Confidential
“Indgange” til din computer • Dig • Web • Email • USB • Telefon opkald • Snyder dig – “Social engineering” • Uvidende – “huller”/sårbarheder i systemet/programmer • Udnytter sårbarheder i: • Browser • Flash • PDF • JAVA
McAfee Confidential
The Problem “More than 95 percent of all attacks tied to state-affiliated espionage employed phishing as a means of establishing a foothold in their intended victims'systems.” Verizon, 2014 Data Breach Investigations Report
McAfee Confidential
Forløb
McAfee Confidential
Beskyt dine informationer
McAfee Confidential
Informationer • Backup – beskyt dine billeder og dokumenter • Skal være gemt et andet sted fysisk end på din computer eller tablet/smartphone • Password / Kodeord • Brug forskellige password på hvert sted • Brug en algoritme • Brug Password manager
McAfee Confidential
Ransomware “afpresning”
McAfee Confidential
Ransomware • Malware som krypterer alle dine dokumenter som er tilgægelig på din computer • Kræver betaling for at få nøglen til at få adgang til dokumenterne igen • >40% betaler for at få adgang til dokumenterne igen
McAfee Confidential
Betal for at få nøglen ellers slettes den efter 72 timer Cryptolocker kommer ind på din computer
McAfee Confidential
Krypterer alle dine dokumenter og billeder
Fjerner så krypteringen
McAfee Confidential
Opensource tilgængelig på github.com
McAfee Confidential
Key Trend
Ransomware • Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58% in Q2. The total number of ransomware samples grew 127% over the past year. • We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others.
McAfee Confidential
Phishing
McAfee Confidential
Test din Phishing viden… https://phishingquiz.mcafee.com/
McAfee Confidential
Personer fra Danmark får kun 69% rigtige… McAfee Confidential
Key Trend
Phishing URLs
McAfee Confidential
Password / Kodeord
McAfee Confidential
Kodeords algortime • Have en kode du altid kan huske • De#5smaa ! • Tag en del af det domaine navn du hvor du skal bruge et kodeord • Facebook
=
kDe#5smaaFa!
• Gmail
=
lDe#5smaaGm!
• Linkedin
=
nDe#5smaaLi!
• Dr
=
rDe#5smaaDr!
• Algoritme. Tag det sidste bogstav sæt det forrest og tag de to foreste bogstaver og sæt dem næst bagerst med stort forbogstav
McAfee Confidential
Password / Kodeord • LastPass
• Lastpass Wallet til din mobil eller tablet • Husk på dine vigtige informationer
• Web: www.lastpass.com
McAfee Confidential
Lastpass wallet
McAfee Confidential
Mobile / Tablet
McAfee Confidential
Sårbare • Android har mange sårbarheder • Problemer med rettelser til gamle enheder
• IOS er utrolig sikker mod malware • Der er ikke noget antivirus tilladt eller muligt
• Designet sikkert OS fra bunden • Jailbroken IOS devices er dårligere stillet end Android
McAfee Confidential
Walled Garden
https://en.wikipedia.org/wiki/Closed_platform McAfee Confidential
34
There are 345 new threats every minute, or almost 6 every second.
Source: McAfee Labs McAfee Confidential
Threat Trends – Q2 2015
Source: McAfee Labs McAfee Confidential
36
McAfee GTI Metrics Q2 2015
• 6.7 million attempts per hour were made to entice our customers into connecting to risky URLs (via emails, browser searches, etc.) • 19.2 million infected files per hour were exposed to our customers’ networks • 7 million PUPs per hour attempted installation or launch • 2.3 million attempts per hour were made by our customers to connect to risky IP addresses or those addresses attempted to connect to customers’ networks
McAfee Confidential
37
Key Trend
Malware • The McAfee Labs malware zoo grew 12% from Q1 to Q2. It now contains more than 433 million samples.
McAfee Confidential
Key Trend
Mobile Malware • The total number of mobile malware samples grew 17% in Q2.
McAfee Confidential
Key Trend
Ransomware • Ransomware continues to grow very rapidly – with the number of new ransomware samples rising 58% in Q2. The total number of ransomware samples grew 127% over the past year. • We attribute the increase to fast-growing new families such as CTB-Locker, CryptoWall, and others.
McAfee Confidential
Key Trend
Rootkits
McAfee Confidential
Key Trend
Malicious Signed Binaries
McAfee Confidential
Key Trend
Suspect URLs
McAfee Confidential
Key Trend
Phishing URLs
McAfee Confidential
Key Trend
Messaging Threats
McAfee Confidential
Hvad kan du gøre…
McAfee Confidential
Vedligehold programmerne • Patching…. • OS • Browser • PDF reader • Flash • ….
• www.Secunia.dk • PSI – Identificier programmerne med kendte sårbarheder
McAfee Confidential
Hvor bevæger du dig hen på nettet? • Få gratis “rådgivning” i din browser • http://www.siteadvisor.com
McAfee Confidential
Effektive løsninger • Anvend ikke Windows som lokal administrator • Brug “Kør som” – “Run As” når du skal være administrator • Kør browser i lukket virtual maskine • https://www.virtualbox.org
McAfee Confidential
McAfee Confidential
• Microsoft • Enhanced Mitigation Experience Toolkit – www.Microsoft.com/emet
• Process Explorer – https://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
• McAfee Raport • http://www.mcafee.com/us/downloads/free-tools/raptor.aspx
McAfee Confidential
51
McAfee Confidential
52
McAfee Labs Threats Report August 2015
• Speaker Name | Title .
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective The attacker profile has changed.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective Increasingly evasive malware and long-running attacks.
McAfee Confidential
Key Topic
Intel + Massive McAfee: five-year retrospective increasea in the types and volume of devices.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective Cybercrime has transformed into a full-fledged industry.
McAfee Confidential
Key Topic
Intel + McAfee: a five-year retrospective We have witnessed the transformation of cybercrime into a fullfledged industry with suppliers, markets, service providers, financing, trading systems, and a proliferation of business models.
McAfee Confidential
Key Topic
Data exfiltration: an important step in the cyber thief’s journey Typical data exfiltration architecture
McAfee Confidential
Key Topic
Data exfiltration: an important step in the cyber thief’s journey Data transports
McAfee Confidential
Key Topic
Data exfiltration: an important step in the cyber thief’s journey Data manipulation
McAfee Confidential
Key Topic
Data exfiltration: an important step in the cyber thief’s journey Recommended policies and procedures to protect against data exfiltration
McAfee Confidential
Key Topic
GPU malware: separating fact from fiction Not a perfect storm!
• Moving malicious code from the CPU and host memory reduces the detection surface, making it more difficult for host-based defenses to detect attacks. • However, the detection surface has not been completely eliminated. Trace elements of malicious activity remain, allowing endpoint security products to detect and remediate the threat.
McAfee Confidential
Kan vores infrastruktur blive lammet?
McAfee Confidential
McAfee Confidential
McAfee Confidential
• In October 2012, U.S. defense secretary Leon Panetta warned that the United States was vulnerable to a “cyber Pearl Harbor” that could derail trains, poison water supplies, and cripple power grids. The next month, Chevron confirmed the speculation by becoming the first U.S. corporation to admit that Stuxnet had spread across its machines.
McAfee Confidential
67
Hvordan arbejder vi
McAfee Confidential
McAfee Confidential
McAfee Confidential
How Reputations Work With Global Threat Intelligence
Network Sensor
Endpoint Sensor
McAfee Confidential
Global Reputation
The Cyber Kill Chain® Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions & Objectives Source: http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html McAfee Confidential
Kill-chain
McAfee Confidential
McAfee Confidential
IT Security – current tech August 2015 Steen Pedersen | Principal Consultant – Endpoint Practice Lead
Agenda • Selections of interesting modern IT Security • Security Connected • Data Exchange Layer – DXL • Threat Intelligence Exchange - TIE
• Intel has defined countless standards • Advanced Threat Defense - ATD • Back to the future – whitelisting • Enhanced security for current and legacy OS
McAfee Confidential
Building Security By Silo Technology Acquisition Process Has Delivered Security Chaos Endpoint Protection
McAfee Confidential
Firewall
Gateway Security
Network IPS
Compliance
Data Protection
Mobility
Analytics
78
Building Security By Silo Creating a False Sense of Security
TCO
CapEx + OpEx
Security Posture Layered Tools Point Products Parity
McAfee Confidential
TIME
Advancement 79
Optimizing Security Infrastructure Delivering Operationally Effective Security
Connected Architecture
TCO
CapEx + OpEx
Security Posture
Layered Tools
Point Products Parity
McAfee Confidential
TIME
Advancement 80
–
History of Defining Largest Dedicated Delivering a Next Generation Architecture Security Provider Security Architecture
Inventor of the world’s most – Broadest security product Defining innovative industry approaches forcoverage collaborative widely used – computing in the industry and adaptive security architecture – Complete portfolio focused upon – Defining countless standards – Introducing security integrations which are security sustainable used in everydayand lives ranging broadly reaching – Leadership position in 6 of 8 from USB, WiFi, to IoT Gartner Security Magic – Developing capabilities for new security paradigms in – Top 10 Most Influential Brands Quadrants areas such as Software Defined Datacenter, Cloud, and in the World
IoT
McAfee Confidential
81
McAfee Security Connected Evolution Debunking Common Obstacles
A Connected Services Architecture is not… • A Single Vendor Solution • A Monolithic Architecture • The Continuous Addition of New Technologies • A New Environment Requiring More Resources to Maintain • Massive Rip/Replace of Security Infrastructure
McAfee Confidential
82
The Data Exchange Layer (DXL) The Fabric of Security Connected
McAfee Confidential
Data Exchange Layer Standardize integration and communication to break down operational silos Disjointed API-Based Integrations
McAfee Confidential
Collaborative Fabric-Based Ecosystem (DXL)
Result
Result
Slow, heavy, and burdensome
Fast, lightweight, and streamlined
Complex and expensive to maintain
Simplified and reduced TCO
Limited vendor participation
Open vendor participation
Fragmented visibility
Holistic visibility
Traditional Siloed Protection Series of isolated fights: adapt manually, and sometimes not at all
Individual technologies may be extremely effective, but security infrastructure does not learn from encounters
Prebreach McAfee Confidential
Postbreach
Security Connected Protection Orchestrated and automated responses: adapt in real time
Apply insights immediately throughout a collaborative infrastructure
Prebreach McAfee Confidential
Postbreach
CompleteaProtection Enabling Next From Endpoint to Generation Network Architecture
ATD
Web / Mail Gateway
SIA Partners / 3rd Parties
SIEM
NGFW
DLP McAfee Active Response
Threat Intelligence Exchange
NSP
.
McAfee Confidential
87
Threat Landscape 362
New threats every minute, or more than 6 every second
13%
Growth of the McAfee Labs malware zoo between Q4 2014 and Q1 2015
49%
Rise in mobile malware samples from Q4 2014 to Q1 2015
81%
Jump in new suspect URLs found in Q1 2015 compared to Q4 2014
165%
Increase in new ransomware in Q1 2015
317%
Growth in Adobe Flash exploits in Q1 2015
400,000,000+
Unique malware samples in the McAfee Labs Zoo as of Q1 2015
Source: McAfee Labs Threats Report: 1st Quarter 2015 McAfee Confidential
88
What Is Advanced Malware? Typically Criminal Stealthy Targeted Unknown
Evades Legacy-based Defenses
Discovered After the Fact
Theft Sabotage Espionage Data loss Costly clean-up Long-term damage
Key Challenges • Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. • Many of these attacks are not advanced in techniques; they are simply designed to bypass traditional signaturebased mechanisms. Source: Designing an Adaptive Security Architecture for Protection From Advanced Attacks (Published 12 February 2014) McAfee Confidential
89
Comprehensive Layered Approach White/ Black Listing GTI
AV Real-time Emulation Dynamic and Static Code
Number of Samples You Can Process
Known Good Known Bad
Emulation
File Execution
Compute Cycles Needed/Time to Process McAfee Confidential
90
McAfee Application Control Pro-Active Protection Through System Hardening Back to the future… Know what to trust
McAfee Confidential
How Whitelisting Works The Basics
Create Whitelist
Whitelist EXE
SYS
Solidify / Harden System EXE
Block Unauthorized Applications
McAfee Confidential
DLL
BAT
The Trust Model What to do after the whitelist
Trusted Updaters
Trusted Certificates Trusted Directories Trusted Users
McAfee Confidential
Self-Approval (Desktop User Experience) • A non-whitelisted app can be approved by the end user • This mode is for users/systems who make frequent changes (not for all) • The admin will audit these self-approvals and decide to Accept/Reject • This is also a get-your-feet-wet-withwhitelisting mode
McAfee Confidential
Summary of User Types Increasing order of privilege
Trusted Users
Not subject to whitelist restrictions (e.g.: IT admin)
Users who can Self-Approve
Non-whitelisted file is blocked but user can override prevention and execute (e.g.: Developers)
Regular Users
Non-whitelisted files are blocked and user is notified
McAfee Confidential
Supported Environments Windows Embedded XPE, 7, 8, 8.1 Windows XP, 7, 8, 8.1 Windows Server 2003 (R2), 2008 (R2), 2012 (R2) RHEL, SLES, OpenSuSE, OpenLinux, CentOS, Ubuntu
Solaris
Source: https://kc.mcafee.com/corporate/index?page=content&id=KB73341 McAfee Confidential
Cost Savings • Improved Protection • From Targeted Attacks and Advanced Persistent Threats (APTs)
• Visibility of Applications in Enterprise • How many are reputed and how many are not
• No More Patch Panic • MP & AWL will provide coverage and eliminates urgency for security patches
• Extending Life of Legacy Systems • Win NT, Win 2000, XP and 2003
• Improved System Performance • Negligible CPU & Memory usage (vital for ATMs, POS, Kiosks) • No degradation to app responsiveness and server throughput .
McAfee Confidential
98
Information • http://www.mcafee.com/tie • http://www.mcafee.com/uk/resources/misc/infographic-connected-security-yields-smarterdefenses.pdf
McAfee Confidential
99
