Post on 15-Jun-2015
description
Security TodayComprehensive Security Approach with Kaseya
Jason DettbarnSenior Technology Analyst
Security Today - News - Agenda
Historical Security Breaches Los Alamos StuxNetSecurity Breaches Lockheed Martin NYTimes Apple Facebook
Security Today – Tech - Agenda
Core Kaseya management & monitoring Agent Check-in Threshold USB Blocking Failed Login Attempts / Locked Accounts App BlockingPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
4
Richard Feynman – Los Alamos
5
Richard Feynman – Safe Cracking
6
Richard Feynman – Safe Cracking
7
Richard Feynman – Safe Cracking
Play in the lock – 18, 19, 20, 21, 22
8
Richard Feynman – Safe Cracking
(1) Total Combinations Now
9
Richard Feynman – Safe Cracking
(2) A Typical Combination
Max Time = 12 min & Average = 6 min
10
Richard Feynman – Safe Cracking
(3) Pre Worked Combination
Average = 1 - 2 min
11
Richard Feynman – Safe Cracking
12
The Inflection point – 06-08
• 2006 – 200k unique threat identified• 2007 – 15 Million unique threat
• Signature DB explodes• Cybercrime becomes a Business
13
DisclosuresMaintain…
14
Botnets
• Zombie War• Botherder• Conficker (Kido) was 6 million• TDL-4 botnet of 4 - 4.5 million• Accelerated Discovery of Multi year
threats
15
Malware Dragnet Snags Millions of Infected PCs
• Botnet – 35 Million Strong?
16
Kaseya Security Stack
Endpoint Monitoring
& HardeningAntivirus
Kaseya Antivirus
Kaseya Endpoint Security
AntiMalware
Kaseya AntiMalware
Remediation
Agent Procedures
Monitoring
Service Desk & PSA
Scheduling & Management
Monitoring
PasswordsUSB
Block Processes
17
Manufacturing…
18
Service…
19
Healthcare…
20
Financial…
21
Average…
22
Staggering Economics
• Cybercriminals earning > $100 Billion/Yr• Sophistication + Organization Increase
– Organized Crime– Infrastructure– Affiliate Programs– Botnets + Malware kits
• Who would do that?– Opportunist – Governments– Terror Organization– Hacktivists
23
Online Bank Robberies
• Clampi Trojan– Targeting English speaking countries– Goal: steal log-in and PW– DB of of 4500 different financial sites
• Wake, capture, sleep, transfer, classify
– Years of observation– Learn user activities– Transfer money in lots of under 10K– Recruited money mules– Banks are not responsible for SMB $ Lost
24
Distributed Computing
Folding@Home (Stanford Program)SETI @Home
25
True power
26
Botnet Virus
Millions of dormant blackhat botnets available for purchase
27
Stuxnet Virus
Break Into Hardened Nuclear Facilities?
28
How Did They Do It
USB Drives Dropped in Parking Lot
(leveraging autorun on the USB)
29
How infections occur
• “But, if its not broken?…”• Un-Patched Software• Spammed Infections• Legit website that’s been infected• Phishing• Trojans• Bots, botnets, botherders
– Botherder Command and Control• TDL-4 4.5 million
• Mac via Flashfake (700K)
• Android botnet discovered 7/2012
• USB, MSD• File transfers and Replication systems
– Dropbox, LogMeIn
Security ‘Today’
What Changed? Moving to the Cloud, data is not within network walls Distributed workforce More web enabled client applications More public individual information on Social NetPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
Security ‘Today’
Spear Phishing- Leveraging Social Media to target Phishing Emails
Security & Vulnerability AgendaKaseya Specific
Core Kaseya management & monitoring Agent Check-in Threshold USB Blocking Failed Login Attempts / Locked Accounts App BlockingPatching Windows Patching 3rd Party Software PatchingAnti-Virus Profile Best Practices Managing Intrusive Scanning
33
Security solutions on endpoints
Antivirus Antimalware URL Blocking Local Firewall
Device blocking
Application blocking
Logfile Monitoring
Regular System Audits
OS Patching Application Patching
Remote System Tracking
System Wiping
Agent Check-in ThresholdMonitoring -> Alerts -> Agent Check-inSet Max ‘off-the-reservation’ alert
Core Kaseya CapabilitiesUSB Blocking- Activate Agent Procedure for USB
Blocking
Failed Login / Locked AccountsEvent Log Monitoring- Set Event Sets (Failure Audit)
App BlockingApplication Blocking- Agent -> Application Blocker
PatchingWindows Patching- Auto Approve, Initial Update, Patch
Reports
PatchingKaseya Software Deployment & Update- Auto Deploy & Approve/Update
Kaseya AntiVirusInstall, Profile Management, Scan
Scheduling- Active Dexter Malware- Leading Industry A/V- Kaspersky v6.0.4.1424
41
Kaseya Security Stack
Endpoint Monitoring
& HardeningAntivirus
Kaseya Antivirus
Kaseya Endpoint Security
AntiMalware
Kaseya AntiMalware
Remediation
Agent Procedures
Monitoring
Service Desk & PSA
Scheduling & Management
Monitoring
PasswordsUSB
Block Processes
Questions?
Jason DettbarnSenior Security Analystjason.dettbarn@kaseya.com