Embed Size (px)
DESCRIPTION
The security community is amassing a wealth of intelligence about targeted attacks (aka APTs). One thing we are seeing is that the 2 weakest points in our defense against targeted attacks is the human element and the endpoint. We need to give more attention to the human element, but few of us are in a position to effect behavioral change in our organization. That is a long road requiring support from management and a more psychology-focused skill set. On the other hand, most of us are in a position to help improve endpoint security. In this webinar I’ll be focusing on how to build a layered defense against targeted endpoint attacks. To build a true defense-in-depth strategy we will look at the phases of a targeted attack: *Discover – reconnaissance, “casing the joint” *Distribute – package and deliver the payload *Exploit- trigger the payload and exploit the vulnerability *Control- install persistent malware on system, connect back to command & control *Execute – spread-out and begin taking action against planned objectives We will identify controls and technologies that we can deploy to disrupt, hinder, detect and prevent attackers at each phase. These will include: *Endpoint security best practices *Endpoint management processes *Hardening steps *Monitoring techniques *Endpoint security technologies We will draw on the wealth of intelligence the security community is amassing and make this a data-driven presentation.
Citation preview
Sponsored byReal World Defense
Strategies for Targeted Endpoint Threats
© 2013 Monterey Technology Group Inc.
Thanks to
© 2013 Monterey Technology Group Inc.
www.Lumension.com
Paul Zimski
Preview of Key Points
Phases of a targeted attack
How to disrupt, hinder, detect and prevent attackers at each phase
Endpoint security best practices Endpoint management processes Hardening steps Monitoring techniques Endpoint security technologies
Discover
Distribute
Exploit
Control
Execute
Discover
What it is Reconnaissance Casing the joint
How to fight it Human Difficult
Distribute
What it is Package Deliver the payload
How to fight it Web
Content scanning Website reputation
Email Scanning Filtering Training
Device control
Exploit
What it is Trigger the payload Exploit the vulnerability
How to fight it Configuration control
Attack surface reduction Fast patching Application control
Whitelisting Memory protection Anti-malware
Control
What it is Install persistent malware on system Connect back to command & control
How to fight it Application control
Whitelisting Anti-malware Configuration control Network egress scanning
Execute
What it is Spread-out Begin taking action against planned objectives
How to fight it Application control
Whitelisting Anti-malware Configuration control Network egress scanning Host monitoring
New EXEs New accounts Suspicious access patterns to critical information
Bottom line
Fight them every step of the way Defense-in-depth
Endpoint security is a many headed beast So many risk vectors So many security technologies
Integration between endp0int security techn0logies One agent One console
18
Defense-in-Depth with Lumension
Click to edit Master title style
Physical Access
Por
t / D
evic
e C
ontr
ol a
nd E
ncry
ptio
n
Full DiskEncryption
Fire
wal
l Man
agem
ent
Pat
ch a
nd C
onfig
urat
ion
Man
agem
ent
Ant
i-Mal
war
e
NetworkAccess
Sponsored by
Sponsored by
• Free Security Scanner Tools» Vulnerability Scanner – discover
all OS and application vulnerabilities on your network
» Application Scanner – discover all the apps being used in your network
» Device Scanner – discover all the devices being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Endpoint Management and Security Suite» Online Demo Video:
http://www.lumension.com/Resources/Demo-Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2
11
