Upload File

protecting against ransomware

18
Part 2: Protecting against Ransomware Jonathan Korba Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?

Upload: symantec

Post on 19-Mar-2017

34 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Protecting Against Ransomware

Part 2: Protecting against Ransomware

Jonathan KorbaSystems EngineerSymantec

5-Part Webinar Series: Endpoint Protection…what really matters?

Page 2: Protecting Against Ransomware

5-Part Webinar Series: Endpoint Protection…what really matters?

Title: Date:

Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning January 26, 2017

Part 2 of 5 Block The Risk Of Ransomware February 23, 2017

Part 3 of 5 Achieving Zero-Day Attacks and What To Do About ItMarch 23, 2017

Part 4 of 5 Easy Ways To Improve Your Security Posture April 20, 2017

Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & ResponseMay 18, 2017

https://www.symantec.com/about/webcasts

https://www.symantec.com/about/webcasts
Page 3: Protecting Against Ransomware

Agenda

3

What is Ransomware and what are the risks?

How does Symantec Endpoint Protection 14 block Ransomware?

Demos: SEP 14 in action

Page 4: Protecting Against Ransomware

Copyright © 2016 Symantec Corporation

Superior Protection and Response Across the Attack ChainStop Ransomware Threats with layered protection

INCURSION INFESTATION and EXFILTRATIONINFECTION

ANTIVIRUS

NETWORK FIREWALL & INTRUSION

PREVENTION

APPLICATION AND DEVICE

CONTROL

BEHAVIOR MONITORING

MEMORY EXPLOIT

MITIGATION

REPUTATION ANALYSIS

ADVANCED MACHINE LEARNING

EMULATOR

Patented real-time cloud lookup for scanning of suspicious files

NETWORK FIREWALL & INTRUSION

PREVENTION

INNOCULATION

POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN

SECURE WEB GATEWAY

INTEGRATION

EDR CONSOLE (ATP:ENDPOINT)

Page 5: Protecting Against Ransomware

While end-users see Word files as harmless they can hide macro-viruses

5

Copyright © 2016 Symantec Corporation

Page 6: Protecting Against Ransomware

6

Copyright © 2016 Symantec Corporation

Page 7: Protecting Against Ransomware

7

Page 8: Protecting Against Ransomware

8

Drive-by-Downloads Malicious Email

Infection Vectors

How is Ransomware getting in?

Page 9: Protecting Against Ransomware

Ransomware Attack Chain

1. Malware Delivery

2. Malware installed 3. Call C&C Server

4. Encryption

9Copyright © 2016 Symantec Corporation

Page 10: Protecting Against Ransomware

SEP 14 Protection across Ransomware Attack Kill Chain

1. Malware Delivery

2. Malware installed 3. Call C&C Server

4. Encryption

Download Insight,AV: Machine Learning, Emulator IPS, Memory Exploit Mitigation

IPS

SONAR,Application Control

10Copyright © 2016 Symantec Corporation

Page 11: Protecting Against Ransomware

Emulation CapabilitiesFast and accurate detection of hidden malware

Copyright © 2016 Symantec Corporation11

Packer

Packer

Executable

No Emulation

Emulation

Emulation Environment

Packed, not recognized

Payload Recognized

Emulation Environment

Unpacking

Executable

Emulates file execution to cause threats to reveal

themselves

Lightweight solution runs in milliseconds with high

efficacy

Malware hidesbehind custom

polymorphic packers

Emulator ‘unpacks’ the malware in a

virtual environment

Executable

Page 12: Protecting Against Ransomware

Memory Exploit MitigationBlocks zero-day attacks by hardening the operation system

12

Signature-less and works regardless of the

flaw/bug/vulnerability

Preemptively blocks exploit techniques, foiling attempts of

attackers to take over a machinePatch

ReleasedPatch

AppliedVulnerability Discovered

Vulnerability Disclosed

ZONE OF EXPLOITATION

WEEKS

MONTHS

“Memory Exploit Mitigation”

1. Java Exploit Protection2. Heap Spray3. SEHOP

Copyright © 2016 Symantec Corporation

Page 13: Protecting Against Ransomware

13

Page 14: Protecting Against Ransomware

Demo: IPS Blocks Outbound Communications from Ransomware

Copyright © 2016 Symantec Corporation14

Page 15: Protecting Against Ransomware

Demo: Application Control Blocks Ransomware the uses Office Documents

Copyright © 2016 Symantec Corporation15

Page 16: Protecting Against Ransomware

Protection Against Ransomware

• User Education

• Email/Gateway Security

• OS/App Patching

• Maintain an endpoint security solution– File reputation analysis

– Static file malware prevention with Machine Learning

– Exploit prevention

– Behavior-based prevention

– Application Control

• Limit end user access to mapped drives – make read only and password protect

• Deploy and secure a comprehensive backup solution

16

Copyright © 2016 Symantec Corporation

Page 17: Protecting Against Ransomware

Q&A

17

Page 18: Protecting Against Ransomware

Thank you!

Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Jonathan KorbaSystems EngineerSymantec

18


How to Protect Your Networks from Ransomare… · Protecting Your Networks from Ransomware . Protecting Your Networks from Ransomware . Ransomware is the fastest growing malware threat,

Best Practices for Protecting Against Phishing, Ransomware and … · 2019. 7. 31. · R ON Best Practices for Protecting Against Phishing, Ransomware and Email Fraud An Osterman

Best Practices for Protecting Against Phishing, Ransomware and … · 2019. 11. 8. · TARGETED ATTACKS ARE DIFFERENT FROM OTHER TYPES OF ATTACKS Traditional attacks are typically

CONSUMER CREDIT. Basic Consumer Credit Laws Laws Protecting Against Discrimination Laws Protecting Your Credit Record Laws Protecting Against Billing

8 ways to protect your network against ransomware

Redemption: Real-time Protection Against Ransomware · PDF fileRedemption: Real-time Protection Against Ransomware at End-Hosts Amin Kharraz1 and Engin Kirda1 fmkharraz,[email protected]

How to fight back against ransomware

Advanced Malware Protection Against ransomware

Endpoint protection against ransomware and zero-day threats

Ransomware - what is it, how to protect against it

Best Practices for Protecting Against Phishing, Ransomware ...security awareness training, data backup processes, strong internal control processes, implementation of technologies

Protecting Your Business From A Ransomware & Cyber Attack › content › dam › uwaem › ... · Protecting Your Business From A Ransomware & Cyber Attack Syed Saleem Advisory Systems

PROTECTING YOUR AUDIT4 FROM RANSOMWARE · 2018-06-05 · Protecting your Audit4 from RANSOMWARE 2016 | | 1300 133 308 2 Your irreplaceable clinical data needs protection If you don’t

Defending Against Ransomware

Business Partners - HackerU · Course Index 2018 13 For End Users CA001 For IT CA001 Protecting Against Ransomware CA002 Cyber Security Awareness - Cyber Security CEH & Hacking Fundamentals

10 Ways Zero Trust Architecture Protects Against Ransomware

Protecting Your Pharmacy From a Ransomware Attack

Protecting from Ransomware & Modern Disasters: An El

THE INFORMANT April.pdfransomware, there has been an ongoing emphasis in protecting against Ransomware in all IT fields. The first piece of Ransomware popped up on computers in 2009,

Defending Against Crypto- Ransomware

How to Stay Protected Against Ransomware€¦ · How to Stay Protected Against Ransomware A Sophos Whitepaper August 2016 Protection technologies to help keep you secure against ransomware

Protecting against Ransomware - Amin Kharrazmalware—including ransomware. Automating payload analysis. Mal-ware authors usually use several anti-analysis techniques to increase the

Protecting Against Terrorism

What You Need to KNoW about StoppiNg RaNSomWaRe · 2018-06-26 · the damage of a potential ransomware attack. BesT pRACTICes foR pRoTeCTIng THe enTeRpRIse AgAInsT RAnsomwARe To avoid

RANSOMWARE PROTECTION€¦ · RANSOMWARE PROTECTION UIDE . ... Exploitation Exploit Mitigations Application Behavior Payload Execution ... PREVENTION AGAINST RANSOMWARE

DATA INTEGRITY - NCCoE · DATA INTEGRITY Identifying and Protecting Assets Against Ransomware and Other Destructive Events Tim McBride National Cybersecurity Center of Excellence

Safeguard your enterprise against ransomware

How to stay protected against ransomware

FIGHTING BACK AGAINST THE RANSOMWARE EPIDEMIC€¦ · FIGHTING BACK AGAINST THE RANSOMWARE EPIDEMIC VIPRE.COM 2 Ransomware has become the No. 1 cyber-threat, ... so all companies

Ransomware today: How to protect against Locky and friends

Protecting Homes Against Arson

Protecting Local Governments from Ransomware Attacks€¦ · Protecting Local Governments from Ransomware Attacks 2 With the rise of global ransomware attacks, managing networks preventing

Best Practices for Protecting Against Phishing, Ransomware ... · current security solutions is not improving – or is actually getting worse – for many organizations. • Decision

Fighting Back Against the Ransomware Epidemic

Ransomware – A Growing Menace for Healthcare Providers · Ransomware – A Growing Menace for Healthcare Providers-Protecting sensitive medical records - [2] White Paper ... •