Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
RAPIDLY CHANGE
MACROS,
TARGETED
EXECUTE MALWARE
& MORPH MALWARE
SCRIPTS,
MALWAREETC.
3
Attackers need to control the endpoint
FILE-LESS ATTACKS
4
Traps - Best of breed endpoint security
Provides prevention capabilities that cover all stages of the attack
life cycle
5
Other solutions optimize for only one aspect…
Signature-based solutions can’t prevent unseen malware
EXPLOIT SOFTWARE
VULNERABILITIES PREVENTS KNOWN MALWARE
MORPHING WildFire threat intelligence
MACROS / SCRIPTS
7
And prevents exploitation of even zero-day vulnerabilities
RECONNAISSANCE PREVENTION
MALWARE
Fingerprinting prevention
KERNEL PROTECTION
Privilege Escalation Protection, APC Protection
MACROS / SCRIPTS
8
Traps in “real life” – The NotPetya Attack
OR
Compromised Software Exploit MS Office Spread via SMB Exploit
Included a malicious DLL CVE-2017-0199 Using CVE-2017-0144/0145
DoublePulsar
Used to inject the payload
Initial Victim
Attempt to Spread
Encrypt MBR
9
NotPetya - Prevention Opportunities with Traps
OR
Compromised Software Exploit MS Office Spread via SMB Exploit
DLL Malware Child Process
Included a malicious DLL CVE-2017-0199 Using CVE-2017-0144/0145
Prevention Protection
DoublePulsar
Kernel APC DLL Malware
Used toProtection
inject the payload Prevention
Initial Victim
Attempt to Spread
Encrypt MBR
10
Ask not (only) what the Platform can do for Traps…
11
14
So what’s next…
15
Traps 5.0 (Hogwarts Release)
APPLICATION FRAMEWORK
Addition of endpoint
activity from Traps
LOGGING SERVICE THREAT INTEL DATA
Email: plechman@paloaltonetworks.com,jjiricek@paloaltonetworks.coml
Twitter: @PaloAltoNtwks