Scribd Logo
Carica

Benvenuto in Scribd!

  • UK Ransomware Matthew Walker HEAT Software

    Caricato da

    Yudi Momenk
    40 visualizzazioni24 pagine
    Ransomware

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Ransomware

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    40 visualizzazioni24 pagine

    UK Ransomware Matthew Walker HEAT Software

    Caricato da

    Yudi Momenk
    Ransomware

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 24

    Ransomware: How to Avoid Extortion

    Matthew Walker VP Northern Europe

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Examples of Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Examples of Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    84% believe their company would be seriously


    damaged
    if it were successfully infected with ransomware

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    About Ransomware

    31% admitted that if their corporate networks were


    infected
    theyd have no choice but to pay the ransom

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    How Does It Work?

    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    How Does It Work?


    Phishing
    Email

    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Drive-By
    Download

    Malvertising

    Botnet

    Malicious App

    Encrypt Data Files

    Phone Home

    Installation

    Infection

    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Disable Defenses

    How Does It Work?

    Support Services

    Encrypt Data Files


    Phone Home

    Disable Defenses
    Installation
    Infection
    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Demand Ransom

    How Does It Work?

    Release of Files

    Support Services

    Encrypt Data Files


    Phone Home

    Disable Defenses
    Installation
    Infection
    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Demand Ransom

    How Does It Work?

    Pay Ransom

    Release of Files

    Support Services

    Encrypt Data Files


    Phone Home

    Disable Defenses
    Installation
    Infection
    Delivery

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Demand Ransom

    How Does It Work?

    Pay Ransom

    Recommendations
    Network Defenses

    Preparation

    NGFW, EDR, Threat Intel

    Back-ups follow 3 2 1
    rule
    Staff Training
    User Training

    Endpoint Defense-inDepth
    Patch and Configuration
    Management
    Application Whitelisting
    Data Encryption
    Device Control
    Antivirus

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Post-Event
    Configuration Restoration
    Forensics
    Infrastructure Changes

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption


    Control the Data

    Endpoint Defense-in-Depth
    Successful risk mitigation starts
    with a solid vulnerability
    management foun- dation,
    augmented by additional layered
    defenses which go beyond the
    traditional blacklist approach.

    Application Control
    Control the Gray

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption


    Control the Data

    Application Control
    Control the Gray

    Patch and Configuration


    Management
    Eliminates the attackable surface
    area that hackers can target
    Central configuration of native
    system security controls such as
    firewalls and OS protections (e.g.,
    ASLR, DEP, etc.)
    Improves endpoint performance
    and stability

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption


    Control the Data

    Application Whitelisting
    Extremely effective against zeroday attacks
    Stops unknown, targeted malware
    payloads, regardless of delivery
    mechanism
    Low performance impact on
    endpoints

    Application Control
    Control the Gray

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption

    Data Encryption
    Protects data in cases of theft or
    accidental loss
    Makes lateral data acquisition more
    difficult for APTs
    Required by almost all regulations

    Control the Data

    Application Control
    Control the Gray

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption


    Control the Data

    Device / Port Control


    Can prevent unauthorized devices
    from delivering payloads
    Can stop specific file types from
    being copied to host machines
    Stops a common delivery vector for
    evading extensive physical and
    technologic security controls

    Application Control
    Control the Gray

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    AV

    Contr
    ol the
    Bad

    Device Control
    Control the Flow

    HD and Media Encryption

    Antivirus
    Stops background noise malware
    May detect reused code and
    evasion techniques
    Will eventually clean payloads after
    signatures are developed

    Control the Data

    Application Control
    Control the Gray

    Patch and Configuration Management


    Control the Vulnerability Landscape

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Recommendations
    Network Defenses

    Preparation

    NGFW, ETDR, Threat Intel

    Back-ups follow 3 2 1
    rule
    Staff Training
    User Training

    Endpoint Defense-inDepth
    Patch and Config
    Management
    Application Whitelisting
    Data Encryption
    Device Control
    Antivirus

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Post-Event
    Configuration Restoration
    Forensics
    Infrastructure Changes

    Summary
    Ransomware, cyber-extortion, digital
    blackmail its evil and its here
    Implement the security tech and
    training ahead of time to minimize the
    chances of your data being held for
    ransom and to maximize your ability to
    recover quickly
    Have an Incident Response Plan in place

    2015 HEAT Software. All rights reserved. Proprietary & Confidential.

    Potrebbero piacerti anche