5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

The Next Cyber Security Threat is Here - Are You Prepared?

APTs – Advanced Persistent Threats Part 1 –

Learn 5 or 13 Ways to Prevent APTs

Moderator: Bill Murphy and James Crifasi

Live Tweet from the event! @TheRedZoneCIO

Schedule of Events

8:30am to 9:00am – Sign In & Breakfast

9:00am to 11:30am – Education Sessions)

11:30am to 12:30pm – lunch (sponsored by ThunderDG & Thycotic Software)

RedZone’s Chief Lieutenant Series

Sister of The CIO Executive Series which is a TOP IT Executive Network specializing in bringing CIO’s together to collaborate,

network, and stay current on industry trends.

Just under 300 senior C-Suite IT executive members

Founded in 2000 | 13 years of experience bringing CIO’s together

Host a number of events – both virtual and physical – each year

Host a “Special Event” annually | Past events have included:A Golf Outing, Dinner & Receptions

President and Founder • RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits Magazine

Keep In Touch With Bill:@TheRedZoneCIOCIO Executive Series Groupbillm@redzonetech.net

About Bill Murphy

About James Crifasi

• CTO of RedZone Technologies• Co-founder ThunderDG• Co-founder MA DR

• University of Maryland Graduate | B.A. Criminology & Criminal Justice | B.S. Computer Science – Algorithmic Theory & AI | M.S. Interdisciplinary Management

• Keep In Touch With James: jcrifasi@redzonetech.net

Sponsors

RedZone Technologies Assessment: IT Architecture and Design Integration: Security| Disaster Recovery| Infrastructure Managed Service Programs Cloud Brokerage (410) 897-9494 www.redzonetech.net

ThunderDG Employee Policy Management, Education, and Awareness www.thunderdg.com

Thycotic Software Password Management www.thycotic.com

Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats

1. MDM, BYOD & Mobility

2. Password - Roles Based Access Control to apps, servers & network devices

3. Configuration and Change Control

4. Prevent and Silence Outbound Hijackers

5. DCS policies - Security Education, Training, Awareness

Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats

1. VMWare Horizon Suite – View 5 | VDI

2. Thycotic Software – Password Security

3. C3 – Security Change Control for switches and routers

4. Bluecoat - Prevent and Silence Outbound Hijackers

5. ThunderDG – Policy and Education

Set The Stage

Reality Shift in IT

• System communication is fundamentally changing – many transactions occur over the web

• Network defenses are covering a shrinking portion of the attack surface

• Cloud is changing our notion of a perimeter• Worker mobility is redefining the IT landscape• Security Model good people vs. bad people to enabling partial trust

• There are more “levels” of access: Extranets, partner access,

customer access

Reality Shift for Attackers

• Cyber criminals are becoming organized and profit-driven• An entire underground economy exists to support

cybercrime• Attackers are shifting their methods to exploit both• technical and human weaknesses• Attackers after much more than traditional monetizable

data (PII, etc.)• Hacktivism• State-sponsored attacks• IP attacks/breaches

What is an APTAdvanced Persistent Threat

APTs are silent. They leave clues and trails but are essentially designed not to be found.

• Spear Phishing• Phishing• Rootkits• Traditional Hacker Tool Variants• Worms• Etc.

Economics of Phishing

Hundreds of millions $!

Source: Bill Duane Talk on Authentication

Go Hunting!

Change the rules of the game by becoming proactive in rooting out malware..

Make It Hard….

for these malicious Advanced Persistent Threats (APTs) to operate in stealth.

Make It Hard….

“Most costly breaches come from simple

failures, not from attacker ingenuity”

- RSA 2013 Conf Chair Hugh Thompson

Where Do You Start?

Security Defense? Whack-A-Mole? No!

Cunning – Be Different

Security Scoreboard

BYOD | MDM | Mobile Security

VMWare Horizon Suite

Point Solutions vs. Integrated

• Centralized data!

• Control and enforce data policy centrally

• Embrace all devices

• Stop doing MDM & get into data application management

• User centric philosophy

• Address application, data, VDI within one solution set

Horizon View & Mirage

Key Features of Horizon Suite

1. Single end-user workspace • Easy, secure access to all apps/data from any

mobile device2. Centralized IT Management3. File Sharing Capabilities

• Offline & online• Document versioning, commenting & auditing

capabilities

VMWare and APT Defense

1. Can you deliver a secure desktop in minutes?• Efficiency with security is important to keep costs low.

2. IT being able to get the user back to a last known Golden Image is critical!

Key Features of Horizon Suite

• Enterprise-Level Security• Data encryption on mobile devices• Endpoint registration & remote wipe

capabilities • Integration with Horizon View

• Easy access to Virtual Desktops & apps via Horizon View

• Access View from any HTML5 browser via remote protocol

Lessons Learned From Our Experience With Horizon Suite

1. Beta lockdown and engineering review2. Make changes once to all departmental profiles3. One of the key values of VDI is the ability to

restore a workstation back to a Golden image, which is free of Malware/Crimeware.

Passwords & RBAC

Thycotic SoftwareSecret Server

Passwords | RBAC

GAME OVER IF THE DOMAIN CONTROLLER IS COMPROMISED!

Secret Server & RBAC

In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data.

- Information Security Magazine, 2009

Source: www.unitedmedia.com/comics/dilbert

Privileged Accounts

• UNIX / Linux Root Accounts

• Windows Local Admin Accounts

• AD

• Database• Server• Router• Firewall

• Service Accounts are difficult to manage because they don’t belong to a specific person

• Access & Passwords are shared by a team of administrators

• No accountability

Privileged Account Challenges

Privileged Accounts – Why Worry?

• Powerful accounts that run your network

• The passwords are not being changed

• Extremely difficult to know where they are being used

• Needed for emergency situations

• Vulnerable to multiple types of attacks

What is Secret Server?

• Web-based password repository

• Distribute, organize & automatically update privileged accounts from a central location

• Complete reporting & auditing capabilities to show who has access & when passwords are being used

Mission Impossible Access

How Secret Server Works

Secret Server ROI

What’s In It For Me?

• Accountability

• Access Management

• Risk Management

• Security

• Compliance

• Reduced Labor costs

Security – Configuration and Change Control

C3 – Configuration and Change Control

• Systems are down – What happened?• Are you dependent on the guy with the most

certifications to bail you out?

C3 – Configuration and Change Control

• Audit Changes?• Who made the change? • What changed?

C3 | Configuration Change Control

C3 Features

• Sends emails to specified individuals when changes are made to the network configuration and highlights what those changes were

• Allows you to quickly visually identify system changes• Consolidates all changes into a single change alert• Allows for companies/organizations to hire less experienced (and less

expensive) talent so that they can be less dependent on certified (more expensive) individuals

• System is managed by RedZone

Benefits of RZ Managing C3

RedZone audits all C3 systems monthly, in which we...• Review the change logs & talk to the client to make sure that their IT

professionals are receiving the change reports• Ensure a valid backup for each system C3 is monitoring is taking place *• Check that all of the clients’ existing devices are recognized and checked by

C3and that they haven’t add any new devices to, or removed any old devices from, the network

Because, let’s face it, machines and automation are great, but if systems are not being maintained by actual people, they can become inefficient or – even worse – a handicap.

*Note: None of your data ever leaves your network; RedZone will never back up your system to our network

Outbound Hijackers

Blue Coat

Outbound Hijackers

• Prevent and silence outbound hijackers

• There are over 300 known hacker tools that are designed not to be found

• Find the trails they leave behind

• Silence Outbound Hijackers Management• There are specific sites to which an employee can go• There is a tight acceptable use of internet

• Outbound Protocol Management & Control• Lockdown of outbound UDP, for example• Bluecoat Application Identification

Outbound Protection Methods

• Firewall

• PC

• Network

Outbound Hijackers & Blue Coat

DCS Policy | Security Policies and End User Education and Awareness

ThunderDG

Do You Have A DCS Policy?

“In the absence of security education orexperience, people (employees, users,

customers, …) naturally make poor security

decisions with technology” - Hugh Thompson, RSA Conf 2013

DCS Policies

• Implement and enforce DCS Policies to prevent “drive by” malware infections

• What alarms go off when someone clicks something?

• Policy, as well as complimentary training, is a major element in helping people be more secure because it ensures people fully understand the policy and why it is in place

ThunderDG & DCS Policy Management

Complete solution for employee policy management w/ 3 key features1. Electronic delivery, storage & tracking of employee policies2. Electronic signing of employee policies3. Integration with employee training portal to ensure full

understanding of policies

ThunderDG

How ThunderDG Works

Features & Benefits of ThunderDG

ThunderDG allows you to…• Send internal policies & contracts to thousands of signers instantly• Send documents for both approval & signature in 1 easy step• Create custom forms & workflows to help comply with company

standards• Create a document library for standard forms & contracts• Access complete document history & audit

So you can…• Increase ROI• Save time and money via the paperless, automated process• Gain insight into your entire policy signing process• Improve performance & enforce best practices

Questions?

Upcoming Events

Virtual Roundtable Collaboration - Wednesday, April 24th from 9am to 10am

Mobile Device Management Policies

Let us know if you’re interested in attending and we’ll be sure to email you the link to register.

Upcoming Events

Physical Event – Open To All MembersAPT Crimeware & Malware | Part 2You just attended Part 1 (we will provide a recap of the event on the website shortly and will email you when that is available).In Part 2, we will be reviewing:• Application Whitelisting • Data Loss Prevention (DLP)• End User Policy Education, Training & Awareness• Aggressive Patching for Servers, Workstations & 3rd Party AppsWednesday, May 15th from 8:30am to 12:30pmEggspectations in Columbia

We will email you with registration information as soon as it’s available.

Upcoming Events

Physical Event – Open To All MembersAPT Crimeware & Malware | Part 3This will be the third and final installment of the APT Crimeware & Malware Event Series and will focus on:• Dropbox & Cloud Storage Mitigation• Multi-Factor Authentication• File Permission Security Audit• Deep Defense APT• How to Go Hunting!Wednesday, June 12th from 8:30am to 12:30pmEggspectations in Columbia

We will email you with registration information as soon as it’s available.

Continue The Discussion

Follow the CIO Executive Series Group on LinkedIn!

Follow @TheRedZoneCIO on Twitter!

ContactsKristine WilsonManaging Coordinator | CIO Executive SeriesMarketing Manager | RedZone Technologies(410) 897-9494kwilson@redzonetech.net

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

Technology

White Paper Cyber Security for Critical Infrastructures... · 2020-07-28 · Advanced Persistent Threats: APT The technically largest hazard is from socalled APTs, because these attacks

Advanced Persistent Threats (APTs) - Information Security Management

19053-dr APCON IntellaCloud Cloud Security Insights Infographic R1 Intel… · Advanced Persistent Threats (APTs) APTs are parasitical and live oﬀ host infrastructures for long

Health Care Cyberthreat Report - Redwood MedNet€¦ · As an organization that provides the largest global network of cybersecurity training, ... advanced persistent threats (APTs),

Combating today’s Security Threatsdocs.media.bitpipe.com/io_10x/io_103831/item_511970/SonicWALL_… · expert E-Guide explores advanced persistent threats (APTs) and discusses security

Defending yesterday · 2015. 8. 16. · persistent threats (APTs). Why is this happening? We believe most organizations are defending yesterday, even as their adversaries look to

APTs and COVID-19: How advanced persistent threats use the

Study: Persistent Threads Style Programming Model for GPU … · 2013-08-23 · Study: Persistent Threads Style Programming Model for GPU Computing Author: Kshitij Gupta, Jeff Stuart

Strawbridge apts

AdvAnced Persistent threAts (APts)...Five essentials F or Protecting against AdvAnced Persistent t hreAts (APts) Page 4 APt PrOcess fOllOws A seven stAge AttAck MOdel aPts, like other

The Custom Defense Against Targeted Attacks › media › wp › custom-defense... · Advanced persistent threats (APTs) and targeted attacks have clearly proven their ability to

APTS Monthly

Holistic View of Industrial Control Cybersecurity · 2016-09-21 · o ICS Capable o SCADA HoneyNet Project ... o Advanced Persistent Threats (APTs) o Advanced Evasion Techniques (AETs)

Improving Real-Time Performance with CUDA Persistent ... · implement this manually. However, the RedHawk CUDA Persistent Threads (CuPer) API provides a simple API to abstract the

Certified Threat Intelligence Analyst...Hacking Forums Understanding Advanced Persistent Threats (APTs) Advanced Persistent Threats (APTs) Certified Threat Intelligence Analyst Exam

Advanced Persistent Threats (APTs) Subversive Multi-Vector ... · IBM Internet Security Systems 7 Recent Examples of DDoS & Web Defacements Estonia Attacks Parliament, ministries,

AdvAnced Persistent threAts (APts) - Fujitsu · advanced persistent threats (aPts) ... criminals steal intellectual property, ... as well as threat monitoring solutions with sandboxing

Cybersecurity Governance Guidelines Security Governa… · known as advanced persistent threats (APTs), cyberwarfare and their impact on enterprises and individuals. Regardless of

APTS SFD 3Q2019

Advanced Protection and Threat Intelligence to …...1 Enterprise Threats Landscape Targeted attacks and advanced threats – including Advanced Persistent Threats (APTs) – are some