5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

The Next Cyber Security Threat is Here - Are You Prepared?

APTs – Advanced Persistent Threats Part 1 –

Learn 5 or 13 Ways to Prevent APTs

Moderator: Bill Murphy and James Crifasi

Live Tweet from the event! @TheRedZoneCIO

Schedule of Events

8:30am to 9:00am – Sign In & Breakfast

9:00am to 11:30am – Education Sessions)

11:30am to 12:30pm – lunch (sponsored by ThunderDG & Thycotic Software)


RedZone’s Chief Lieutenant Series

Sister of The CIO Executive Series which is a TOP IT Executive Network specializing in bringing CIO’s together to collaborate,

network, and stay current on industry trends.

Just under 300 senior C-Suite IT executive members

Founded in 2000 | 13 years of experience bringing CIO’s together

Host a number of events – both virtual and physical – each year

Host a “Special Event” annually | Past events have included:A Golf Outing, Dinner & Receptions


President and Founder • RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits Magazine

Keep In Touch With Bill:@TheRedZoneCIOCIO Executive Series [email protected]

About Bill Murphy


http://www.twitter.com/theredzonecio

http://www.linkedin.com/groups?gid=1986838&trk=hb_side_g

mailto:[email protected]

About James Crifasi


• CTO of RedZone Technologies• Co-founder ThunderDG• Co-founder MA DR

• University of Maryland Graduate | B.A. Criminology & Criminal Justice | B.S. Computer Science – Algorithmic Theory & AI | M.S. Interdisciplinary Management

• Keep In Touch With James: [email protected]


Sponsors

RedZone Technologies Assessment: IT Architecture and Design Integration: Security| Disaster Recovery| Infrastructure Managed Service Programs Cloud Brokerage (410) 897-9494 www.redzonetech.net

ThunderDG Employee Policy Management, Education, and Awareness www.thunderdg.com

Thycotic Software Password Management www.thycotic.com


http://www.redzonetech.net/

http://www.thunderdg.com/

http://www.thycotic.com/

Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats

1. MDM, BYOD & Mobility

2. Password - Roles Based Access Control to apps, servers & network devices

3. Configuration and Change Control

4. Prevent and Silence Outbound Hijackers

5. DCS policies - Security Education, Training, Awareness


Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats

1. VMWare Horizon Suite – View 5 | VDI

2. Thycotic Software – Password Security

3. C3 – Security Change Control for switches and routers

4. Bluecoat - Prevent and Silence Outbound Hijackers

5. ThunderDG – Policy and Education

.


Set The Stage


Reality Shift in IT


• System communication is fundamentally changing – many transactions occur over the web

• Network defenses are covering a shrinking portion of the attack surface

• Cloud is changing our notion of a perimeter• Worker mobility is redefining the IT landscape• Security Model good people vs. bad people to enabling partial trust

• There are more “levels” of access: Extranets, partner access,

customer access

Reality Shift for Attackers


• Cyber criminals are becoming organized and profit-driven• An entire underground economy exists to support

cybercrime• Attackers are shifting their methods to exploit both• technical and human weaknesses• Attackers after much more than traditional monetizable

data (PII, etc.)• Hacktivism• State-sponsored attacks• IP attacks/breaches

What is an APTAdvanced Persistent Threat


APTs are silent. They leave clues and trails but are essentially designed not to be found.

• Spear Phishing• Phishing• Rootkits• Traditional Hacker Tool Variants• Worms• Etc.

Economics of Phishing


Hundreds of millions $!

Source: Bill Duane Talk on Authentication

Go Hunting!


Change the rules of the game by becoming proactive in rooting out malware..

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=PCTO-UAq8axCWM&tbnid=WGgaKtUfyixccM:&ved=&url=http://www.mudvillegazette.com/milblogs/archives/2008/06/03/&ei=3m9oUYOIGoSk9ASv8oDgBA&bvm=bv.45175338,d.eWU&psig=AFQjCNE3idZhAC_eRURnwi0zlcwGJrN7cQ&ust=1365885278990887

Make It Hard….


for these malicious Advanced Persistent Threats (APTs) to operate in stealth.

Make It Hard….


“Most costly breaches come from simple

failures, not from attacker ingenuity”

- RSA 2013 Conf Chair Hugh Thompson

Where Do You Start?


Security Defense? Whack-A-Mole? No!


http://cioes.org/event-registration/?regevent_action=register&event_id=7&name_of_event=CIOExecutiveSeriesandRedZoneTechnologies

Plan


Cunning – Be Different


Security Scoreboard


Security Scoreboard


#1


BYOD | MDM | Mobile Security

VMWare Horizon Suite


Point Solutions vs. Integrated



• Centralized data!

• Control and enforce data policy centrally

• Embrace all devices

• Stop doing MDM & get into data application management

• User centric philosophy

• Address application, data, VDI within one solution set



Horizon View & Mirage


Key Features of Horizon Suite


1. Single end-user workspace • Easy, secure access to all apps/data from any

mobile device2. Centralized IT Management3. File Sharing Capabilities

• Offline & online• Document versioning, commenting & auditing

capabilities

VMWare and APT Defense


1. Can you deliver a secure desktop in minutes?• Efficiency with security is important to keep costs low.

2. IT being able to get the user back to a last known Golden Image is critical!

Key Features of Horizon Suite


• Enterprise-Level Security• Data encryption on mobile devices• Endpoint registration & remote wipe

capabilities • Integration with Horizon View

• Easy access to Virtual Desktops & apps via Horizon View

• Access View from any HTML5 browser via remote protocol

Lessons Learned From Our Experience With Horizon Suite


1. Beta lockdown and engineering review2. Make changes once to all departmental profiles3. One of the key values of VDI is the ability to

restore a workstation back to a Golden image, which is free of Malware/Crimeware.

#2


Passwords & RBAC

Thycotic SoftwareSecret Server

Passwords | RBAC


GAME OVER IF THE DOMAIN CONTROLLER IS COMPROMISED!

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=kv8xwFFHfRuOYM&tbnid=y8LTP54bvYE6ZM:&ved=&url=http://npinopunintended.wordpress.com/2012/05/16/a-word-of-advice-to-environmental-advocates-stop-saying-game-over/&ei=lZJtUYvcGovu9AS57YHYCA&bvm=bv.45175338,d.eWU&psig=AFQjCNE5iNyI_v4T-V3yyEuWuD_RA2X8zA&ust=1366221845713402

Secret Server & RBAC


In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data.

- Information Security Magazine, 2009


Source: www.unitedmedia.com/comics/dilbert

Privileged Accounts


• UNIX / Linux Root Accounts

• Windows Local Admin Accounts

• AD

• Database• Server• Router• Firewall

• Service Accounts are difficult to manage because they don’t belong to a specific person

• Access & Passwords are shared by a team of administrators

• No accountability

Privileged Account Challenges

Privileged Accounts – Why Worry?


• Powerful accounts that run your network

• The passwords are not being changed

• Extremely difficult to know where they are being used

• Needed for emergency situations

• Vulnerable to multiple types of attacks

What is Secret Server?


• Web-based password repository

• Distribute, organize & automatically update privileged accounts from a central location

• Complete reporting & auditing capabilities to show who has access & when passwords are being used

Mission Impossible Access


How Secret Server Works


Secret Server ROI


What’s In It For Me?


• Accountability

• Access Management

• Risk Management

• Security

• Compliance

• Reduced Labor costs

#3


Security – Configuration and Change Control

C3

C3 – Configuration and Change Control


• Systems are down – What happened?• Are you dependent on the guy with the most

certifications to bail you out?

C3 – Configuration and Change Control


• Audit Changes?• Who made the change? • What changed?

C3 | Configuration Change Control


C3 | Configuration Change Control


C3 Features


• Sends emails to specified individuals when changes are made to the network configuration and highlights what those changes were

• Allows you to quickly visually identify system changes• Consolidates all changes into a single change alert• Allows for companies/organizations to hire less experienced (and less

expensive) talent so that they can be less dependent on certified (more expensive) individuals

• System is managed by RedZone

Benefits of RZ Managing C3


RedZone audits all C3 systems monthly, in which we...• Review the change logs & talk to the client to make sure that their IT

professionals are receiving the change reports• Ensure a valid backup for each system C3 is monitoring is taking place *• Check that all of the clients’ existing devices are recognized and checked by

C3and that they haven’t add any new devices to, or removed any old devices from, the network

Because, let’s face it, machines and automation are great, but if systems are not being maintained by actual people, they can become inefficient or – even worse – a handicap.

*Note: None of your data ever leaves your network; RedZone will never back up your system to our network

#4


Outbound Hijackers

Blue Coat

Outbound Hijackers


• Prevent and silence outbound hijackers

• There are over 300 known hacker tools that are designed not to be found

• Find the trails they leave behind

• Silence Outbound Hijackers Management• There are specific sites to which an employee can go• There is a tight acceptable use of internet

• Outbound Protocol Management & Control• Lockdown of outbound UDP, for example• Bluecoat Application Identification

Outbound Protection Methods


• Firewall

• PC

• Network

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=xzuDJ_XqHFGspM&tbnid=rVZvm9gDGWACrM:&ved=&url=http://www.123rf.com/photo_10553156_pc-firewall.html&ei=x5NtUdfaFpTa9AS5v4CIDg&bvm=bv.45175338,d.eWU&psig=AFQjCNEa-2B3UXkiEcf1ldhFyOw4-ZpBAA&ust=1366222151697862

Outbound Hijackers & Blue Coat


#5


DCS Policy | Security Policies and End User Education and Awareness

ThunderDG


Do You Have A DCS Policy?


“In the absence of security education orexperience, people (employees, users,

customers, …) naturally make poor security

decisions with technology” - Hugh Thompson, RSA Conf 2013

DCS Policies


• Implement and enforce DCS Policies to prevent “drive by” malware infections

• What alarms go off when someone clicks something?

• Policy, as well as complimentary training, is a major element in helping people be more secure because it ensures people fully understand the policy and why it is in place

ThunderDG & DCS Policy Management


Complete solution for employee policy management w/ 3 key features1. Electronic delivery, storage & tracking of employee policies2. Electronic signing of employee policies3. Integration with employee training portal to ensure full

understanding of policies

ThunderDG


ThunderDG


How ThunderDG Works


Features & Benefits of ThunderDG


ThunderDG allows you to…• Send internal policies & contracts to thousands of signers instantly• Send documents for both approval & signature in 1 easy step• Create custom forms & workflows to help comply with company

standards• Create a document library for standard forms & contracts• Access complete document history & audit

So you can…• Increase ROI• Save time and money via the paperless, automated process• Gain insight into your entire policy signing process• Improve performance & enforce best practices

Questions?


Upcoming Events


Virtual Roundtable Collaboration - Wednesday, April 24th from 9am to 10am

Mobile Device Management Policies

Let us know if you’re interested in attending and we’ll be sure to email you the link to register.

Upcoming Events


Physical Event – Open To All MembersAPT Crimeware & Malware | Part 2You just attended Part 1 (we will provide a recap of the event on the website shortly and will email you when that is available).In Part 2, we will be reviewing:• Application Whitelisting • Data Loss Prevention (DLP)• End User Policy Education, Training & Awareness• Aggressive Patching for Servers, Workstations & 3rd Party AppsWednesday, May 15th from 8:30am to 12:30pmEggspectations in Columbia

We will email you with registration information as soon as it’s available.

Upcoming Events


Physical Event – Open To All MembersAPT Crimeware & Malware | Part 3This will be the third and final installment of the APT Crimeware & Malware Event Series and will focus on:• Dropbox & Cloud Storage Mitigation• Multi-Factor Authentication• File Permission Security Audit• Deep Defense APT• How to Go Hunting!Wednesday, June 12th from 8:30am to 12:30pmEggspectations in Columbia

We will email you with registration information as soon as it’s available.

Continue The Discussion

Follow the CIO Executive Series Group on LinkedIn!

Follow @TheRedZoneCIO on Twitter!


http://www.linkedin.com/groups?mostPopular=&gid=1986838

http://twitter.com/theredzonecio

http://twitter.com/theredzonecio

http://www.linkedin.com/groups?mostPopular=&gid=1986838

ContactsKristine WilsonManaging Coordinator | CIO Executive SeriesMarketing Manager | RedZone Technologies(410) [email protected]



Technology

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)