Embed Size (px)
Citation preview
Imunify360 WebinarJan 11, 2016
Hosting Industry Survey revealed...
13%
19%
25%
28%
37%
45%
48%
49%
53%
61%
67%
DNS Poisoning
Information disclosure
Privilege escalation
XSS attacks and similar
Comment SPAM
Website Defacement
Code/SQL Injections
Brute force attacks
Remote exploit
Malware infection
DoS/DDoS
Over 60% reported customers worry about
security. Top reported issues:
The state of security in hosting
Distributed attacks are on the rise
○ Not only DDoS
○ Distributed brute force attacks
○ Distributed port scans
○ Distributed OS & Application
fingerprinting
○ Distributed vulnerability scans
Existing tools are not capable to
handle
○ Single server
○ Dumb
• No history
• No behavior analytics
• No heuristics
The state of security in hosting
Too many sources of incidents
Too many decisions to make
No way to correlate
Too many decisions to make
Centralized dashboard
Herd protection
Sandboxing
Heuristics
Machine learning
All that without re-inventing the wheel
Imunify360
Firewall ‒ Herd immunity
○ Machine learning
○ 17K+ IPs blocked
automatically
○ Large # of honeypots
○ Better immunity with each
additional server
Protection Vectors ‒ Firewall
Reduce false positive
○ Use captcha to automatically unblock
○ Train AI to reduce false positives...
Firewall ‒ Protection Layers
OSSEC for IDS
o ML to decrease false positives
IDS
Very popular
More features than Imunify360
Huge expertise
We will integrate it into Imunify360
Best of both words:
Same herd immunity
Same captcha / training
Same CSF flexibility
Firewall ‒ CSF
Mod_security
○ OWASP
○ Comodo
○ Atomic
Herd immunity → Feeds into
correlation engine → firewall
○ Machine learning
○ Most attacks will not reach WAF, will be
blocked at firewall
WAF ‒ Protection Layers
Maldet protection scanning
○ Automated scans
○ On upload scans
• PHP
o Attack IP detection (ext attributes)
• FTP
• SSH
○ Backup integration / automated
recovery of infected files
Malware scanning ‒ Protection Vectors
Patch management
○ KernelCare
• Kernel
• OpenSSL (soon)
• GLIBC (soon)
○ HardenedPHP
○ Security configuration / RPM
version scans
Patch Management ‒ Protection Layers
Covered by WAF
Covered by Softaculous
Covered by Patchman
Main issues:
o plugins, not web apps
o 0-day vulnerabilities
Outdated web apps?
Reliance on knowing more than attacker
Limit what webapps can do:
Today webapps can do whatever unprivileged linux user can do
○ Does wordpress need to be able same things as strange, gcc or name server?
○ Filter/limit syscalls available
○ Filter/limit filesystem operations/access
Protection layer ‒ Sandboxing
Different approach
No 0-day privilege escalations
No turning a web app into a ‘bot’ part of the botnet.
AV vendors know that signatures
don’t work
Sandboxing & heuristics used on
desktop for 10+ years
Not used on web servers
Huge improvement in server
security
Sandboxing ‒ because signatures don’t work
Train ML on ‘good behaviors’
Automatically detect bad
behaviors
Lock down after training
Sandboxing Stage II: heuristics + AI
Prevent majority of injection & defacement attacks
Train on each site individually
Re-train on upgrades
○ User managed lock/unlock
Use client’s IP ‘reputation’ for
good vs bad
Use ‘banking style’ notifications
(e-mail, sms, phone) for site
owner
Sandboxing Stage II: AI
Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP]
[+more info on the attack]
Was it you?
‘Bad Action’ Notifications
YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
Is your IP on any of the
blacklists
○ SPAM
○ Botnet
Is any of hosted domains on
the blacklists:
○ Malware
○ Phishing
○ SPAM
Reputation management
Why is that important?
Configurable
Use all related info to detect attacks
Use machine learning to correlate
information
Use multiple layers to detect, and defend
against the attacker
Minimize human involvement
○ Minimize decision making
360° defense
Imunify360 Imunify Sensor
Maximum security with sophisticated attack
detection
Basic security with lightweight attack
detection
Centralized Incident Management
dashboard
Firewall Advanced Firewall with herd immunity Standard Firewall
Smart Intrusion Detection System
IDS/IPS
Patch management
Intelligent Web application sandboxing
KernelCare
HardenedPHP
Complete feature comparison at imunify360.com
Imunify360 vs Imunify Sensor
Dedicated / VPS Shared
cPanel DirectAdmin Plesk
Good For Web Servers
Goal: zero
configuration, good
for novice, better
than expert...
Pricing
Imunify360
Retail: $35/month
Service Provider: $9/month
Imunify Sensor
Retail: $9/month
Service Provider: $2/month
Resources:
Imunify360.com
Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server-
security-comparison
Survey: https://www.cloudlinux.com/images/content/resources/Hosting-
Industry-Survey-Results-2016.pdf
Questions?
