SlideShare ist ein Scribd-Unternehmen logo

Malware Defense-in-Depth 2.0

Als PPTX, PDF herunterladen
A
Ayed Al Qartah
Technologie
1 von 16
Malware Defense-in-Depth 2.0A practical  approach to secure your enterprise against viruses,  worms and rootkits Aa’edAlqarta
The Problem Security defenses can’t keep up with latest threats Malware is penetrating the network and infecting computers Antivirus software is not a silver bullet for all threats We are losing the war against malware
What is a Malware? According to NIST, “Malware (NIST, 2005) refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.” NIST: National Institute of Standards and Technology 4
Types of Malwares Viruses Worms Backdoors Spywares Bots “Botnets” Rootkits Ransomware
Top Malware Targets
Attack Anatomy Attackers discover vulnerabilities and write exploits for them (e.x JS) They infect web sites to attack visitors A visitor browse the site and immediately get infected A virus will be installed in the background and infect the client software Infected computers will attack internal clean machines (Workstations/Servers)
Web URL Filtering Enable AV scanning for malicious files/URLs Block access to malicious categories (Porn/Hacking/Downloads/Video/P2P/Torrent/Blogs/Infected Hosts/IM) Block downloads of executables (exe/dll/com) Inspect SSL traffic for malicious traffic
Application Control (Whitelisting) Allow business approved applications only Office, Accounting, Finance, …etc Protect critical system files from modifications Block any unapproved applications (including malwares) The ability to block zero-day malware if AV is not detecting it Monitoring of all applications usage in the net
Device Control Block the usage of removable drives (Flash / IPod / H.D / Camera) If you should allow Flash drives in the network: ,[object Object]
Disable “Autorun” and block exe/Autorun.inf,[object Object]
FW Best Practices No “Any Any” rules Out-bound SMTP for Exchange servers only HTTP/HTTPS/FTP are a good start for end user Block Infected computers Enabled outbound denied logging
Case Study: Conficker/Downadup Windows Server service vulnerability (MS08-067) W32.Downadup A, B, C, E Propagates through network file shares, flash disks Disables User Accounts in AD Blocks access to security sites and MS updates Stops security tools and softwares “self-protection”
Summary Use a good antivirus which has a high detection rate Patch OS + 3rd party applications Use Application Whitelisting + Device Control Block access to malicious, media, downloads, and blogs Network segmentations Web content filtering policy
Thank You E-mail me: a.qarta@gmail.com http://extremesecurity.blogspot.com

Empfohlen

Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Computer virus
Computer virusComputer virus
Computer virusSeethaDinesh
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Worm
WormWorm
WormS.M. Towhidul Islam
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 

Empfohlen

Application'sand security
Application'sand securityApplication'sand security
Application'sand securityarun nalam
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Computer virus
Computer virusComputer virus
Computer virusSeethaDinesh
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Worm
WormWorm
WormS.M. Towhidul Islam
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 
Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!amoY91
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2maranan_zyra
 
Chap 2 lab 2
Chap 2 lab 2Chap 2 lab 2
Chap 2 lab 2Elma Valdehueza
 
Anti virus
Anti virusAnti virus
Anti virusMarlon San Luis
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagarNitish Nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02hiiraa
 
Ekwik technology
Ekwik technology Ekwik technology
Ekwik technology roman reigns
 
Pahdi yadav antivirus
Pahdi yadav antivirusPahdi yadav antivirus
Pahdi yadav antivirusfernando_bruaj
 
Lab 2
Lab 2Lab 2
Lab 2novelinbabate2
 
Computer virus
Computer virusComputer virus
Computer virusvazhichal12
 
system Security
system Security system Security
system Security Gaurav Mishra
 
R esearch report with footnote
R esearch report with footnoteR esearch report with footnote
R esearch report with footnoteGuevarra Institute of Technology
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Anti virus
Anti virusAnti virus
Anti virusMuhammad Sohaib Afzaal
 
Mjtanasas1
Mjtanasas1Mjtanasas1
Mjtanasas1mj tanasas
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2ricky098
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2zamayla143
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dollsmastermind07
 
llagas j.
llagas j.llagas j.
llagas j.jenevie_llagas
 
Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXDilip Jaiswal
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareFFRI, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!amoY91
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2maranan_zyra
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagarNitish Nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02hiiraa
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwarekhalid umer
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2ricky098
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2zamayla143
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dollsmastermind07
 

Was ist angesagt? (20)

Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!
 
Maranan chap2 lab2
Maranan chap2 lab2Maranan chap2 lab2
Maranan chap2 lab2
 
Chap 2 lab 2
Chap 2 lab 2Chap 2 lab 2
Chap 2 lab 2
 
Anti virus
Anti virusAnti virus
Anti virus
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
Trojan horse nitish nagar
Trojan horse nitish nagarTrojan horse nitish nagar
Trojan horse nitish nagar
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02
 
Ekwik technology
Ekwik technology Ekwik technology
Ekwik technology
 
Pahdi yadav antivirus
Pahdi yadav antivirusPahdi yadav antivirus
Pahdi yadav antivirus
 
Lab 2
Lab 2Lab 2
Lab 2
 
Computer virus
Computer virusComputer virus
Computer virus
 
system Security
system Security system Security
system Security
 
R esearch report with footnote
R esearch report with footnoteR esearch report with footnote
R esearch report with footnote
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Anti virus
Anti virusAnti virus
Anti virus
 
Mjtanasas1
Mjtanasas1Mjtanasas1
Mjtanasas1
 
Dungogan chap 2 lab 2
Dungogan chap 2 lab 2Dungogan chap 2 lab 2
Dungogan chap 2 lab 2
 
Zamayla chap 2 lab 2
Zamayla chap 2 lab 2Zamayla chap 2 lab 2
Zamayla chap 2 lab 2
 
Ahmad Pussycat Dolls
Ahmad Pussycat DollsAhmad Pussycat Dolls
Ahmad Pussycat Dolls
 
llagas j.
llagas j.llagas j.
llagas j.
 

Andere mochten auch

Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXDilip Jaiswal
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareFFRI, Inc.
 
defense_in_depth_version_12
defense_in_depth_version_12defense_in_depth_version_12
defense_in_depth_version_12Alen Schulze
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoNetwork Performance Channel GmbH
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockThreat Stack
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 

Andere mochten auch (10)

Real Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUXReal Time Malware Defense System in LINUX
Real Time Malware Defense System in LINUX
 
MR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux MalwareMR201501 Latest trends in Linux Malware
MR201501 Latest trends in Linux Malware
 
defense_in_depth_version_12
defense_in_depth_version_12defense_in_depth_version_12
defense_in_depth_version_12
 
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania presoFortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
Fortifying Network Security with a Defense In Depth Strategy - IDC Romania preso
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux Malware
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 

Ähnlich wie Malware Defense-in-Depth 2.0

Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewallsJay Shah
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part Onebackdoor
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programsAnuj Pawar
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...eLiberatica
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antivirusesSanguine_Eva
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Issues and precautions related to ict
Issues and precautions related to ictIssues and precautions related to ict
Issues and precautions related to ictmakanaya
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaILAKIA
 

Ähnlich wie Malware Defense-in-Depth 2.0 (20)

Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Viruses,antiviruses & firewalls
Viruses,antiviruses & firewallsViruses,antiviruses & firewalls
Viruses,antiviruses & firewalls
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Technical Report Writing Presentation
Technical Report Writing PresentationTechnical Report Writing Presentation
Technical Report Writing Presentation
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
Antivirus programs
Antivirus programsAntivirus programs
Antivirus programs
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
 
Computer viruses and antiviruses
Computer viruses and antivirusesComputer viruses and antiviruses
Computer viruses and antiviruses
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
 
Issues and precautions related to ict
Issues and precautions related to ictIssues and precautions related to ict
Issues and precautions related to ict
 
Firewall
FirewallFirewall
Firewall
 
Mitppt
MitpptMitppt
Mitppt
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
 
Antivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by IlakiaAntivirus programs and Security Teams in E-Commerce by Ilakia
Antivirus programs and Security Teams in E-Commerce by Ilakia
 

Kürzlich hochgeladen

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Malware Defense-in-Depth 2.0

  • 1. Malware Defense-in-Depth 2.0A practical  approach to secure your enterprise against viruses,  worms and rootkits Aa’edAlqarta
  • 2. The Problem Security defenses can’t keep up with latest threats Malware is penetrating the network and infecting computers Antivirus software is not a silver bullet for all threats We are losing the war against malware
  • 3.
  • 4. What is a Malware? According to NIST, “Malware (NIST, 2005) refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.” NIST: National Institute of Standards and Technology 4
  • 5. Types of Malwares Viruses Worms Backdoors Spywares Bots “Botnets” Rootkits Ransomware
  • 7. Attack Anatomy Attackers discover vulnerabilities and write exploits for them (e.x JS) They infect web sites to attack visitors A visitor browse the site and immediately get infected A virus will be installed in the background and infect the client software Infected computers will attack internal clean machines (Workstations/Servers)
  • 8. Web URL Filtering Enable AV scanning for malicious files/URLs Block access to malicious categories (Porn/Hacking/Downloads/Video/P2P/Torrent/Blogs/Infected Hosts/IM) Block downloads of executables (exe/dll/com) Inspect SSL traffic for malicious traffic
  • 9. Application Control (Whitelisting) Allow business approved applications only Office, Accounting, Finance, …etc Protect critical system files from modifications Block any unapproved applications (including malwares) The ability to block zero-day malware if AV is not detecting it Monitoring of all applications usage in the net
  • 10.
  • 11.
  • 12. FW Best Practices No “Any Any” rules Out-bound SMTP for Exchange servers only HTTP/HTTPS/FTP are a good start for end user Block Infected computers Enabled outbound denied logging
  • 13. Case Study: Conficker/Downadup Windows Server service vulnerability (MS08-067) W32.Downadup A, B, C, E Propagates through network file shares, flash disks Disables User Accounts in AD Blocks access to security sites and MS updates Stops security tools and softwares “self-protection”
  • 14.
  • 15. Summary Use a good antivirus which has a high detection rate Patch OS + 3rd party applications Use Application Whitelisting + Device Control Block access to malicious, media, downloads, and blogs Network segmentations Web content filtering policy
  • 16. Thank You E-mail me: a.qarta@gmail.com http://extremesecurity.blogspot.com