How Malware Works
Download as PPTX, PDF•0 likes•1,442 views
The document provides an overview of malware, its variants, and how it infiltrates systems, emphasizing the importance of user education and risk mitigation strategies. Key points include common types of malware like ransomware and spyware, methods for prevention and detection, and the role of AlienVault's unified security management (USM) platform in enhancing threat detection and incident response. It also highlights the need for continuous monitoring and the use of crowd-sourced threat intelligence through the Open Threat Exchange.
How Malware Works
- 3. Agenda • What is malware? • Malware variants • How does it get in? • Tips for mitigating risk • Detecting malware with USM
- 4. What is Malware? Malware is a portmanteau that refers to malicious software and encompasses a large variety of computer programs designed to steal sensitive data, gain unauthorized access, or just wreak havoc.
- 5. Malware Variants Ransomware • Cryptolocker • Bitlocker • Cryptovault Remote access • Rootkits Data gathering • Spyware • Adware General maliciousness
- 6. Top Threats seen by SpiceHeads We asked SpiceHeads what kind of malware they are seeing and these seem to be the most prevalent: • Ransomware • Potentially Unwanted Programs (PUPs) • Misc phishing emails • Malicious email attachments disguised as PDFs, Excel docs, etc. Most popular “funny” answer? Users… :p
- 7. How does it get in? Users • Blindly clicking links in email, social media, etc. • Downloading and running email attachments • Disgruntled/generally malicious users • Using company assets outside of corporate perimeter Social Engineering • Phishing/Spearphishing • Drive-by downloads • Malicious executables
- 8. But, wait… I have Endpoint Protection! While Anti-Malware scanners will spot the majority of malicious files, there are several ways to get past them: • Polymorphic code - Over lifespan of malware - In real-time (every copy looks different) • Encryption/packing • Stealth - Monitor system resource utilization - Hiding malware in legitimate applications - Sometimes even block anti-virus and/or system messages that might alert a user to the malware’s presence • Some legacy Firewalls may not have the tech to detect
- 9. Risk Mitigation Education • Ongoing training - New, different malware variants - Delivery mechanisms • Institute a policy - What you can and cannot download on the corporate network - What to do if your users get hit Containment • Network segmentation
- 10. Risk Mitigation Continuous Monitoring • Operate under the assumption that you will get breached - If prevention doesn’t work for these folks, why do you think it would work for you? • Multiple detection methods - Don’t put all of your eggs in one basket
- 11. AlienVault Vision Accelerating and simplifying threat detection and incident response for IT teams with limited resources, on day one Enable organizations of all sizes to benefit from the power of crowd- sourced threat intelligence & unified security
- 12. AlienVault USM: Discover Security That’s Highly Intelligent
- 13. Unified Security Management Platform Accelerates and simplifies threat detection and incident response for IT teams with limited resources, on day one AlienVault Labs Threat Intelligence Identifies the most significant threats targeting your network and provides context-specific remediation guidance Open Threat Exchange The world’s largest repository of crowd-sourced threat data, provides a continuous view of real-time threats AlienVault Approach: Unified Security Management
- 14. USM Platform ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SIEM • SIEM Event Correlation • Incident Response INTRUSION DETECTION • Network IDS • Host IDS • File Integrity Monitoring Built-In, Essential Security Capabilities
- 16. DEMO
- 17. 888.613.6023 ALIENVAULT.COM CONTACT US [email protected] Now for some Questions.. Questions? [email protected] Twitter : @alienvault Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Check out our 15-Day Trial of USM for AWS https://www.alienvault.com/free-trial/usm-for-aws Try our Interactive Demo Site http://www.alienvault.com/live-demo-site
Editor's Notes
- #12: We are dedicated to providing a simplified security solution that, when coupled with affordable pricing, is the perfect fit for organizations with limited budgets and few in-house resources. AlienVault’ gives smaller IT organizations the ability to accelerate and simplify their threat detection and remediation efforts, as well as regulatory compliance. With our unified, simplified approach, you can go from deployment to insight in less than one day
- #14: Predictability of USM platform and security data: Ownership of the built-in data sources and management platform, coupled with unmatched security expertise delivered by the AlienVault Labs team of security experts, provides effective security controls and seamlessly integrated threat intelligence for any environment AlienVault Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape. They leverage the power of OTX, the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors. This eliminates the need for IT teams to conduct their own research on each threat. They provide Specific, Relevant, and Actionable Threat Intelligence– such as, Over 2,000 predefined correlation directives, eliminating the need for customers to create their own, which is one of the primary sources of frustration with other SIEM products. Besides correlation directives, the AlienVault Labs Threat Intelligence regularly publishes threat intelligence updates to the USM platform in the form of IDS signatures, vulnerability audits, asset discovery signatures, IP reputation data, data source plugins, and report templates.
- #15: ----- Meeting Notes (4/17/15 15:31) ----- These 5 essential capabilities are the strength of the platform Rename Threat Detection "Intrusion Detection"