5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

The Next Cyber Security Threat is Here - Are
You Prepared?
APTs– AdvancedPersistentThreats
Part1 –
Learn5 or 13 Waysto PreventAPTs
Moderator:BillMurphyandJamesCrifasi
Live Tweet from the event!
@TheRedZoneCIO

Schedule of Events
8:30am to 9:00am – Sign In & Breakfast
9:00am to 11:30am – Education Sessions)
11:30am to 12:30pm – lunch
(sponsored by ThunderDG & Thycotic Software)
@TheRedZoneCIO

RedZone’s Chief Lieutenant Series
Sister of The CIO Executive Series which is a TOP IT Executive
Network specializing in bringing CIO’s together to
collaborate, network, and stay current on industry trends.
Just under 300 senior C-Suite IT executive members
Founded in 2000 | 13 years of experience bringing CIO’s together
Host a number of events – both virtual and physical – each year
Host a “Special Event” annually | Past events have included:
A Golf Outing, Dinner & Receptions
@TheRedZoneCIO

President and Founder
• RedZone Technologies
• ThunderDG
• MA DR Solutions
• Beyond Limits Magazine
Keep In Touch With Bill:
@TheRedZoneCIO
CIO Executive Series Group
billm@redzonetech.net
About Bill Murphy
@TheRedZoneCIO

About James Crifasi
@TheRedZoneCIO
• CTO of RedZone Technologies
• Co-founder ThunderDG
• Co-founder MA DR
• University of Maryland Graduate | B.A. Criminology &
Criminal Justice | B.S. Computer Science – Algorithmic
Theory & AI | M.S. Interdisciplinary Management
• Keep In Touch With James: jcrifasi@redzonetech.net

Sponsors
RedZone Technologies
Assessment: IT Architecture and Design
Integration: Security| Disaster Recovery| Infrastructure
Managed Service Programs
Cloud Brokerage
(410) 897-9494
www.redzonetech.net
ThunderDG
Employee Policy Management, Education, and Awareness
www.thunderdg.com
Thycotic Software
Password Management
www.thycotic.com
@TheRedZoneCIO

Agenda – 5 of 13 Methods to Prevent APTs –
Advanced Persistent Threats
1. MDM, BYOD & Mobility
2. Password - Roles Based Access Control to apps, servers & network devices
3. Configuration and Change Control
4. Prevent and Silence Outbound Hijackers
5. DCS policies - Security Education, Training, Awareness
@TheRedZoneCIO

Agenda – 5 of 13 Methods to Prevent APTs –
Advanced Persistent Threats
1. VMWare Horizon Suite – View 5 | VDI
2. Thycotic Software – Password Security
3. C3 – Security Change Control for switches and routers
4. Bluecoat - Prevent and Silence Outbound Hijackers
5. ThunderDG – Policy and Education
.
@TheRedZoneCIO

Set The Stage
@TheRedZoneCIO

Reality Shift in IT
@TheRedZoneCIO
• System communication is fundamentally changing – many
transactions occur over the web
• Network defenses are covering a shrinking portion of the attack
surface
• Cloud is changing our notion of a perimeter
• Worker mobility is redefining the IT landscape
• Security Model good people vs. bad people to enabling partial trust
• There are more “levels” of access: Extranets, partner
access, customer access

Reality Shift for Attackers
@TheRedZoneCIO
• Cyber criminals are becoming organized and profit-driven
• An entire underground economy exists to support
cybercrime
• Attackers are shifting their methods to exploit both
• technical and human weaknesses
• Attackers after much more than traditional monetizable
data (PII, etc.)
• Hacktivism
• State-sponsored attacks
• IP attacks/breaches

What is an APT
Advanced Persistent Threat
@TheRedZoneCIO
APTs are silent. They leave clues and trails but are essentially
designed not to be found.
• Spear Phishing
• Phishing
• Rootkits
• Traditional Hacker Tool Variants
• Worms
• Etc.

Economics of Phishing
@TheRedZoneCIO
Hundreds of millions $!
Source: Bill Duane Talk on Authentication

Go Hunting!
@TheRedZoneCIO
Change the rules of the game by becoming proactive in rooting out
malware..

Make It Hard….
@TheRedZoneCIO
for these malicious Advanced Persistent Threats (APTs) to operate in
stealth.

Make It Hard….
@TheRedZoneCIO
“Most costly breaches come from
simple
failures, not from attacker
ingenuity”
- RSA 2013 Conf Chair Hugh Thompson

Where Do You Start?
@TheRedZoneCIO

Security Defense? Whack-
A-Mole? No!
@TheRedZoneCIO

Plan
@TheRedZoneCIO

Cunning – Be Different
@TheRedZoneCIO

Security Scoreboard
@TheRedZoneCIO

#1
@TheRedZoneCIO
BYOD | MDM | Mobile Security
VMWare Horizon Suite

@TheRedZoneCIO
Point Solutions vs. Integrated

@TheRedZoneCIO
• Centralized data!
• Control and enforce data policy centrally
• Embrace all devices
• Stop doing MDM & get into data application management
• User centric philosophy
• Address application, data, VDI within one solution set

@TheRedZoneCIO

Horizon View & Mirage
@TheRedZoneCIO

Key Features of Horizon Suite
@TheRedZoneCIO
1. Single end-user workspace
• Easy, secure access to all apps/data from any
mobile device
2. Centralized IT Management
3. File Sharing Capabilities
• Offline & online
• Document versioning, commenting & auditing
capabilities

VMWare and APT Defense
@TheRedZoneCIO
1. Can you deliver a secure desktop in minutes?
• Efficiency with security is important to keep costs low.
2. IT being able to get the user back to a last known Golden Image is
critical!

Key Features of Horizon Suite
@TheRedZoneCIO
• Enterprise-Level Security
• Data encryption on mobile devices
• Endpoint registration & remote wipe
capabilities
• Integration with Horizon View
• Easy access to Virtual Desktops & apps via
Horizon View
• Access View from any HTML5 browser via
remote protocol

Lessons Learned From Our
Experience With Horizon Suite
@TheRedZoneCIO
1. Beta lockdown and engineering review
2. Make changes once to all departmental profiles
3. One of the key values of VDI is the ability to
restore a workstation back to a Golden
image, which is free of Malware/Crimeware.

#2
@TheRedZoneCIO
Passwords & RBAC
Thycotic Software
Secret Server

Passwords | RBAC
@TheRedZoneCIO
GAME OVER IF THE DOMAIN CONTROLLER IS
COMPROMISED!

Secret Server & RBAC
@TheRedZoneCIO
In the wrong hands, privileged accounts
represent the biggest threat to enterprises
because these accounts can breach personal
data, complete unauthorized transactions, cause
denial-of-service attacks, and hide activity by
deleting audit data.
- Information Security Magazine, 2009

@TheRedZoneCIO
Source:
www.unitedmedia.com/comics/dilbert

Privileged Accounts
@TheRedZoneCIO
• UNIX / Linux Root
Accounts
• Windows Local
Admin Accounts
• AD
• Database
• Server
• Router
• Firewall
• Service Accounts are difficult to manage because they
don’t belong to a specific person
• Access & Passwords are shared by a team of administrators
• No accountability
Privileged Account Challenges

Privileged Accounts – Why Worry?
@TheRedZoneCIO
• Powerful accounts that run your network
• The passwords are not being changed
• Extremely difficult to know where they are being
used
• Needed for emergency situations
• Vulnerable to multiple types of attacks

What is Secret Server?
@TheRedZoneCIO
• Web-based password repository
• Distribute, organize & automatically
update privileged accounts from a
central location
• Complete reporting & auditing capabilities to
show who has access & when passwords are being
used

Mission Impossible Access
@TheRedZoneCIO

How Secret Server Works
@TheRedZoneCIO

Secret Server ROI
@TheRedZoneCIO

What’s In It For Me?
@TheRedZoneCIO
• Accountability
• Access Management
• Risk Management
• Security
• Compliance
• Reduced Labor costs

#3
@TheRedZoneCIO
Security – Configuration and Change
Control
C3

C3 – Configuration and Change
Control
@TheRedZoneCIO
• Systems are down – What happened?
• Are you dependent on the guy with the most
certifications to bail you out?

C3 – Configuration and Change
Control
@TheRedZoneCIO
• Audit Changes?
• Who made the change?
• What changed?

C3 | Configuration Change Control
@TheRedZoneCIO

C3 Features
@TheRedZoneCIO
• Sends emails to specified individuals when changes are made to the
network configuration and highlights what those changes were
• Allows you to quickly visually identify system changes
• Consolidates all changes into a single change alert
• Allows for companies/organizations to hire less experienced (and less
expensive) talent so that they can be less dependent on certified (more
expensive) individuals
• System is managed by RedZone

Benefits of RZ Managing C3
@TheRedZoneCIO
RedZone audits all C3 systems monthly, in which we...
• Review the change logs & talk to the client to make sure that their IT
professionals are receiving the change reports
• Ensure a valid backup for each system C3 is monitoring is taking place *
• Check that all of the clients’ existing devices are recognized and checked by
C3and that they haven’t add any new devices to, or removed any old devices
from, the network
Because, let’s face it, machines and automation are great, but if systems are not
being maintained by actual people, they can become inefficient or – even worse
– a handicap.
*Note: None of your data ever leaves your network; RedZone will never back up
your system to our network

#4
@TheRedZoneCIO
Outbound Hijackers
Blue Coat

Outbound Hijackers
@TheRedZoneCIO
• Prevent and silence outbound hijackers
• There are over 300 known hacker tools that are designed not to be
found
• Find the trails they leave behind
• Silence Outbound Hijackers Management
• There are specific sites to which an employee can go
• There is a tight acceptable use of internet
• Outbound Protocol Management & Control
• Lockdown of outbound UDP, for example
• Bluecoat Application Identification

Outbound Protection Methods
@TheRedZoneCIO
• Firewall
• PC
• Network

Outbound Hijackers & Blue Coat
@TheRedZoneCIO

#5
@TheRedZoneCIO
DCS Policy | Security Policies and
End User Education and Awareness
ThunderDG

@TheRedZoneCIO
Do You Have A DCS Policy?

@TheRedZoneCIO
“In the absence of security education or
experience, people (employees, users,
customers, …) naturally make poor
security
decisions with technology”
- Hugh Thompson, RSA Conf 2013

DCS Policies
@TheRedZoneCIO
• Implement and enforce DCS Policies to prevent “drive by” malware
infections
• What alarms go off when someone clicks something?
• Policy, as well as complimentary training, is a major element in
helping people be more secure because it ensures people fully
understand the policy and why it is in place

ThunderDG & DCS Policy
Management
@TheRedZoneCIO
Complete solution for employee policy management w/ 3 key features
1. Electronic delivery, storage & tracking of employee policies
2. Electronic signing of employee policies
3. Integration with employee training portal to ensure full
understanding of policies

ThunderDG
@TheRedZoneCIO

How ThunderDG Works
@TheRedZoneCIO

Features & Benefits of ThunderDG
@TheRedZoneCIO
ThunderDG allows you to…
• Send internal policies & contracts to thousands of signers instantly
• Send documents for both approval & signature in 1 easy step
• Create custom forms & workflows to help comply with company
standards
• Create a document library for standard forms & contracts
• Access complete document history & audit
So you can…
• Increase ROI
• Save time and money via the paperless, automated process
• Gain insight into your entire policy signing process
• Improve performance & enforce best practices

Questions?
@TheRedZoneCIO

Upcoming Events
@TheRedZoneCIO
Virtual Roundtable Collaboration - Wednesday, April 24th from 9am to
10am
Mobile Device Management Policies
Let us know if you’re interested in attending and we’ll be sure to
email you the link to register.

Upcoming Events
@TheRedZoneCIO
Physical Event – Open To All Members
APT Crimeware & Malware | Part 2
You just attended Part 1 (we will provide a recap of the event on the
website shortly and will email you when that is available).
In Part 2, we will be reviewing:
• Application Whitelisting
• Data Loss Prevention (DLP)
• End User Policy Education, Training & Awareness
• Aggressive Patching for Servers, Workstations & 3rd Party Apps
Wednesday, May 15th from 8:30am to 12:30pm
Eggspectations in Columbia
We will email you with registration information as soon as it’s available.

Upcoming Events
@TheRedZoneCIO
Physical Event – Open To All Members
APT Crimeware & Malware | Part 3
This will be the third and final installment of the APT Crimeware & Malware
Event Series and will focus on:
• Dropbox & Cloud Storage Mitigation
• Multi-Factor Authentication
• File Permission Security Audit
• Deep Defense APT
• How to Go Hunting!
Wednesday, June 12th from 8:30am to 12:30pm
Eggspectations in Columbia
We will email you with registration information as soon as it’s available.

Continue The Discussion
Follow the CIO Executive Series Group on LinkedIn!
Follow @TheRedZoneCIO on Twitter!
@TheRedZoneCIO

Contacts
Kristine Wilson
Managing Coordinator | CIO Executive Series
Marketing Manager | RedZone Technologies
(410) 897-9494
kwilson@redzonetech.net
@TheRedZoneCIO

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

More Related Content

What's hot

Similar to 5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)

More from RedZone Technologies

Recently uploaded

5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)