Embed Size (px)
Citation preview
.
McAfee Confidential
Wim van CampenRegional VP, Northern & Eastern Europe
Optimale Endpoint Protection - en beste bescherming tegen Ransomware
.
McAfee Confidential
Four Phases of an Attack
2
Example: Fake AV
How the attacker first crosses path with target.
First Contact
Malicious Website
Network Access
Physical Access
Unsolicited Message
How the attacker gets code running first time on target machine.
Local Execution
Configuration Error
Exploit
Social Engineering
How the attacker persists code on the system, to survive reboot, stay hidden, hide from user and security software.
Establish Presence
Persist on System
Self-Preservation
Download Malware
Escalate Privilege
The business logic, what the attacker wants to accomplish, steal passwords, bank fraud, purchase Fake AV.
Malicious Activity
Adware & Scareware
Identity &Financial Fraud
Propagation
Bot Activities
Tampering
Malicious Website
Exploit
Persist on System
Adware & Scareware
.
McAfee Confidential
LOCAL EXECUTION ESTABLISH PRESENCE MALICIOUS ACTIVITYFIRST CONTACT
4 Phase Protection Methods
McAfee® SiteAdvisor®
Website Filtering
McAfee Enterprise Mobility Management
Mobile Device Management
McAfee Device Control
Physical File Transfer
McAfee Desktop Firewall
McAfee Desktop Firewall
McAfee Web Gateway and McAfee Email Gateway
Web Filtering Email Filtering
McAfee VirusScan® Enterprise
On-Access Scanning File Scanning Write Blocking
McAfee Database Activity Monitor
Database Vulnerability Blocking
McAfee VirusScan® Enterprise
Rootkit Detection
McAfee Host Intrusion Prevention
Buffer Overflow Prevention Behavioral Prevention
McAfee Application Control for Servers or Desktops
Install and Execution Prevention Change Protection
3
.
McAfee Confidential
Intel Security - A Proven Leader in Endpoint Security
4
Gartner Magic Quadrant Leader for 7 straight years!
Placed furthest on Completeness of Vision axis
Superior Manageability with ePO
Next Generation Endpoint Platform
Security Connected Vision attainable for customers
Advancing Protection Rankings
Comprehensive Solution
Strength of Intel / McAfee Together
Gartner DisclaimerThis graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from http://www.gartner.com/technology/reprints.do?id=1-26F1285&ct=141223&st=sb. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
.
McAfee Confidential
Portfolio voor SLB
5
EPACDE-AA MFE Endpoint Protection CEECDE-AA MFE Complete EP Protection ACDCKE-AA MFE Application Control for PC ACSCKE-AB MFE Application Control for Servers MOVCDE-AA MFE MOVE AV for Virtual Desktop MOVCKE-AT MFE MOVE AV for Virtual Servers TSBECE-AA MFE SaaS Endpoint Protection CDBCDE-AA MFE Complete Data Protection
.
McAfee Confidential
Uitgelicht
6
McAfee Endpoint Protection - gebruik tot 1.000 nodes
Speciaal Umbrella License Pack voorziet in gebruik voor Instituut, geregistreerde medewerkers en geregistreerde studenten mbt :
PRODUCT CONTENT: VirusScan Enterprise, VirusScan Command Line, VirusScan Enterprise for Linux, SiteAdvisor Enterprise with Web Filtering, Endpoint Protection for MAC, Device Control, Desktop Firewall, McAfee Security for Email Servers with AntiSpam. Management system included: ePolicy Orchestrator.
McAfee Endpoint Protection - Advanced Suite Pack – gebruik tot 10.000 nodes
Speciaal Umbrella License Pack voorziet in gebruik voor School, geregistreerde medewerkers en geregistreerde studenten mbt
PRODUCT CONTENT: VirusScan Enterprise, VirusScan Command Line, VirusScan Enterprise for Linux, Endpoint Protection for MAC, Host Intrusion Prevention for Desktops, Desktop Firewall, Device Control, SiteAdvisor Enterprise with Web Filtering, McAfee Security for Email Servers with AntiSpam, Policy Auditor for Desktop. Management system: ePolicy Orchestrator.
.
McAfee Confidential7
Endpoint Security Product Suites 2015
Endpoint Protection
EPS
Endpoint Advanced
EPA
CompleteEnterprise
CEE
MOVE for VDI License per OS
Instance
McAfee ePolicy Orchestrator (ePO - Security Management Platform)
Anti-Virus / Antispyware (Windows for Desktop and Server)
Anti-Virus Multiplatform (MAC / Linux / Unix for Desktop and Server)
SiteAdvisor Enterprise incl. Web Filter Endpoint
Desktop Firewall (Desktop and Server)
Security for Email Servers (Microsoft Exchange and Lotus Domino)
Device Control (Desktop)
ePO Deep Command Discovery
Host IPS (Desktop)
Policy Auditor (Desktop)
EMM Enterprise Mobility Management & Secure Container (Android) & VirusScan Mobile (Android)
Application Control (Desktop)
MOVE AV for Virtual Desktops (VDI)
VSE & VSEL for the Scan Server
VSE for Offline Virtual Images
Datacenter Connector for VMware and vSphere
.
McAfee Confidential
Voorkom schade door Ransomware 2015 nu al het jaar van de Ransomware
8
.
McAfee Confidential9
Agenda
1. Ransomware in het nieuws
• 2015 het jaar van de Ransomware
2. Ransomware (korte) opfrisser
• Bezorgen
• Verspreiding
• Schade
3. Ransomware groeit enorm
• Waarom?
4. Voorkomen (is beter dan genezen)
• Intel Security benadering
.
McAfee Confidential10
Ransomware in het nieuws
.
McAfee Confidential11
Waar?
.
McAfee Confidential12
Ransomware korte opfrisser
• Wat is Ransomware/Cryptoware
• Schade
• Bezorgen
• Verspreiding
.
McAfee Confidential13
New technologies have been adapted over the years to make ransomware more powerful
Ransomware returns: new families emerge with a vengeance
Source: McAfee Labs
.
McAfee Confidential
Ransomware returns Beginning in Q3 2014, the number of new ransomware samples began to grow again after a four-quarter decline.
In Q4 2014, the number of new samples leaped 155%, we counted more than two million samples.
3 months later, in Q1 2015, this family of malware has exploded with a further 165% increase and driving towards an incredible 3 million samples!
.
McAfee Confidential
I need a solution to this problem
It takes an Advanced System that is easy to implement,
operate and maintain
Source: McAfee Labs
.
McAfee Confidential
Employing an advanced system moves detection
from 63% to 99.96%*
*Source: McAfee Labs and Avtest Org
.
McAfee Confidential
Endpoint ModuleEndpoint ModuleManagement
Console
Intel SecurityATD
YES NO
Global ThreatIntelligence
3rd PartyFeeds
Data Exchange Layer
Threat Intelligence Exchange Server
File age hidden
Signed with a revoked certificate
Created by an untrusted process
Ransomware Prevention ModelAdapt and Immunize — From Encounter to Containment in Milliseconds
.
McAfee Confidential
SIEM Endpoint ModuleEndpoint ModuleManagement
Console
Intel SecurityATD
Web Gateway Email GatewayNGFW IPS
Instant Ransomware Protection
Data Exchange Layer
Global ThreatIntelligence
3rd PartyFeeds
Gateways block access based on endpoint convictions
Security components
operate as one to immediately share
relevant data between endpoint, gateway, and other security products
Proactively and efficiently protect your organization
as soon as a threat is revealed
Threat Intelligence Exchange Server
.
McAfee Confidential
SIEM Endpoint ModuleEndpoint ModuleManagement
Console
Intel SecurityATD
Web Gateway Email GatewayNGFW IPS
Instant Ransomware ProtectionAdapt and Immunize — From Encounter to Containment in Milliseconds
Data Exchange Layer
NOYES
Global ThreatIntelligence
3rd PartyFeeds
Endpoints are protected based on gateway convictions
Threat Intelligence Exchange Server
.
McAfee Confidential
Instant Ransomware Protection ExampleAdapt and Immunize — From Encounter to Containment in Milliseconds
.
McAfee Confidential
Employing an advanced system moves detection
from 63% to 99.96%*
*Source: McAfee Labs and Avtest Org
.
McAfee Confidential
In theory everything sounds great, how about in real life?
.
McAfee Confidential
Nieuw in SLB contract
23
Advanced Threat Defense (ATD)
De huidige malware is gemaakt met het doel om zo lang mogelijk niet ondekt te worden. De traditionele virusscanner kan de geavanceerde malware lang niet allemaal tegen houden. Zeker niet als het Malware is die nog nooit is gezien in de wereld. Deze Malware (zero day attacks) detecteren vergt andere technieken. Advanced Threat Defense pakt deze files (PDF, Excel, Word etc.) uit in een beveiligde omgeving alvorens zij op de endpoint terecht komen. In deze veilige omgeving doet de ATD appliance een serie van testen om te kijken wat deze file wilt doen met uw endpoint. Wanneer een file kwaadwaardig is, dan zal de ATD de nodige maatregelen nemen op de betreffende endpoint én alle andere endpoints om deze malware te verwijderen dan wel preventief te blokkeren. Dit zorgt voor een maximale preventie en maakt het bijna onmogelijk om een groot network te infecteren.
.
McAfee Confidential
Uitgelicht
24
McAfee ATD/TIE Starter Kit - 2500 nodesDe 2500 ATD/TIE Starter Kit bevat: 1 ATD 3000 Appliance met 1jr Hardware Support + Gold Software Support. Perpetual Licenses met Gold Software Support voor 2500 Nodes van McAfee Threat Intelligence Exchange Software.
McAfee ATD/TIE Starter Kit – 10.000 nodesDe 2500 ATD/TIE Starter Kit bevat: 1 ATD 6000 Appliance met 1jr Hardware Support + Gold Software Support. Perpetual Licenses met Gold Software Support voor 10.000 Nodes van McAfee Threat Intelligence Exchange Software.
.
McAfee Confidential25
Bescherming in 99,96% van de gevallenSamenvattend – Instant Ransomware Protection
Ja, ransomware is in opkomst en kan leiden tot imago-schade en financiële schade.
Ja, ransomware vindt ook in Nederland plaats, bij thuisgebruikers, MKB en grote bedrijven.
Ja, het is mogelijk om uzelf te beschermen tegen ransomware met behulp van onze Instant Ransomware Protection.
.
McAfee Confidential26
