the malware attack "fan-out" effect in the cloud
TRANSCRIPT
Netskope © 2015, Optiv Security Inc. © 2015
The Malware Attack “Fan-out” Effect in the Cloud
Krishna Narayanaswamy, Chief Scientist, Netskope
Netskope © 2015, Optiv Security Inc. © 2015
4.1%We looked at hundreds of enterprises’ sanctioned
apps
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
UNSANCTIONED
SANCTIONED
Netskope © 2015, Optiv Security Inc. © 2015
10%
70%
20%
Mos
tly U
nsan
ctio
ned
Sanc
tione
d
IT-led
Business-led
User-led
Netskope © 2015, Optiv Security Inc. © 2015
At least two dozen ecosystem apps per “anchor tenant” app
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
Netskope © 2015, Optiv Security Inc. © 2015
INSERT A CLOUD GRAPHIC
What role does the cloud play in perpetuating malware?
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Infiltration and lateral movement phases of APTs
Netskope © 2015, Optiv Security Inc. © 2015
Other effects of malware
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
Netskope © 2015, Optiv Security Inc. © 2015
The cloud malwareattack fan-out in action
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
ROBUST CIPHERS RSA-2048, AES-128
MEMORY ONLY KEY STORAGE
ENCRYPT PORTIONS OF FILES FOR
SPEED
ENCRYPT IMPORTANT FILES
FIRST
FILE NAMES SCRAMBLED TO
THWART DECRYPTION
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
Netskope © 2015, Optiv Security Inc. © 2015
‣BACK UP versions of critical data
‣DETECT malware in sanctioned apps by scanning content-at-rest
‣DETECT incoming malware from sanctioned and unsanctioned apps
‣LOOK for anomalous behavior indicative of malware
‣MONITOR for data exfiltration
INREAL-TIME
Netskope © 2015, Optiv Security Inc. © 2015
1. BACK UP CONTENT; ENABLE
“TRASH”v3 v2 v1
Ensure critical content is backed up and that prior versions are easily available
in the event of a fan-out attack involving ransomware. Enable “trash”
and set default purge to 1+ weeks.
Netskope © 2015, Optiv Security Inc. © 2015
2. DETECT MALWARE IN SANCTIONED
APPS
Detect and quarantine malware in sanctioned apps. Detonate in sandbox.
Ensure full eradication through the cloud, network, and endpoint.
?
Netskope © 2015, Optiv Security Inc. © 2015
3. DETECT INCOMING MALWARE
Detect and quarantine incoming malware in real-time. Detonate in sandbox. Ensure full eradication through the cloud, network, and
endpoint.
??
?
Netskope © 2015, Optiv Security Inc. © 2015
4. LOOK FOR ANOMALIES
Detect anomalous behavior in real-time that indicates malware
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
Netskope © 2015, Optiv Security Inc. © 2015
5. MONITOR FOR DATA
EXFILTRATION
Detect sensitive data exfiltration in real-time
1 0 1 1 0 1 1 0 0 1 0 1
1 0 1 1 0 1 1 0 0 1 0 1
SENSITIVE
1 0 1 1 0 1 1 0 0 1 0 1 ‣Enterprise DLP
‣Data upload‣Sanctioned or
unsanctioned
Netskope © 2015, Optiv Security Inc. © 2015
THANK YOU!