APTs: The Role of Third-Party Applications

Russ Ernst

Group Product Manager, Lumension

APT Attack Vectors

Cybercriminals Focus on 3rd Party Apps 7 out of 10 organizations feel that cyber criminals are

shifting their efforts toward third-party apps

¾ of Large Enterprise shifting focus from OS based attacks to 3rd party apps

Is this a surprise to you?

Cyber Criminals - Focus on 3rd Party Apps

59% of Organizations have more than 10 Third-Party Apps on a Typical Endpoint

56%27%

10%4% 3%

How Many Are Considered Mission-Critical?

1 to 5

6 to 10

10 to 15

15 to 20

More than 20

Addressing Patch Lag

Time to fix – time between vulnerability is publicly disclosed and when vendor provides remediation

Time to patch – time between remediation is available and end user machines are patched

3rd Party Apps Causing Concern

Larger companies use more 3rd party apps than smaller companies

Only 1 to 5 of these are critical to their operations

Apps that cause the most concern:– Adobe Flash and Acrobat– Java– Internet Explorer

– Office– VMware– Skype

Third-Party Apps Causing Concern

Wouldn’t it Be Easier to Abandon 3rd Party Apps? Turning off Java sounds easy

– Apple regularly does it automatically with no notification– Are you sure you’ve removed all instances of Java?

Does eliminating 3rd party apps really solve the problem?– What business processes require 3rd party apps?

Banning Third-Party Apps?

Is Visibility into Third-Party Apps Important?

What’s the Best Practice to Prevent Unauthorized Apps?

What Can You Do Right Now?

Only allow business critical apps on specific PCs to reduce the overall enterprise Threat Envelope

1. Identify if there is a real business or usability need for the application before it is approved for users.

2. Identify assets that do not require apps and uninstall unneeded applications.

3. Ensure that all required apps are patched on an approved schedule.

4. Isolate critical systems that are business process sensitive from the production environment as much as possible.

End Users Are Your Weakest Link Be Aware of What You Share – End User Resource Center

http://www.lumension.com/be-aware

Focus On The End Game The best approach is to use mitigating

layered controls and processes on endpoints including:– Application control whitelisting to defend against unknown

payloads– Enable native memory security controls in Windows including

DEP and ASLR to limit the success of generic memory based attacks

– Deploy advanced memory-injection attack protection including RMI and Skape/JT to interrupt advanced memory attacks

– Use Device control to block USB-borne malware– Utilize Strong patch management practices– Blacklist outdated plugin versions– Adopt the concept of least privilege for end users

Defense-in-Depth Strategy

AVControl the Bad

Device Control

Control the Flow

HD and Media Encryption

Control the Data

Application Control

Control the Gray

Patch and Configuration Management

Control the Vulnerability Landscape

Successful risk mitigation starts with a solid vulnerability management foundation, augmented by additional layered defenses which go beyond the traditional blacklist approach.

15

More Information• Free Security Scanner Tools

» Vulnerability Scanner – discover all OS and application vulnerabilities on your network

» Application Scanner – discover all the apps being used in your network

» Device Scanner – discover all the devices being used in your network

http://www.lumension.com/special-offer/premium-security-tools.aspx

• Lumension® Endpoint Management and Security Suite» Online Demo Video:

http://www.lumension.com/Resources/Demo-Center/Vulnerability-Management.aspx

» Free Trial (virtual or download):http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx

• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2

16