apts: the role of third-party applications
DESCRIPTION
Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered. There have been a number of ways today's more willful attackers have been able to breach networks to siphon off data over periods of weeks or months. Download these webcast slides from SC Magazine, as they sit down with an industry expert to discuss how third-party apps of various kinds are proving a workable conduit for them.TRANSCRIPT
![Page 1: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/1.jpg)
APTs: The Role of Third-Party Applications
Russ Ernst
Group Product Manager, Lumension
![Page 2: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/2.jpg)
APT Attack Vectors
![Page 3: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/3.jpg)
Cybercriminals Focus on 3rd Party Apps 7 out of 10 organizations feel that cyber criminals are
shifting their efforts toward third-party apps
¾ of Large Enterprise shifting focus from OS based attacks to 3rd party apps
Is this a surprise to you?
![Page 4: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/4.jpg)
Cyber Criminals - Focus on 3rd Party Apps
59% of Organizations have more than 10 Third-Party Apps on a Typical Endpoint
56%27%
10%4% 3%
How Many Are Considered Mission-Critical?
1 to 5
6 to 10
10 to 15
15 to 20
More than 20
![Page 5: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/5.jpg)
Addressing Patch Lag
Time to fix – time between vulnerability is publicly disclosed and when vendor provides remediation
Time to patch – time between remediation is available and end user machines are patched
![Page 6: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/6.jpg)
3rd Party Apps Causing Concern
Larger companies use more 3rd party apps than smaller companies
Only 1 to 5 of these are critical to their operations
Apps that cause the most concern:– Adobe Flash and Acrobat– Java– Internet Explorer
– Office– VMware– Skype
![Page 7: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/7.jpg)
Third-Party Apps Causing Concern
![Page 8: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/8.jpg)
Wouldn’t it Be Easier to Abandon 3rd Party Apps? Turning off Java sounds easy
– Apple regularly does it automatically with no notification– Are you sure you’ve removed all instances of Java?
Does eliminating 3rd party apps really solve the problem?– What business processes require 3rd party apps?
![Page 9: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/9.jpg)
Banning Third-Party Apps?
![Page 10: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/10.jpg)
Is Visibility into Third-Party Apps Important?
![Page 11: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/11.jpg)
What’s the Best Practice to Prevent Unauthorized Apps?
![Page 12: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/12.jpg)
What Can You Do Right Now?
Only allow business critical apps on specific PCs to reduce the overall enterprise Threat Envelope
1. Identify if there is a real business or usability need for the application before it is approved for users.
2. Identify assets that do not require apps and uninstall unneeded applications.
3. Ensure that all required apps are patched on an approved schedule.
4. Isolate critical systems that are business process sensitive from the production environment as much as possible.
![Page 13: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/13.jpg)
End Users Are Your Weakest Link Be Aware of What You Share – End User Resource Center
http://www.lumension.com/be-aware
![Page 14: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/14.jpg)
Focus On The End Game The best approach is to use mitigating
layered controls and processes on endpoints including:– Application control whitelisting to defend against unknown
payloads– Enable native memory security controls in Windows including
DEP and ASLR to limit the success of generic memory based attacks
– Deploy advanced memory-injection attack protection including RMI and Skape/JT to interrupt advanced memory attacks
– Use Device control to block USB-borne malware– Utilize Strong patch management practices– Blacklist outdated plugin versions– Adopt the concept of least privilege for end users
![Page 15: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/15.jpg)
Defense-in-Depth Strategy
AVControl the Bad
Device Control
Control the Flow
HD and Media Encryption
Control the Data
Application Control
Control the Gray
Patch and Configuration Management
Control the Vulnerability Landscape
Successful risk mitigation starts with a solid vulnerability management foundation, augmented by additional layered defenses which go beyond the traditional blacklist approach.
15
![Page 16: APTs: The Role of Third-Party Applications](https://reader035.vdocuments.net/reader035/viewer/2022070321/558a2562d8b42af3238b46b2/html5/thumbnails/16.jpg)
More Information• Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and application vulnerabilities on your network
» Application Scanner – discover all the apps being used in your network
» Device Scanner – discover all the devices being used in your network
http://www.lumension.com/special-offer/premium-security-tools.aspx
• Lumension® Endpoint Management and Security Suite» Online Demo Video:
http://www.lumension.com/Resources/Demo-Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2
16