Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Risiko i praksis: Er du beskyttet mot dagens Trojanere? Tom Lysemose

advertisement 
Risiko i praksis:
Er du beskyttet mot dagens Trojanere?
Tom Lysemose
CEO Promon AS
Company Background

2004
−


2005
−
Entry of Technology Transfer Office (TTO) University in Oslo
−
International patent application delivered (pending)
2006
−

Entry of major Norwegian Capital Venture
2009
−

Entry of Seed fund and well known private investor
2008
−

Founded in Norway as limited share Company
2007
−

Research project established (at SINTEF and University of Oslo)
Market launch in Germany with Star Finanz (CeBIT March 2009)
2010
−
Several national and international partner agreements signed
Public funding
received throughout
the whole process
Overview
Problem

Client side malware infects the application which is
used for handling sensitive data
Solution

Integratable (on demand) security solution:

Creates a protected application session on the client
3
Main Threats: Client Side


Man-in-the-browser/Trojan (MITB)

Operates inside the browser with full access

Disclosure of sensitive data

Manipulates transaction data
Spyware


Operates typically from inside the browser, but may
operate from other places
Steals confidential information
4
Example: Zeus
Online banking Trojan

Botkit

Leading Crimeware toolkit in the world

Availability for everybody
−

From 700 USD to 3000-4000 USD for newest
Widespread Man-in-the-browser attack
−
Several milion PC`s in 196 countries:
Focus on Windows operating system
5
AntiVirus Solutions

Security level depending on user configuration
−
Low security settings, system wide

Often not installed or updated

If updated; dependent on signatures
−

Majority of Zeus infected systems had fully updated
AV installed
Sensitive data accessed from remote systems
cannot be protected
−
No ”session based” protection
Architecture
Network Layer
System Layer
Application Layer
Unprotected
Application
Spyware/
Trojan
Attack
Attack
Protected
Application
Promon
Traditional Anti Virus
Firewalls
Main Requirements

Session based protection
−
On demand (no installation)
−
Proactive protection
−
User Convenience (transparency)
−
Non intrusive (responsibility)
8
Protected Session
Client
Infected client initiates
session
Server
Internet
Promon Shield integrated on
server-side
Client connects and Promon Shield is provided
Shield initiates a protected browser/program session...
...Trojan / Spyware are blocked
Promon Architecture

Platform based on internal program monitoring
−

Deep interception, monitoring and control
Security add-ons
−
Shield

−
Protection against MITB and Spyware
Guard (not described here)

Detection of deviation in execution flow

Buffer overflow attacks (Google/Aurora attacks)
10
Shield – Security Features


Standard features:
−
MITB protection (anti-ZeuS!)
−
Anti-keylogging (anti-spyware)
−
Anti-debugging
−
IP/URL restrictions (browser restrictions)
−
Logging (analysis and/or challenge/response)
Extra features:
−
DLP (block: file-save, printing, copy-paste...)
11
Shield – Core Features

Program Start Control

Execution Flow Control

External Interface Control

Code Injection Control

Program integrity control
12
Independent test

Leading Norwegian research institute
−
NISlab - Norwegian Information Security laboratory
−
Independent test

Promon against 4 main world wide AV- providers
Attacking method
RemoteDLL
Browser manipulation
Google
Gossiper
Exactseek
Keylogger:freekgb
Keylogger:Actual Spy
Keylogger: NISlab
Promon
Blocked
Blocked
Blocked
Blocked
Blocked
Blocked
Blocked
Garbaged
I
Undetected
Undetected
Detected
Detected
Detected
Detected
Detected
Undetected
13
II
Undetected
Undetected
Detected
Undetected
Detected
Detected
Detected
Undetected
III
Undetected
Undetected
Detected
Undetected
Detected
Undetected
Detected
Undetected
IV
Undetected
Undetected
Undetected
Undetected
Undetected
Detected
Detected
Undetected
Deployment


Example - Java applet:
−
Java version 1.5 and newer (but also >1.4.2)
−
Total size < 200 KB
−
No admin rights required
−
No installation required (click once to accept
signed applet)
Shield technology succesfullly deployed to
more than 500.000 end-users (licensed)
(January 2011)
14
Customer Feedback

Jan Graffenberger, CTO, StarFinanz:
−
”The delivery was exactly in time, completely
a succes and still runs without any
complications.”
−
”Any request .. were proofed and arranged
with a very high performance. ”
−
”The experience we made working with
Promon is excellent”
15
Key Characteristics

Proactive

Signature independent

Session based


Integrated

No separate installation

Transparent

No user interaction

Non-intrusive

Non-agressive protection
End point security even on
a possible infected system
16
Related documents
Class exercise on incremental cost effectiveness ratios
Class exercise on incremental cost effectiveness ratios
Scope Management Plan Template
Scope Management Plan Template
DETECTION BY POISSON BROWNIAN MOTIONS and let each point
DETECTION BY POISSON BROWNIAN MOTIONS and let each point
Report - Stop TB Partnership
Report - Stop TB Partnership
MEDICAL EXAMINATION FORM - Kilimanjaro Christian Medical
MEDICAL EXAMINATION FORM - Kilimanjaro Christian Medical
- Ruaha Catholic University
- Ruaha Catholic University
Session 2 - Presentation by Drew Johns
Session 2 - Presentation by Drew Johns
CSE 421/521 – Operating Systems Fall 2012 - Homework Assignment #1
CSE 421/521 – Operating Systems Fall 2012 - Homework Assignment #1
CSE 421/521 – Operating Systems Fall 2013 - Homework Assignment #1
CSE 421/521 – Operating Systems Fall 2013 - Homework Assignment #1
Failure Modes, Effects and Diagnostic Analysis PR electronics A/S
Failure Modes, Effects and Diagnostic Analysis PR electronics A/S
Download
advertisement