...

最先端のエンドポイントセキュリティTrapsの概要

by user

on
Category: Documents
3

views

Report

Comments

Transcript

最先端のエンドポイントセキュリティTrapsの概要
Traps
1 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Traps
2 | ©2016, Palo Alto Networks. Confidential and Proprietary.
IoT
IT
/
3 | ©2016, Palo Alto Networks. Confidential and Proprietary.
$$$
4 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
• 
• 
(
)
=
5 | ©2016, Palo Alto Networks. Confidential and Proprietary.
6 | ©2016, Palo Alto Networks. Confidential and Proprietary.
7 | ©2016, Palo Alto Networks. Confidential and Proprietary.
|
SLIDESOURCE
>
! 
>
! 
! 
|
RSS
(
|
CIO
12,000 )
IPS
8 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Web
Google
9 | ©2016, Palo Alto Networks. Confidential and Proprietary.
10 | ©2016, Palo Alto Networks. Confidential and Proprietary.
11 | ©2016, Palo Alto Networks. Confidential and Proprietary.
1
12 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
2012-0158/2010-3333
13 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
! 
:
! 
:
! 
! 
! 
14 | ©2016, Palo Alto Networks. Confidential and Proprietary.
15 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Web
16 | ©2016, Palo Alto Networks. Confidential and Proprietary.
USB
/
:
:
CEO
http://...
Web
17 | ©2016, Palo Alto Networks. Confidential and Proprietary.
18 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(PoisonIvy)
OS
! 
! 
! 
!  Web
19 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(CyberGate)
20 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(NetWire)
21 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
• 
• 
• 
• 
Android
• 
• 
• 
22 | ©2016, Palo Alto Networks. Confidential and Proprietary.
[…] $4,000
[…] $15,000
23 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
AV
URL DNS
24 | ©2016, Palo Alto Networks. Confidential and Proprietary.
! 
! 
! 
! 
! 
! 
25 | ©2016, Palo Alto Networks. Confidential and Proprietary.
26 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
! 
! 
! 
! 
! 
DEP
1.
PDF
2. PDF
Reader
Acrobat
OS
3.
4.
! 
! 
! 
28 | ©2016, Palo Alto Networks. Confidential and Proprietary.
...
1.
PDF
2. PDF
Reader
Acrobat
3.
4.
1.
29 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
1.
PDF
2. PDF
Reader
Acrobat
3.
4.
1.
2.
EPM 1
30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
: Carbanak
2013
12
CVE-2012-0158
CVE-2013-3906
CVE-2014-1761
Carbanak
+
+
+
100
10
31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Carbanak
Traps
CVE-2012-1058
Memory
Limit Heap
Spray Check
CVE-2013-3906
Memory Limit
Heap Spray
Check and
Shellcode
Preallocation
CVE-2014-1761
DEP
UASLR
1
32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
ROP
ROP
UASLR
ROP/OS
ROP
Mitigation OS
ROP
Mitigation
DLL
Security
OS
ROP Mitigation/
DLL Security
DLL
Security
DLL
Security
:
LightsOut
2014
2
CVE-2012-1723
CVE-2013-1347
CVE-2013-1690
CVE-2013-2465
http://...
http://...
39essex[.]com
Java IE
Adobe Reader
33 | ©2016, Palo Alto Networks. Confidential and Proprietary.
LightsOut
Traps
Java
Java
Java
CVE-2012-1723
CVE-2013-1465
Java
CVE-2014-1761
CVE-2014-1761
CVE-2013-1347
CVE-2013-1347
34 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
Java
UASLR
Shellcode
Preallocation
ROP
DEP
ROP
Mitigation
UASLR
DLL
Security
OS
ROP/OS
DLL
Security
ROP Mitigation/
DLL Security
- GameOverZeus
Zeus Temp
Zeus
explorer.exe
explorer.exe
Zeus
%USERPROFILE%\AppData\Local\Temp
.exe
35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
: GameOverZeus
1
%USERPROFILE%\AppData\Local\Temp
Local\Temp
36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
.exe
explorer.exe
:
Traps
10
1
2
3
2
1
WildFire
3
WildFire
WildFire
OS
JIT
Traps
Traps
37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
LAN
/
/
VM
! 
! 
! 
! 
38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
1
39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
3
4
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
44 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Fly UP