how to survive a #datapocalypse and get away with it · least privilege and account best practices...
TRANSCRIPT
Sponsored by
Hosted by: Brad Sams
Petri Presenter: Russell Smith
Sponsor Presenter: Jeff Melnick
How to Survive a #Datapocalypse and
Get Away With It
• Specialist in management and security of Microsoft systems
• 15 years’ experience in IT – SME to large government IT
• Blogger for Petri, Netwrix, and Lepide
• Pluralsight trainer
• Author of Least Privilege Security for Windows XP, Vista, and Windows 7
Russell Smith
WannaCry in action
URL link to JS dropper
Search for devices with open port TCP
445
Exploit EternalBlue using custom SMB
session request
Inject code into SMB system process to
install DoublePulsar backdoor
Propagate to vulnerable endpoints
Delete shadow copies
Encrypt files
WannaCry preventative measures
Upgrade to Windows 10
Block unsigned scripts & macros
Least privilege and account best practices
Patch vulnerabilities
Security baseline settings
Block incoming traffic at perimeter
Windows 10
• Windows 10 S/Chrome OS• Security-as-a-Service• Enhanced Mitigation
Experience Toolkit built-in• Antimalware Scan Interface• Protected Event Logging• Virtualization-based security
• Credential Guard• Device Guard
• Windows Defender ATP• Protected boot
Application control
• AppLocker rules• Executables• Scripts• Windows Installer• Packaged Apps
• Windows 10 Device Guard• Higher level of trust• Virtualization-based security
Application control
• PowerShell ConstrainedLanguage mode• AppLocker in Allow mode
• PowerShell transcription• PowerShell script block logging
• Base64 encoding or algorithmic obfuscation• Logs dynamically
generated code
Application control
• Disable unsigned macros and VBA apps in Office• Office Trust Center• Signed code• Trusted network
locations• Group Policy controls
Least privilege and account best practices
• Remove admin rights• Restrict use of domain admin accounts• Microsoft Local Administrator Password
Solution (LAPS)• Credential Guard
Patching
• Windows Server Update Services (WSUS)
• Windows Update for Business• Operations Management Suite
(OMS) Update Compliance• Applications
• Manager of Sales Engineering at Netwrix
• 15 years’ experience in IT – Primarily in Active Directory Migrations, Integration and Installations.
• Helping organizations strengthen IT security, streamline compliance and optimize operations.
• Blogger and Product Evangelist for Netwrix
Jeff Melnick
Downtime is the real Killer
https://securelist.com/76757/kaspersky-security-bulletin-2016-story-of-the-year/https://www.intermedia.net/report/ransomware
$5 Billion
damage in 2017
If you’re infected… Seek Help
http://nomoreransom.org
Learn more:
Crysis
Marsjoke
Polyglot
Wildfire
Chimera
Teslacrypt
Shadecoinvault
Rannoh
Rakhni
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Oracle Database
Netwrix Auditor for Azure AD
Netwrix Auditor for EMC
Netwrix Auditor for SQL Server
Netwrix Auditor for Exchange
Netwrix Auditor for NetApp
Netwrix Auditor for Windows Server
Netwrix Auditor for Office 365
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 8,000
Recognition: Among the fastest growing
software companies in the US with 105
industry awards from Redmond
Magazine, SC Magazine, WindowsIT Pro
and others
Customer support: global 24/5
support with 97% customer
satisfaction
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: run a virtual POС in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
• netwrix.com/webinars
• netwrix.com/webinars#featured
https://www.netwrix.com/download/documents/Ransomware_Survival_Guide.pdf
Next Steps