the malware attack "fan-out" effect in the cloud
TRANSCRIPT
![Page 1: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/1.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
The Malware Attack “Fan-out” Effect in the Cloud
Krishna Narayanaswamy, Chief Scientist, Netskope
![Page 2: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/2.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
4.1%We looked at hundreds of enterprises’ sanctioned
apps
![Page 3: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/3.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 4: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/4.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 5: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/5.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
UNSANCTIONED
SANCTIONED
![Page 6: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/6.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
10%
70%
20%
Mos
tly U
nsan
ctio
ned
Sanc
tione
d
IT-led
Business-led
User-led
![Page 7: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/7.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
At least two dozen ecosystem apps per “anchor tenant” app
![Page 8: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/8.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
IT estimates 30% business data is in cloud…
With ⅓“unknown”
![Page 9: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/9.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
INSERT A CLOUD GRAPHIC
What role does the cloud play in perpetuating malware?
![Page 10: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/10.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 11: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/11.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Infiltration and lateral movement phases of APTs
![Page 12: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/12.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
Other effects of malware
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
![Page 13: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/13.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
The cloud malwareattack fan-out in action
![Page 14: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/14.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 15: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/15.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 16: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/16.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 17: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/17.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 18: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/18.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
ROBUST CIPHERS RSA-2048, AES-128
MEMORY ONLY KEY STORAGE
ENCRYPT PORTIONS OF FILES FOR
SPEED
ENCRYPT IMPORTANT FILES
FIRST
FILE NAMES SCRAMBLED TO
THWART DECRYPTION
![Page 19: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/19.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 20: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/20.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
![Page 21: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/21.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
‣BACK UP versions of critical data
‣DETECT malware in sanctioned apps by scanning content-at-rest
‣DETECT incoming malware from sanctioned and unsanctioned apps
‣LOOK for anomalous behavior indicative of malware
‣MONITOR for data exfiltration
INREAL-TIME
![Page 22: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/22.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
1. BACK UP CONTENT; ENABLE
“TRASH”v3 v2 v1
Ensure critical content is backed up and that prior versions are easily available
in the event of a fan-out attack involving ransomware. Enable “trash”
and set default purge to 1+ weeks.
![Page 23: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/23.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
2. DETECT MALWARE IN SANCTIONED
APPS
Detect and quarantine malware in sanctioned apps. Detonate in sandbox.
Ensure full eradication through the cloud, network, and endpoint.
?
![Page 24: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/24.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
3. DETECT INCOMING MALWARE
Detect and quarantine incoming malware in real-time. Detonate in sandbox. Ensure full eradication through the cloud, network, and
endpoint.
??
?
![Page 25: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/25.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
4. LOOK FOR ANOMALIES
Detect anomalous behavior in real-time that indicates malware
Presentation.pptxPO.docxFinancials.xlsxBusinessPlan.pptx
X&4$#(@!h~&6z^*ub$4)!~+0$%^&vb@!bw@$59&*@!!+=
![Page 26: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/26.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
5. MONITOR FOR DATA
EXFILTRATION
Detect sensitive data exfiltration in real-time
1 0 1 1 0 1 1 0 0 1 0 1
1 0 1 1 0 1 1 0 0 1 0 1
SENSITIVE
1 0 1 1 0 1 1 0 0 1 0 1 ‣Enterprise DLP
‣Data upload‣Sanctioned or
unsanctioned
![Page 27: The Malware Attack "Fan-out" Effect in the Cloud](https://reader036.vdocument.in/reader036/viewer/2022062823/5875da551a28ab8f438b7373/html5/thumbnails/27.jpg)
Netskope © 2015, Optiv Security Inc. © 2015
THANK YOU!