ANSecurity, a specialist in advanced network and data security, has successfully deployed the Palo Alto Networks TRAPS advanced endpoint solution to help a major financial services organization strengthen its security controls.

The financial organization regularly processes a lot of active content from third-party organizations and its workforce had struggled to differentiate between legitimate or malicious attachments within emails.  The organizations had previously used a “traditional” Anti Malware product, in conjunction with Anti-Virus software but found that attacks were still breaching this line of defense.

Proven Technology

TRAPS is a technology from Palo Alto that focuses on intercepting the 30 or so underlying techniques that are commonly used across millions of malware examples instead of trying to detect malware signatures that can only be created after an incident. The technology has proven itself as a way of stopping new threats based on understanding these common steps that malware must perform to achieve a successful attack, and Palo Alto claims that these core techniques grow by only a few each year. As a result, Traps offers a way of blocking both common and previously unseen attacks.

“The initial deployment was very fast and we set up TRAPS in its learning mode allowing it identify a number of false positives,” explains Laurence Wright, Network Security Specialist for ANSecurity, “In this mode it starts to identify third party and bespoke in-house developed apps and the regular update processes. Once these were ‘dialled out’ of the detection process, the solution went into production and regular updates from PAN to the client and server software have added features and functionality to ease management, speed up debug and forensic examination of potentially malicious samples and events.”

More Visibility Over Activity

ANSecurity then deployed malware behavior controls using execution restrictions on unknown software and child process restrictions to allow more visibility over activity at the endpoint. “Some user re-education was required, especially for power-user and developer machines,” explains Wright, “For example, allowing for the delay in execution of newly downloaded EXE files while Wildfire analysis takes place and not running them from folders that could be identified as malicious activity.”

TRAPS has proven itself as a way of stopping new threats based on understanding common steps that malware must perform to achieve a successful attack

As a result, the likelihood of a successful core attack technique at the endpoint during the exploitation phase is reduced, even before the malware has a chance to run. As a result of TRAPS, malware related security incidents have reduced to almost zero as well as minimizing the time consuming process of dealing with false positives.

“There is no magic bullet that will fix everything but as attacks become more sophisticated, TRAPS is a useful and pretty unique security approach that is able to detect the most dangerous type threats” says Wright, “Although it could be considered as a next generation concept, we have also seen particular interest and success helping customers to protect legacy systems running XP and Windows server 2003 that cannot be patched but are considered critical in areas like SCADA and ICS. We continually recommend migration but this is not always possible straight away and TRAPS has also proven very effective in this role.”

ANSecurity Seminar

ANSecurity is running a seminar and hands-on demonstration in collaboration with Palo Alto Networks in London on the 20th October. The session allows participants to take on the role of an attacker and use evasive malware and exploits in an attempt to compromise an endpoint protected by TRAPS.

Save

Save

Save

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What New Technologies And Trends Will Shape Video Analytics?
What New Technologies And Trends Will Shape Video Analytics?

The topic of video analytics has been talked and written about for decades, and yet is still one of the cutting-edge themes in the physical security industry. Some say yesterday’s analytics systems tended to overpromise and underdeliver, and there are still some skeptics. However, newer technologies such as artificial intelligence (AI) are reinvigorating the sector and enabling it to finally live up to its promise. We asked this week’s Expert Panel Roundtable: What new technologies and trends will shape video analytics in 2021?

Tackling The Challenge Of The Growing Cybersecurity Gap
Tackling The Challenge Of The Growing Cybersecurity Gap

The SolarWinds cyberattack of 2020 was cited by security experts as “one of the potentially largest penetrations of Western governments” since the Cold War. This attack put cybersecurity front and center on people’s minds again. Hacking communication protocol The attack targeted the US government and reportedly compromised the treasury and commerce departments and Homeland Security. What’s interesting about the SolarWinds attack is that it was caused by the exploitation of a hacker who injected a backdoor communications protocol.  This means that months ahead of the attack, hackers broke into SolarWinds systems and added malicious code into the company’s software development system. Later on, updates being pushed out included the malicious code, creating a backdoor communication for the hackers to use. Once a body is hacked, access can be gained to many. An explosion of network devices What has made the threat of cyberattacks much more prominent these days has been IT's growth in the last 20 years, notably cheaper and cheaper IoT devices. This has led to an explosion of network devices. IT spending has never really matched the pace of hardware and software growth Compounding this issue is that IT spending has never really matched the pace of hardware and software growth. Inevitably, leading to vulnerabilities, limited IT resources, and an increase in IoT devices get more attention from would-be hackers. Bridging the cybersecurity gap In the author’s view, this is the main reason why the cybersecurity gap is growing. This is because it inevitably boils down to counter-strike versus counter-strike. IT teams plug holes, and hackers find new ones, that is never going to stop. The companies must continue fighting cyber threats by developing new ways of protecting through in-house testing, security best practice sources, and both market and customer leads. End-user awareness One of the key battlegrounds here is the education of end-users. This is an area where the battle is being won at present, in the author’s opinion. End-users awareness of cybersecurity is increasing. It is crucial to educate end-users on what IoT devices are available, how they are configured, how to enable it effectively, and critically, how to use it correctly and safely. Physical security network A valuable product that tackles cybersecurity is, of course, Razberi Monitor™, which is new to ComNet’s portfolio. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem It monitors and manages all the system components for cybersecurity and system health, providing secure visibility into the availability, performance, and cyber posture of servers, storage, cameras, and networked security devices. Proactive maintenance By intelligently utilizing system properties and sensor data, Razberi’s award-winning cybersecurity software prevents problems while providing a centralized location for asset and alert management. Monitor™ enables proactive maintenance by offering problem resolutions before they become more significant problems. Identifying issues before they fail and become an outage is key to system availability and, moreover, is a considerable cost saving.

Hikvision Ensures Building-Wide Security And Optimising Parking Flow For Luxury Four-Star Hotel In Kigali
Hikvision Ensures Building-Wide Security And Optimising Parking Flow For Luxury Four-Star Hotel In Kigali

Security monitoring, intrusion detection, parking management, one installation of Hikvision technology can do all this, and more. Discover how the 2000 Hotel in Kigali is using Hikvision technology to make operations more secure and efficient on every floor of its luxury four-star accommodation. The 2000 Hotel in Kigali, Rwanda, is known as the ‘highest hotel in Kigali’, offering captivating views over the city and the mountains. Guests enjoy the hotel’s four-star luxury facilities for work and leisure, taking advantage of its central location in the heart of Rwanda’s bustling capital city. Security of hotel guests has always been paramount, and so soon after the hotel was built, the management team installed security cameras throughout. However, over time it turned out that the imagery captured simply wasn’t clear enough to be useful in many situations. Underground parking lot Unfortunately, we started to notice that goods were going missing in the supermarket, as well as in the warehouse" What’s more, there were further security issues following the opening of a new supermarket on the hotel’s second floor. “Unfortunately, we started to notice that goods were going missing in the supermarket, as well as in the warehouse,” explains Miao Zhang, the Managing Director, 2000 Hotel. “Sometimes we noticed cash was missing from the registers, too.” In addition to this, the hotel was seeking a more efficient way to manage its underground parking lot. “The hotel was using a guard to let people in and out of the parking lot, and to calculate payments. But with more than 500 spaces to look after, this took time, often causing traffic jams as visitors waited to leave. Plus, the parking fees were sometimes incorrect,” explains Jaden. “Consequently, the team decided to explore how technology might be able to help.” Intrusion alarm system The 2000 Hotel chose a complete Hikvision solution, featuring 70 security cameras, a 60-channel intrusion alarm system for the supermarket, and an entrance/exit and payment system for the parking lot. In the corridors of the hotel and in the supermarket, the team installed Hikvision Dome Network Cameras (DS-2CD2145FWD-I). These discreet cameras offer high-quality images, even in low light conditions. In the hotel lobby, the stairwells and in the supermarket, the team installed Hikvision Bullet Network Cameras (DS-2CD2T45FWD-I5), with extended zoom and infrared capabilities that are ideal for these larger spaces. At the supermarket checkouts, the team installed Hikvision Varifocal Bullet Network Cameras (DS-2CD2645FWD-IZS), which feature a motorised varifocal lens for close monitoring of this busy location. Varifocal IR bullet cameras Meanwhile, Hikvision Varifocal IR DarkFighter Bullet Cameras (DS-2CD5A26G0-IZS) were installed at the main entrance of the hotel and the supermarket. These feature a wide dynamic range, ensuring clear images even when the cameras are facing strong light. To protect the supermarket outside of opening hours, the 2000 Hotel installed a complete Hikvision intrusion alarm system. The alarm system contains a PIR sensor (DS-PD2-D15AME), which is installed near the window of the supermarket. If someone intrudes in from the window at night, the system will be triggered and an alarm will be issued. Not only that, there is also a panic alarm station (DS-PEA1-21) in the control room of the supermarket. If an emergency occurs, people can use the tool to realise alarm aid at the first time. ANPR video unit The 2000 Hotel is managing the whole solution through Hikvision IVMS-5200E software Finally, at the entrance and exit of the underground parking lot, the hotel installed the Hikvision ANPR Video Unit (DS-TCG227-A), along with barriers, a card station and an integrated payment system, also from Hikvision. The 2000 Hotel is managing the whole solution through Hikvision IVMS-5200E software. Thanks to the high quality Hikvision technology, live review is very clear, making it ideal to support the investigation of any security incidents. However, since cameras were installed, there have been fewer incidents to deal with. What’s more, the supermarket team are better equipped to respond in the event of an out-of-hours breach. “If an intruder triggers the alarm, the duty manager gets an instant alert on their phone with quick access to relevant footage. This gives them real peace of mind,” says Jaden Huang, the Project Manager from Hikvision. “Indeed, it’s possible to view the status of the whole hotel system from a laptop or phone.” Parking management solution Down in the basement parking lot, the Hikvision parking management solution is working effectively. “Parking has become faster and more automated. For example, barriers will open and close automatically when customers take or insert a card, and parking charges are automatically calculated. And there are no more jams on exit,” confirms Jaden. The 2000 Hotel team are working on a new building in Kigali, with construction almost completed. The plan is to use Hikvision technology here, too. Miao says “Hikvision has provided the 2000 Hotel in Rwanda with world-class video technology that solved a host of our security and operational challenges. They also offer excellent support in one centralised location. We fully appreciate their professional service, and look forward to continuing our working relationship.”