Keeping web servers safe and profitable with Imunify360
Download as PPTX, PDF2 likes1,823 views
The document discusses the results of a webinar on security challenges in the hosting industry, highlighting the rise of distributed attacks and the inadequacy of current security tools. It introduces Imunify360, a security solution that incorporates machine learning, sandboxing, and other advanced features to provide comprehensive protection against various attack vectors. The document concludes with a comparison of Imunify360 and Imunify Sensor, detailing their pricing and features.
![Possible attack against yoursite.com detected
We have detected possible attack against yoursite.com
Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP]
[+more info on the attack]
Was it you?
‘Bad Action’ Notifications
YES, ALLOW THIS ACTION NO, BLOCK THE ACTION](https://image.slidesharecdn.com/imunify360webinar-170111233406/85/Keeping-web-servers-safe-and-profitable-with-Imunify360-19-320.jpg)
Keeping web servers safe and profitable with Imunify360
- 1. Imunify360 Webinar Jan 11, 2016
- 2. Hosting Industry Survey revealed... 13% 19% 25% 28% 37% 45% 48% 49% 53% 61% 67% DNS Poisoning Information disclosure Privilege escalation XSS attacks and similar Comment SPAM Website Defacement Code/SQL Injections Brute force attacks Remote exploit Malware infection DoS/DDoS Over 60% reported customers worry about security. Top reported issues:
- 3. The state of security in hosting Distributed attacks are on the rise ○ Not only DDoS ○ Distributed brute force attacks ○ Distributed port scans ○ Distributed OS & Application fingerprinting ○ Distributed vulnerability scans
- 4. Existing tools are not capable to handle ○ Single server ○ Dumb • No history • No behavior analytics • No heuristics The state of security in hosting
- 5. Too many sources of incidents Too many decisions to make No way to correlate Too many decisions to make
- 6. Centralized dashboard Herd protection Sandboxing Heuristics Machine learning All that without re-inventing the wheel Imunify360
- 7. Firewall ‒ Herd immunity ○ Machine learning ○ 17K+ IPs blocked automatically ○ Large # of honeypots ○ Better immunity with each additional server Protection Vectors ‒ Firewall
- 8. Reduce false positive ○ Use captcha to automatically unblock ○ Train AI to reduce false positives... Firewall ‒ Protection Layers
- 9. OSSEC for IDS o ML to decrease false positives IDS
- 10. Very popular More features than Imunify360 Huge expertise We will integrate it into Imunify360 Best of both words: Same herd immunity Same captcha / training Same CSF flexibility Firewall ‒ CSF
- 11. Mod_security ○ OWASP ○ Comodo ○ Atomic Herd immunity → Feeds into correlation engine → firewall ○ Machine learning ○ Most attacks will not reach WAF, will be blocked at firewall WAF ‒ Protection Layers
- 12. Maldet protection scanning ○ Automated scans ○ On upload scans • PHP o Attack IP detection (ext attributes) • FTP • SSH ○ Backup integration / automated recovery of infected files Malware scanning ‒ Protection Vectors
- 13. Patch management ○ KernelCare • Kernel • OpenSSL (soon) • GLIBC (soon) ○ HardenedPHP ○ Security configuration / RPM version scans Patch Management ‒ Protection Layers
- 14. Covered by WAF Covered by Softaculous Covered by Patchman Main issues: o plugins, not web apps o 0-day vulnerabilities Outdated web apps? Reliance on knowing more than attacker
- 15. Limit what webapps can do: Today webapps can do whatever unprivileged linux user can do ○ Does wordpress need to be able same things as strange, gcc or name server? ○ Filter/limit syscalls available ○ Filter/limit filesystem operations/access Protection layer ‒ Sandboxing Different approach No 0-day privilege escalations No turning a web app into a ‘bot’ part of the botnet.
- 16. AV vendors know that signatures don’t work Sandboxing & heuristics used on desktop for 10+ years Not used on web servers Huge improvement in server security Sandboxing ‒ because signatures don’t work
- 17. Train ML on ‘good behaviors’ Automatically detect bad behaviors Lock down after training Sandboxing Stage II: heuristics + AI Prevent majority of injection & defacement attacks
- 18. Train on each site individually Re-train on upgrades ○ User managed lock/unlock Use client’s IP ‘reputation’ for good vs bad Use ‘banking style’ notifications (e-mail, sms, phone) for site owner Sandboxing Stage II: AI
- 19. Possible attack against yoursite.com detected We have detected possible attack against yoursite.com Attack originated on Jan 5, 2017 at 3:23pm from IP 2.10.100.202 (Orlando, FL, USA) [check your IP] [+more info on the attack] Was it you? ‘Bad Action’ Notifications YES, ALLOW THIS ACTION NO, BLOCK THE ACTION
- 20. Is your IP on any of the blacklists ○ SPAM ○ Botnet Is any of hosted domains on the blacklists: ○ Malware ○ Phishing ○ SPAM Reputation management
- 21. Why is that important?
- 22. Configurable
- 23. Use all related info to detect attacks Use machine learning to correlate information Use multiple layers to detect, and defend against the attacker Minimize human involvement ○ Minimize decision making 360° defense
- 24. Imunify360 Imunify Sensor Maximum security with sophisticated attack detection Basic security with lightweight attack detection Centralized Incident Management dashboard Firewall Advanced Firewall with herd immunity Standard Firewall Smart Intrusion Detection System IDS/IPS Patch management Intelligent Web application sandboxing KernelCare HardenedPHP Complete feature comparison at imunify360.com Imunify360 vs Imunify Sensor
- 25. Dedicated / VPS Shared cPanel DirectAdmin Plesk Good For Web Servers Goal: zero configuration, good for novice, better than expert...
- 26. Pricing Imunify360 Retail: $35/month Service Provider: $9/month Imunify Sensor Retail: $9/month Service Provider: $2/month
- 28. Resources: Imunify360.com Imunify360 vs Imunify Sensor:http://www.imunify360.com/web-server- security-comparison Survey: https://www.cloudlinux.com/images/content/resources/Hosting- Industry-Survey-Results-2016.pdf Questions?