SlideShare a Scribd company logo

Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat

Vladyslav Radetsky
Vladyslav Radetsky

On those slides I will show you 7 simple steps to test different McAfee ENS protection mechanism. And as a bonus I will show you how to use MVISION Insights to react on SunBurst threat. List of tests: - OAS AMCore detection - OAS GTI detection - Access Protection - Exploit Prevention - Real Protect (ATP-RP) - Dynamic Application Containment (ATP-DAC) - Credential Theft Protection (ATP-RP-CTP) All tests made for built-in rules and conducted without using real malware, so it is safe to repeat those steps in your environment. #McAfee #MVISION #Insights #SunBurst #SolarWinds #supplychain

Technology
1 of 55
Download to read offline
McAfee Endpoint Security testing MVISION Insights – SunBurst IOC 05 / 01 / 21 – updated & extended Vladyslav Radetskyi vr@optidata.com.ua
I work at OptiData LLC (Ukraine). I do dynamic malware analysis. I also write analytics and choose news for our Facebook page. Conduct IS training for users and technical stuff. My job is all about presenting, implementing and supporting various security solutions (including McAfee). vr@optidata.com.ua radetskiy.wordpress.com pastebin.com/u/VRad VR #whoami
1. MVISION Insights (brief) 2. ENS modules (short theory) 3. Testing ENS without risk for hosts (simple steps) 4. Dealing with SunBurst IOC`s (FireEye, SolarWinds intrusions) 5. Links (URL) for valuable technical moments #agenda
Attention! VirusScan Enterprise EOL – 31 / 12 / 2021 KB93335 * You have one year for migration
• McAfee Cloud check telemetry from your hosts with ENS • Insights provide you triage for all IOC`s from your hosts • You get clean picture of what was detected on your systems (our video) MVISION Insights – get additional analytics for ENS detection * 662 for August, today is over ~780
✓ ENS Platform - GUI ✓ ENS Threat Prevention - OAS, ODS, AP, ExploitPrev ✓ ENS Firewall - FW ✓ ENS Web Control - Client Web Filtering (IE, Chr, FF, Edge) ✓ ENS ATP - Adaptive (GTI, TIE, ATD, DAC, RP … ) McAfee ENS – the tools of the trade
✓ ENS Platform - GUI ✓ ENS Threat Prevention - OAS, ODS, AP, ExploitPrev ✓ ENS Firewall - FW ✓ ENS Web Control - Client Web Filtering (IE, Chr, FF, Edge) ✓ ENS ATP - Adaptive (GTI, TIE, ATD, DAC, RP … ) McAfee ENS – the tools of the trade
• Adaptive Threat Protection: ✓ Dynamic Application Containment [DAC] ✓ Real Protect (cloud / offline) ✓ Submit unknown executables to McAfee ATD (sandbox) ✓ Rollback changes made by Ransomware (our video - Enhanced Remediation) ✓ Credential Theft Protection (LSASS.EXE) * ATP did not replace Threat Prevention (AP an EP), only expands ! McAfee ENS ATP functions
1. ENS has to be updated at least once (AMCore 0.5 – bad idea) 2. You need update not only AMCore but Exploit Prevention too 3. Efficiency of ATP is depends on reputation source availability (TIE / GTI) ! https://kc.mcafee.com/corporate/index?page=content&id=KB93324 Attention!
https://kc.mcafee.com/corporate/index?page=content&id=KB93324 Your ENS needs to be connected to McAfee cloud
1. OAS DAT detection – test file (EICAR) or docgen 1, 2, 3 2. OAS GTI detection – test file 3. Access Protection (AP) detection – test method 4. Exploit Prevention (EP) detection – test method 5. Real Protect (ATP RP) detection – test file 6. Dynamic Application Containment (ATP DAC) detection – test 7. ATP RP Credential Theft Protection (RP Beta) – test McAfee ENS – list of tests:
#1 McAfee ENS – OAS DAT detection (EICAR)
#2 McAfee ENS – OAS GTI detection
#3 McAfee ENS – Access Protection (AP) detection
#3 McAfee ENS – Access Protection (AP) detection
#4 McAfee ENS – Exploit Prevention (EP) detection
#4 McAfee ENS – Exploit Prevention (EP) detection
#5 McAfee ENS – Real Protect (ATP RP) detection
#5 McAfee ENS – Real Protect (ATP RP) detection
#5 McAfee ENS – Real Protect (ATP RP) detection
#6 McAfee ENS – Dynamic Application Containment detection
#6 McAfee ENS – Dynamic Application Containment detection
#6 McAfee ENS – Dynamic Application Containment detection
#6 McAfee ENS – Dynamic Application Containment detection
#6 McAfee ENS – Dynamic Application Containment detection
#7 McAfee ENS – Credential Theft Protection (Real Protect Beta) https://kc.mcafee.com/corporate/index?page=content&id=KB93231
#7 McAfee ENS – Credential Theft Protection (Real Protect Beta) https://kc.mcafee.com/corporate/index?page=content&id=KB93231
#7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
#7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
#7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
SolarWinds > FireEye intrusion (news spreading timeline)
SolarWinds > FireEye intrusion (news spreading timeline)
SolarWinds > FireEye intrusion (news spreading timeline)
SolarWinds > FireEye intrusion (news spreading timeline)
SolarWinds > FireEye intrusion (news spreading timeline)
SolarWinds > FireEye intrusion (brief) • There is still ongoing investigation in progress … • It was supply chain through SolarWinds Orion Platform • Victims are: U.S. Department of the Treasury, Department of State, Department of Homeland Security, Department of Energy and even National Nuclear Security Administration… • Low profile, long term intrusion in about 18K different orgs.. • To be protected you`d have to deal with tons of IOC as quick as possible
MVISION Insights – SunBurst IOC`s
1. https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html 2. https://www.mcafee.com/enterprise/en-us/release-notes/exploit-prevention.html 3. https://www.eicar.org/?page_id=3950 4. https://kc.mcafee.com/corporate/index?page=content&id=KB53733 5. https://kc.mcafee.com/corporate/index?page=content&id=KB88828 McAfee ENS – updates & testing tools
1. https://kc.mcafee.com/corporate/index?page=content&id=kb51109 2. https://kc.mcafee.com/corporate/index?page=content&id=KB85784 3. https://kc.mcafee.com/corporate/index?page=content&id=KB82450 4. https://kc.mcafee.com/corporate/index?page=content&id=KB91836 5. https://kc.mcafee.com/corporate/index?page=content&id=KB88205 6. https://kc.mcafee.com/corporate/index?page=content&id=KB54812 7. https://kc.mcafee.com/corporate/index?page=content&id=KB87843 McAfee ENS – compatibility & best practice
Thank you for your time radetskiy.wordpress.com pastebin.com/u/VRad

Recommended

Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Vladyslav Radetsky
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015Adam Baldwin
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Security On Rails
Security On RailsSecurity On Rails
Security On RailsJonathan Weiss
 
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoBypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoRajivarnan R
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 

Recommended

Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Vladyslav Radetsky
 
Nodevember 2015
Nodevember 2015Nodevember 2015
Nodevember 2015Adam Baldwin
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Security On Rails
Security On RailsSecurity On Rails
Security On RailsJonathan Weiss
 
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoBypassing cisco’s sourcefire amp endpoint solution – full demo
Bypassing cisco’s sourcefire amp endpoint solution – full demoRajivarnan R
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
Storage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of CephStorage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of CephYathiraj Udupi, Ph.D.
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Trendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationTrendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationHiromu Yakura
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
ubantu mod security
ubantu mod securityubantu mod security
ubantu mod securityKunal gupta
 
IoT security
IoT securityIoT security
IoT securityAbhishek Dwivedi
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
CiscoCertificate
CiscoCertificateCiscoCertificate
CiscoCertificatekevin Chendjou
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
Web Application Penetration
Web Application PenetrationWeb Application Penetration
Web Application PenetrationReza Rashidi
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
Novosco ransomware webinar presentation
Novosco ransomware webinar presentationNovosco ransomware webinar presentation
Novosco ransomware webinar presentationNovosco
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Dmitry Savchenko
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado
 

More Related Content

What's hot

Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
Storage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of CephStorage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of CephYathiraj Udupi, Ph.D.
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Trendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationTrendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationHiromu Yakura
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
ubantu mod security
ubantu mod securityubantu mod security
ubantu mod securityKunal gupta
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
Web Application Penetration
Web Application PenetrationWeb Application Penetration
Web Application PenetrationReza Rashidi
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
Novosco ransomware webinar presentation
Novosco ransomware webinar presentationNovosco ransomware webinar presentation
Novosco ransomware webinar presentationNovosco
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Dmitry Savchenko
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 

What's hot (20)

Wordpress security
Wordpress securityWordpress security
Wordpress security
 
Storage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of CephStorage visibility and Optimization. A Story of Ceph
Storage visibility and Optimization. A Story of Ceph
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
 
Trendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationTrendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final Presentation
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universe
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Security
 
ubantu mod security
ubantu mod securityubantu mod security
ubantu mod security
 
IoT security
IoT securityIoT security
IoT security
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
CiscoCertificate
CiscoCertificateCiscoCertificate
CiscoCertificate
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 
Web Application Penetration
Web Application PenetrationWeb Application Penetration
Web Application Penetration
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Novosco ransomware webinar presentation
Novosco ransomware webinar presentationNovosco ransomware webinar presentation
Novosco ransomware webinar presentation
 
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
Сергей Гащенко "Рецепты сетевой безопасности от Cisco для дома и офиса, ISA 5...
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 

Similar to Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat

Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
 
An experiment in agile threat modelling
An experiment in agile threat modellingAn experiment in agile threat modelling
An experiment in agile threat modellingDevSecCon
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Cansec West 2009
Cansec West 2009Cansec West 2009
Cansec West 2009abhicc285
 
CyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueCyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueAlexander Leonov
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdfGabriel Mathenge
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...Power edge carbonblack-security-0322Secure your workloads running on VMs and ...
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...Principled Technologies
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecuritySplunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecurityShannon Cuthbertson
 

Similar to Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat (20)

Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Mod Security
Mod SecurityMod Security
Mod Security
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat Modelling
 
An experiment in agile threat modelling
An experiment in agile threat modellingAn experiment in agile threat modelling
An experiment in agile threat modelling
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Cansec West 2009
Cansec West 2009Cansec West 2009
Cansec West 2009
 
CyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in PragueCyberCentral Summit 2018 in Prague
CyberCentral Summit 2018 in Prague
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...Power edge carbonblack-security-0322Secure your workloads running on VMs and ...
Power edge carbonblack-security-0322Secure your workloads running on VMs and ...
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 

More from Vladyslav Radetsky

Сам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиСам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиVladyslav Radetsky
 
2й фактор для телефону
2й фактор для телефону2й фактор для телефону
2й фактор для телефонуVladyslav Radetsky
 
Безпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівБезпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівVladyslav Radetsky
 
Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Vladyslav Radetsky
 
Кіберзахист в умовах війни
Кіберзахист в умовах війниКіберзахист в умовах війни
Кіберзахист в умовах війниVladyslav Radetsky
 
"Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів""Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів"Vladyslav Radetsky
 
Практичні рецепти захисту
Практичні рецепти захистуПрактичні рецепти захисту
Практичні рецепти захистуVladyslav Radetsky
 
McAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБMcAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБVladyslav Radetsky
 
Як не стати жертвою ?
Як не стати жертвою ?Як не стати жертвою ?
Як не стати жертвою ?Vladyslav Radetsky
 
Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Vladyslav Radetsky
 
McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?Vladyslav Radetsky
 
Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Vladyslav Radetsky
 
Типові помилки при впровадженні DLP
Типові помилки при впровадженні DLPТипові помилки при впровадженні DLP
Типові помилки при впровадженні DLPVladyslav Radetsky
 
Невивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнНевивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнVladyslav Radetsky
 
NSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуNSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуVladyslav Radetsky
 
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLРобота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLVladyslav Radetsky
 
Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Vladyslav Radetsky
 
Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Vladyslav Radetsky
 
Правила поведінки при роботі з ІТ 2017
Правила поведінки при роботі з ІТ 2017Правила поведінки при роботі з ІТ 2017
Правила поведінки при роботі з ІТ 2017Vladyslav Radetsky
 
Palo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплахPalo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплахVladyslav Radetsky
 

More from Vladyslav Radetsky (20)

Сам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиСам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файли
 
2й фактор для телефону
2й фактор для телефону2й фактор для телефону
2й фактор для телефону
 
Безпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівБезпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерів
 
Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]
 
Кіберзахист в умовах війни
Кіберзахист в умовах війниКіберзахист в умовах війни
Кіберзахист в умовах війни
 
"Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів""Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів"
 
Практичні рецепти захисту
Практичні рецепти захистуПрактичні рецепти захисту
Практичні рецепти захисту
 
McAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБMcAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБ
 
Як не стати жертвою ?
Як не стати жертвою ?Як не стати жертвою ?
Як не стати жертвою ?
 
Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020
 
McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?
 
Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2
 
Типові помилки при впровадженні DLP
Типові помилки при впровадженні DLPТипові помилки при впровадженні DLP
Типові помилки при впровадженні DLP
 
Невивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнНевивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війн
 
NSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуNSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафіку
 
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLРобота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
 
Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware.
 
Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.
 
Правила поведінки при роботі з ІТ 2017
Правила поведінки при роботі з ІТ 2017Правила поведінки при роботі з ІТ 2017
Правила поведінки при роботі з ІТ 2017
 
Palo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплахPalo Alto Traps - тестирование на реальных семплах
Palo Alto Traps - тестирование на реальных семплах
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat

  • 1. McAfee Endpoint Security testing MVISION Insights – SunBurst IOC 05 / 01 / 21 – updated & extended Vladyslav Radetskyi vr@optidata.com.ua
  • 2. I work at OptiData LLC (Ukraine). I do dynamic malware analysis. I also write analytics and choose news for our Facebook page. Conduct IS training for users and technical stuff. My job is all about presenting, implementing and supporting various security solutions (including McAfee). vr@optidata.com.ua radetskiy.wordpress.com pastebin.com/u/VRad VR #whoami
  • 3. 1. MVISION Insights (brief) 2. ENS modules (short theory) 3. Testing ENS without risk for hosts (simple steps) 4. Dealing with SunBurst IOC`s (FireEye, SolarWinds intrusions) 5. Links (URL) for valuable technical moments #agenda
  • 4. Attention! VirusScan Enterprise EOL – 31 / 12 / 2021 KB93335 * You have one year for migration
  • 5. • McAfee Cloud check telemetry from your hosts with ENS • Insights provide you triage for all IOC`s from your hosts • You get clean picture of what was detected on your systems (our video) MVISION Insights – get additional analytics for ENS detection * 662 for August, today is over ~780
  • 6. ✓ ENS Platform - GUI ✓ ENS Threat Prevention - OAS, ODS, AP, ExploitPrev ✓ ENS Firewall - FW ✓ ENS Web Control - Client Web Filtering (IE, Chr, FF, Edge) ✓ ENS ATP - Adaptive (GTI, TIE, ATD, DAC, RP … ) McAfee ENS – the tools of the trade
  • 7. ✓ ENS Platform - GUI ✓ ENS Threat Prevention - OAS, ODS, AP, ExploitPrev ✓ ENS Firewall - FW ✓ ENS Web Control - Client Web Filtering (IE, Chr, FF, Edge) ✓ ENS ATP - Adaptive (GTI, TIE, ATD, DAC, RP … ) McAfee ENS – the tools of the trade
  • 8. • Adaptive Threat Protection: ✓ Dynamic Application Containment [DAC] ✓ Real Protect (cloud / offline) ✓ Submit unknown executables to McAfee ATD (sandbox) ✓ Rollback changes made by Ransomware (our video - Enhanced Remediation) ✓ Credential Theft Protection (LSASS.EXE) * ATP did not replace Threat Prevention (AP an EP), only expands ! McAfee ENS ATP functions
  • 9. 1. ENS has to be updated at least once (AMCore 0.5 – bad idea) 2. You need update not only AMCore but Exploit Prevention too 3. Efficiency of ATP is depends on reputation source availability (TIE / GTI) ! https://kc.mcafee.com/corporate/index?page=content&id=KB93324 Attention!
  • 10.
  • 11.
  • 13. 1. OAS DAT detection – test file (EICAR) or docgen 1, 2, 3 2. OAS GTI detection – test file 3. Access Protection (AP) detection – test method 4. Exploit Prevention (EP) detection – test method 5. Real Protect (ATP RP) detection – test file 6. Dynamic Application Containment (ATP DAC) detection – test 7. ATP RP Credential Theft Protection (RP Beta) – test McAfee ENS – list of tests:
  • 14. #1 McAfee ENS – OAS DAT detection (EICAR)
  • 15. #2 McAfee ENS – OAS GTI detection
  • 16. #3 McAfee ENS – Access Protection (AP) detection
  • 17. #3 McAfee ENS – Access Protection (AP) detection
  • 18. #4 McAfee ENS – Exploit Prevention (EP) detection
  • 19. #4 McAfee ENS – Exploit Prevention (EP) detection
  • 20. #5 McAfee ENS – Real Protect (ATP RP) detection
  • 21. #5 McAfee ENS – Real Protect (ATP RP) detection
  • 22. #5 McAfee ENS – Real Protect (ATP RP) detection
  • 23. #6 McAfee ENS – Dynamic Application Containment detection
  • 24. #6 McAfee ENS – Dynamic Application Containment detection
  • 25. #6 McAfee ENS – Dynamic Application Containment detection
  • 26. #6 McAfee ENS – Dynamic Application Containment detection
  • 27. #6 McAfee ENS – Dynamic Application Containment detection
  • 28. #7 McAfee ENS – Credential Theft Protection (Real Protect Beta) https://kc.mcafee.com/corporate/index?page=content&id=KB93231
  • 29. #7 McAfee ENS – Credential Theft Protection (Real Protect Beta) https://kc.mcafee.com/corporate/index?page=content&id=KB93231
  • 30. #7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
  • 31. #7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
  • 32. #7 McAfee ENS – Credential Theft Protection (Real Protect Beta)
  • 33. SolarWinds > FireEye intrusion (news spreading timeline)
  • 34. SolarWinds > FireEye intrusion (news spreading timeline)
  • 35. SolarWinds > FireEye intrusion (news spreading timeline)
  • 36. SolarWinds > FireEye intrusion (news spreading timeline)
  • 37. SolarWinds > FireEye intrusion (news spreading timeline)
  • 38. SolarWinds > FireEye intrusion (brief) • There is still ongoing investigation in progress … • It was supply chain through SolarWinds Orion Platform • Victims are: U.S. Department of the Treasury, Department of State, Department of Homeland Security, Department of Energy and even National Nuclear Security Administration… • Low profile, long term intrusion in about 18K different orgs.. • To be protected you`d have to deal with tons of IOC as quick as possible
  • 39. MVISION Insights – SunBurst IOC`s
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53. 1. https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html 2. https://www.mcafee.com/enterprise/en-us/release-notes/exploit-prevention.html 3. https://www.eicar.org/?page_id=3950 4. https://kc.mcafee.com/corporate/index?page=content&id=KB53733 5. https://kc.mcafee.com/corporate/index?page=content&id=KB88828 McAfee ENS – updates & testing tools
  • 54. 1. https://kc.mcafee.com/corporate/index?page=content&id=kb51109 2. https://kc.mcafee.com/corporate/index?page=content&id=KB85784 3. https://kc.mcafee.com/corporate/index?page=content&id=KB82450 4. https://kc.mcafee.com/corporate/index?page=content&id=KB91836 5. https://kc.mcafee.com/corporate/index?page=content&id=KB88205 6. https://kc.mcafee.com/corporate/index?page=content&id=KB54812 7. https://kc.mcafee.com/corporate/index?page=content&id=KB87843 McAfee ENS – compatibility & best practice
  • 55. Thank you for your time radetskiy.wordpress.com pastebin.com/u/VRad